Skip to main content

Advertisement

SpringerLink
Log in

The Schrems judgments: a silent revolution for Member States’ procedural autonomy?

  • Article
  • Published:
ERA Forum Aims and scope

Abstract

The Schrems I and Schrems II judgments (C-362/14 Maximillian Schrems v Data Protection Commissioner EU:C:2015:650 and C-311/18 Data Protection Commissioner v Facebook Ireland Limited and Maximillian Schrems EU:C:2020:559) are well known for the sweeping implications that the law student’s crusade against the data giant Facebook had on international data transfers and for the ensuing headache that they gave to companies, as well as to legislators and public authorities on both sides of the Atlantic.

What has remained slightly unexplored, on the other hand, are the constitutional side effects of the combined operation of the two judgments on the relationship between the right to an effective remedy and Member States’ procedural autonomy.

In its first part, therefore, this article will review the unusual procedural path that, on the basis of the first Schrems ruling, brought the second Schrems case from the Irish Data Protection Commissioner to the Court. The second part will examine the consequences of the two judgments on effective judicial protection, in particular on the extent to which those appear to create an obligation for the Member States to provide new remedies where the rights of individuals are infringed by secondary EU law.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

Notes

  1. The High Court – Commercial – Case No. 2016/4809P The Data Protection Commissioner and Facebook Ireland Ltd and Maximilian Schrems, transcript for the hearing on day 1, Tuesday 7th February 2017, available at https://www.dataprotection.ie/sites/default/files/uploads/2018-12/DAY%2001%20020717%20dpc%20v%20facebook.PDF (last visited 14/03/2021).

  2. A lot of ink has been spilled on both Schrems judgments. For the most recent contributions see, among others, Flett, Wilson, Clover (Comput. Telecommun. Law Rev., 161–163, [1]); Tracol (Comput. Law Secur. Rev., 39: 105484, [7]); Woods (Commun. Law, 239–247, [8]) and for the US perspective(s), National Security Law – Surveillance – Court of Justice of the European Union Invalidates the EU-US Privacy Shield (Harvard Law Rev., 1567, [3]) and Rotenberg (Eur. Law J., 141–152, [5]). The Schrems II judgment has also prompted reactions from a variety of public authorities, including the European Data Protection Supervisor (EDPS), which on 29 October 2020 issued its ”Strategy for Union institutions, offices, bodies and agencies to comply with the ‘Schrems II’ Ruling”, available at https://edps.europa.eu/press-publications/press-news/press-releases/2020/strategy-eu-institutions-comply-schrems-ii-ruling_en (last visited 28 March 2021) and on 11 November 2010, during its 41st plenary session, adopted recommendations on measures that supplement transfer tools to ensure compliance with the EU level of protection of personal data and recommendations on the European Essential Guarantees for surveillance measures. These are available at https://edpb.europa.eu/news/news/2020/european-data-protection-board-41st-plenary-session-edpb-adopts-recommendations_en (last visited 28 March 2021). At the time of writing, the European Commission is in the process of revising the Standard Contract Clauses, a first draft of which was published on 12 November 2020. In addition, the Facebook saga also includes C-498/16 – Maximilian Schrems v Facebook Ireland Limited, a preliminary ruling delivered following a reference made by an Austrian Court regarding the interpretation of Art.s 15 and 16(1) of Council Regulation (EC) No 44/2001 of 22 December 2000 on jurisdiction and the recognition and enforcement of judgments in civil and commercial matters.

  3. Commission Decision 2000/520/EC of 26 July 2000 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequacy of the protection provided by the safe harbour privacy principles and related frequently asked questions issued by the US Department of Commerce [OJ 2000 L 215, p. 7].

  4. Commission Implementing Decision (EU) 2016/1250 of 12 July 2016 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequacy of the protection provided by the EU-US Privacy Shield [OJ L 207 2016, p. 1]

  5. The Data Protection Commissioner v. Facebook Ireland Ltd & anor. [2017] IEHC 545, paras 1 and 399.

  6. Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data [OJ 1995 L 281, p. 31]

  7. Art. 28 Supervisory authority

    […]

    3. Each authority shall in particular be endowed with:

    - investigative powers, such as powers of access to data forming the subject-matter of processing operations and powers to collect all the information necessary for the performance of its supervisory duties,

    - effective powers of intervention, such as, for example, that of delivering opinions before processing operations are carried out, in accordance with Art. 20, and ensuring appropriate publication of such opinions, of ordering the blocking, erasure or destruction of data, of imposing a temporary or definitive ban on processing, of warning or admonishing the controller, or that of referring the matter to national parliaments or other political institutions,

    - the power to engage in legal proceedings where the national provisions adopted pursuant to this Directive have been violated or to bring these violations to the attention of the judicial authorities.

    Decisions by the supervisory authority which give rise to complaints may be appealed against through the courts.

    4. Each supervisory authority shall hear claims lodged by any person, or by an association representing that person, concerning the protection of his rights and freedoms in regard to the processing of personal data. The person concerned shall be informed of the outcome of the claim.

    Each supervisory authority shall, in particular, hear claims for checks on the lawfulness of data processing lodged by any person when the national provisions adopted pursuant to Art. 13 of this Directive apply. The person shall at any rate be informed that a check has taken place.

  8. Directive (EU) 2019/770 of the European Parliament and of the Council of 20 May 2019 on certain aspects concerning contracts for the supply of digital content and digital services [OJ L 136 2019, p. 1]. Art. 21 (Enforcement) reads:

    “1. Member States shall ensure that adequate and effective means exist to ensure compliance with this Directive.

    2. The means referred to in para. 1 shall include provisions whereby one or more of the following bodies [public bodies or their representatives, consumer organisations, etc.], as determined by national law, may take action under national law before the courts or before the competent administrative bodies to ensure that the national provisions transposing this Directive are applied.”

  9. Directive 2011/83/EU of the European Parliament and of the Council of 25 October 2011 on consumer rights, amending Council Directive 93/13/EEC and Directive 1999/44/EC of the European Parliament and of the Council and repealing Council Directive 85/577/EEC and Directive 97/7/EC of the European Parliament and of the Council [OJ L 304 2011, p. 64]. Art. 23 (enforcement) reads:

    “1. Member States shall ensure that adequate and effective means exist to ensure compliance with this Directive.

    2. The means referred to in para. 1 shall include provisions whereby one or more of the following bodies [public bodies or their representatives, consumer organisations, etc.], as determined by national law, may take action under national law before the courts or before the competent administrative bodies to ensure that the national provisions transposing this Directive are applied.

  10. Study on the application of the Consumer Rights Directive 2011/83/EU Final Report, 2017, available at https://ec.europa.eu/newsroom/just/item-detail.cfm?item_id=59332 (last visited 28 March 2021). See in particular pp. 33-42 and pp. 93-94.

  11. In the absence of any provision to that effect: indeed no similar procedural tool appears to exist under Irish law, at least from the analysis of the Data Protection Act 1988 carried out at pp.19-26 of the High Court judgment.

  12. The Data Protection Commissioner v. Facebook Ireland Ltd & anor. [2017] IEHC 545, para. 63.

  13. Para. 71

  14. Safjan [6], p. 1.

  15. Piątek [4], p. 168.

  16. Case 222/84, Marguerite Johnston v. Chief Constable of the Royal Ulster Constabulary, 1986 EU:C:1986:206.

  17. Case 222/86, Union nationale des entraîneurs et cadres techniques professionnels du football (Unectef) v. Georges Heylens, EU:C:1987:442.

  18. Case C-97/91, Oleificio Borelli SpA v. Commission, 1992 C:1992:491.

  19. C-73/16, Puškár v. Finančné Slovenskej republiky and Kriminálny úrad finančnej správy C:2017:725.

  20. C-462/19 Asociación Nacional de Empresas Estibadoras y Consignatarios de Buques (Anesco) and Others EU:C:2020:715; see also C-53/03, Syfait and others EU:C:2005:333.

  21. An additional question arises as to whether Mr. Schrems would not have being able to challenge directly the Privacy Shield Decision as well as the SCCs decisions. The history of the case suggest that the claimant’s primary concern was to apply to a supervisory authority to block the transfer of his data to the US in the shortest possible time.

  22. Lenaerts, Maselis, Gutman, [2], pp. 1-7.

  23. Case C-384/16 P, European Union Copper Task Force v. Commission, EU:C:2018:176, para 35.

References

  1. Flett, E., Wilson, J., Clover, J.: Schrems strikes again: EU-US privacy shield suffers same fate as its predecessor Comput. Telecommun. Law Rev., pp. 161–163 (2020)

  2. Lenaerts, K., Maselis, I., Gutman, K.: In: Tomasz Nowak, J. (ed.) EU Procedural Law, pp. 1–7 (2015)

    Google Scholar 

  3. National Security Law – Surveillance – Court of Justice of the European Union Invalidates the EU-US Privacy Shield - Case C-311/18, Data Protection Commissioner v. Facebook Ireland Ltd., ECLI:EU:C:2020:559 (July 16, 2020), Harvard Law Rev., 1567 (2020)

  4. Piątek, W.: The right to an effective remedy in European law: significance, content and interaction. China-EU Law J. 6, 163–169 (2019). https://doi.org/10.1007/s12689-019-00086-3

    Article  Google Scholar 

  5. Rotenberg, M.: Schrems II, from Snowden to China: Toward a new alignment on transatlantic data protection. Eur. Law J., 141–152 (2020)

  6. Safjan, M.: A Union of Effective Judicial Protection. Addressing a multi-level challenge through the lens of Art. 47 CFREU. Speech held at King’s College London, February 2014. Available at https://www.kcl.ac.uk/law/research/centres/european/Speech-KINGS-COLLEGE.pdf (Last visited 28 March 2021)

  7. Tracol, X.: “Schrems II”: The return of the Privacy Shield. Comput. Law Secur. Rev. 39, 105484 (2020)

    Article  Google Scholar 

  8. Woods, L.: Schrems II. Commun. Law, 239–247 (2020)

Download references

Author information

Authors and Affiliations

  1. General Court of the European Union, 5th Chamber, Luxembourg City, Luxembourg

    Paolisa Nebbia

Authors
  1. Paolisa Nebbia
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Paolisa Nebbia.

Additional information

Publisher’s Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Many thanks to Professor Takis Tridimas for the useful discussion preceding the drafting of this article. Any error or omissions remain of the author. The view expressed here a personal and do not in any reflect those of the CJEU.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Nebbia, P. The Schrems judgments: a silent revolution for Member States’ procedural autonomy?. ERA Forum 22, 327–336 (2021). https://doi.org/10.1007/s12027-021-00668-4

Download citation

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s12027-021-00668-4

Keywords

Search

Navigation