This presentation explains what is Schrems II and how it impacts Indian companies in the context of data privacy. It is based on the CJEU judgement on 16 July 2020.
4. WHY IS IT
CALLED
SCHREMS II?
After the lawyer-
activist Max Schrems
who first raised data
privacy concerns. This
is the 2nd case in the
series.
www.almostism.com
5. WHO ARE
THE PARTIES
IN
SCHREMS II?
The Data Protection
Commissioner vs
Facebook Ireland Ltd, Max
Schrems.
Intervening parties were:
The US Electronic Privacy
Information Centre, BSA
Business Software
Alliance Inc., and
Digitaleurope.www.almostism.com
6. 2 REASONS
WHY GDPR
ISN'T
ENOUGH
1.US surveillance
program isn't limited
to "essential". Hence,
non-essential access
to personal data was
likely.
www.almostism.com Violates Article 52 of EU Charter
7. 2 REASONS
WHY GDPR
ISN'T
ENOUGH
2. No adequate
redressal is available
against US
surveillance program.
www.almostism.com Violates Article 47 of EU Charter
8. WHAT
ABOUT
SCCs?
SCCs* cannot be
considered a blanket
permission to freely
transfer data without
adequate data
protection measures.
www.almostism.com *Standard Contractual Clauses
12. HOW WILL
SCHREMS II
IMPACT
INDIA?
Ensure immediate
correction
Data exporter and
data importer both
responsible
Protect, return or
destroy data
Limits
1.
2.
3.
www.almostism.com
13. HOW WILL
SCHREMS II
IMPACT
INDIA?
India currently
doesn't have data
privacy laws,
hence companies
must re-evaluate
their data of
people in the EU.
Summary
www.almostism.com