EU-US personal data transfers and the implications of the Schrems II ruling for Australia

Date & time
4.30–6pm Tuesday 22 September 2020


Marketing and Communications
Data privacy

The effects of the seminal Court of Justice of the EU (CJEU) decision in Data Protection Commissioner v Facebook Ireland Limited, Maximillian Schrems (Case C-311/18, “Schrems II”) will be felt for some time. In this case the CJEU affirmed the validity of the standard contractual clauses (SCCs) for data transfers under Commission Decision 2010/87/EU (later amended by Commission Decision 2016/2297), but invalidated Commission Decision 2016/1250 which formed the legal basis for the EU-US Privacy Shield.

The decision builds on the Court’s 2015 ruling in Maximillian Schrems v. Data Protection Commissioner (Case C-362/14, “Schrems I”), in which the Commission adequacy decision underlying the EU-US Safe Harbour arrangement, the predecessor to the Privacy Shield, was invalidated. The case will have a major impact on the validity of international data transfers going forward with the implications of the Court’s ruling extending far beyond its impact on the use of SCCs and the Privacy Shield in particular. More specifically, the judgement clarifies that those exporting personal data are expected to examine the circumstances surrounding each transfer and to assess whether the protections provided in the third country are essentially equivalent to those provided for in the EU in the absence of an adequacy agreement.

As there is no such adequacy agreement between the EU and Australia the ruling is of significant importance. Indeed, in its Digital Platforms Inquiry – Final Report, the Australian Competition and Consumer Commission (ACCC) recommended wide scale reform of the Privacy Act and the Australian Consumer Law in response to the significant challenges to consumer privacy brought about by our use and reliance on technology in order to bring the protections in line with international standards. However, it remains unclear whether even a wholesale adoption of ACCC’s recommendations would bring the protections in line with the GDPR. These equivalence concerns are multiplied when one considers that in the Schrems II case the CJEU was particularly concerned with law enforcement access to data and hence, individual redress against national security and intelligence services. Given Australia’s membership of the Five Eyes intelligence alliance and the extensive powers afforded to law enforcement agencies, the legitimacy of exporting personal data from the EU to Australia is in doubt. The purpose of this event therefore is to explore the implications of the Schrems II ruling for Australia.


  • Dr Damian Clifford »

    Damian Clifford

    Dr Damian Clifford a postdoctoral research fellow at the ANU College of Law and an associate researcher at Information Law and Policy Centre at the Institute of Advanced Legal Studies (University of London). His research focuses predominantly on data protection, privacy and the regulation of technology. He has previously been a visiting lecturer at the Dickson Poon School of Law, Kings College London (2018-2019), a sessional lecturer and honorary fellow at the Melbourne Law School, University of Melbourne and a sessional lecturer at Swinburne University of Technology.

    Damian completed his PhD at the KU Leuven Centre for IT & IP Law (CiTiP) where he was a FWO Aspirant Fellow funded by Fonds Wetenschappelijk Onderzoek – Vlaanderen (FWO) from October 2015 to October 2019. Prior to his FWO fellowship, Damian worked on European Commission funded (FP7 and Horizon 2020) projects in the fields of inter alia Critical Infrastructure Protection, Public Sector Information re-use and Cloud Computing at CiTiP.

  • Professor Lee Bygrave »

    Lee Bygrave

    For the past three decades, Professor Lee Bygrave has been engaged in researching and developing regulatory policy for ICT. He has functioned as expert advisor on technology regulation for numerous organisations, including the European Commission, Nordic Council of Ministers, Internet Corporation for Assigned Names and Numbers, Computer Science and Technology Board of the US National Academies, UK House of Lords Committee on the Constitution, and Norwegian government.

    He currently heads two major research projects at the NRCCL: VIROS (‘Vulnerability in the Robot Society’), which canvasses legal and ethical implications of AI-empowered robotics; and SIGNAL (‘Security in Internet Governance and Networks: Analysing the Law’), which studies transnational changes in the legal frameworks for security of critical internet infrastructure and cloud computing. Both projects are funded by the Norwegian Research Council and UNINETT Norid AS.

  • Professor Megan Richardson »

    Megan Richardson

    Megan Richardson is a Professor of Law at the Melbourne Law School, The University of Melbourne. Her fields of research and publication include intellectual property, privacy and personality rights, law reform and legal theory. She was one of a group of scholars convened by the Australian Law Reform Commission to explore the meaning of 'privacy' for its 2006-8 privacy reference, and in addition served on the international advisory panel for the New South Wales Law Reform Commission's invasion of privacy review in 2006-2009. She was also a member of the advisory committee for the Australian Law Reform Commission's reference on Serious Invasions of Privacy in the Digital Era (report published 2014).

  • Dr Dominique Dalla-Pozza »

    Dominique Dalla Pozza

    Dr Dominique Dalla-Pozza is a senior lecturer at the ANU College of Law working in the field of Australian Public Law. Her primary research deals with the Australian Parliament and the legislative process, especially the process by which Australian National Security Law is made. She is particularly interested in the work done by parliamentary committees. In her role as a co-convenor of the ACT chapter of the Electoral Regulation Research Network (ERRN) Dom has also worked on the Senate voting system.

    Dominique’s other field of interest is in National Security Law – her PhD focused on the process by which the Australian Parliament enacted counter-terrorism between 2001 and 2006.

  • Associate Professor Stacey Steele »

    Stacey Steele

    Associate Professor Stacey Steele is an academic and practising lawyer specialising in comparative insolvency law in the Asia-Pacific, Japanese law and society, legal education and financial services law. 

    Stacey has published widely in academic journals and books as well as providing commentary to professional newsletters and practitioner publications such as the Insolvency Law chapter in CCH’s Japanese Busines Law Guide. She co-edited Match-Fixing in Sport: Comparative Studies from Australia, Japan, Korea and Beyond (Routledge, 2018) with Hayden Opie, Internationalising Japan: Discourse and Practice (Routledge, 2014) with Jeremy Breaden and Carolyn Stevens, and Legal Education in Asia: Globalization, Change and Contexts (Routledge, 2010) with Kathryn Taylor.

Research theme: 


Updated:  10 August 2015/Responsible Officer:  College General Manager, ANU College of Law/Page Contact:  Law Marketing Team