I do hope a) the CJEU rule instead of kicking it back to Ireland and b) the final ruling on this matter is done under GDPR.
The Irish Data Protection Commission (DPC) copped the blame from witnesses in the European Court of Justice yesterday over its role in the Facebook case concerning the transfer of data to the US from its Irish subsidiary. Back in 2013, privacy activist Max Schrems asked the regulator whether Facebook sending his data to the US …
Thank you for your dedication to the privacy of my data. Without you, the NSA would have free reign over the entire Internet and Google & Co would have an even easier life. Thanks to you, Google & Co is starting to feel the pinch, and the NSA might actually (gasp !) have to work to get their juicy data.
You are a true soldier of freedom.
Or Irish Commission Full of Conflicts of Interests ? They are very, very afraid to kill their gooses that lays the Golden Eggs in the green fields of Ireland... and looks to be not independent at all from the other branches of government. And these companies know how to blackmail governments.
'The court in Luxembourg is also considering whether the "standard contractual clauses (SCCs)" are sufficient protection for consumers'
The controller/processor SCCs are in fact non-compliant with the GDPR on seven counts. Consequently it's hardly a matter of considering whether they're sufficient (they're not), but rather whether we all agree to ignore their inadequacy.
Because generally Irish Regulators exist to satisfy EU. Also many are "captured" by Corporations or motivated purely to raise revenue. See Financial Regulator (Anglo Irish Bank) and Comreg (Three's lack of rollout "solved" by NBS, Mobile mis-sold as Broadband and Fast Broadband, everything sold as Fibre).
The UK is worse with Ofcom.
For years the Irish government has been gaming EU regulations to maximise the amount of grants they can claim and to attract large corporations due to lax enforcement of EU regulations.
The Germans seem happy enough to foot the bills, the UK not so much.
"Facebook's lawyer warned that striking out SCCs would have a serious impact on world trade."
I doubt if anyone on either side disputes that. As I understand it, the entire point of striking out SCCs is to have a serious impact on certain types of world trade; i.e. to prevent the movement of personal data to places it doesn't need to be.
I've given you an upvote, but there are serious possible repercussions beyond the Google/Facebook problem. There is a LOT of international data traffic that underpins international trade. Yes, everyone would adapt, just like they've had to adapt when the original Data Protection regs came in and then GDPR.
Iin the meantime, blow Privacy
ShieldFigleaf and Standard Contracts out of the water and it'll cause one heck of a lot of disruption while people adjust to it all.
But IMO both need to be blown out of the water because, AIUI, USA law is fundamentally incompatible with EU law on this - and the USA seems to think that it's the EU in the wrong.