Schrems II and Surveillance: Third Countries’ National Security Powers in the Purview of EU Law

The European Law Blog will be taking a summer recess. We’ll be back end of August with new commentaries, including on key summer developments. Please do send us on your contributions throughout this period and we will get back to you in due course. Happy Holidays to all our readers!

On 16 July 2020 the Court of Justice of the European Union (CJEU) composed as Grand Chamber delivered its landmark ruling Data Protection Commissioner v Facebook Ireland Ltd and Maximillian Schrems (case C-311/18, “Schrems II”). For the background and a discussion of the implications of the ruling for commercial transfers of personal data see the commentaries by Christopher Kuner and Theodore Christakis. The focus of my commentary will be on the aspect that EU law on cross-border transfers of personal data to a third country is not deferential to national security powers of that third country. This judgment is remarkable provided that electronic surveillance conducted by Member States’ intelligence authorities for the purpose of national security is off limits for EU law and that exceptions in international agreement are fairly regularly made for national security. This contribution will deal with the embedded assessment of a third country’s national security powers under the General Data Protection Regulation (Regulation (EU) 2016/679, GDPR) and will address the criticism that a third country is held to stricter standards than a Member State of the Union.

Schrems II is a continuation of the CJEU’s 2015 judgment in Maximillian Schrems v. Data Protection Commissioner (Case C-362/14, “Schrems I”), which invalidated the Commission’s Decision approving the EU-US Safe Harbour agreement (Decision 2000/520). The ruling notes that the Safe Harbour Decision carries a provision that “national security, public interest, or law enforcement requirements” have primacy over the Safe Harbour principles (para. 86). However, any interference with the rights to privacy and the protection of personal data as guaranteed by Articles 7 and 8 of the Charter of Fundamental Rights in the European Union (Charter) must be limited to what is strictly necessary and the right to effective judicial protection must be observed (paras. 92-95).

Continue reading

Hinkley Point C – Is semi-permeable membrane protecting the internal market’s nucleus?

Who would have thought that a case from the UK would potentially shape the EU State aid policy for years to come, being decided just around the time of the UK’s exit from the EU? This situation is made all the more particular as many state aids lawyers have suggested that the applicant, Austria, is rather unlikely to succeed in the case of Hinkley Point C.

The Commission Decision 2015/658 of 2015 and the lengthy GC judgment in this case have been summarised and annotated elsewhere. The case concerns the approval of the UK’s scheme for the building of a new nuclear reactor, which involved a guaranteed price for the electricity produced for a number of years.

Recently, AG Hogan’s Opinion was released. The Opinion raises a number of issues and shows the importance of the case. One central question that should be answered is whether the promotion of nuclear energy as a core objective of the Euratom Treaty (Euratom) is an objective that might justify State aid. However, the Opinion raises other questions. As brilliantly explained by Fernando Pastor-Merchante, the Opinion proposition has some rather fundamental implications. It could remove Article 107(3)(c) TFEU from the Commission’s toolbox for shaping State aid in the EU. It would reduce the Commission’s competence by allowing the Member States free reign in handing out State aid under Article 107(3)(c) TFEU. The Commission’s discretion would be dramatically reduced, examining only possible effects on competition and trade within the internal market.

This brief note focuses, however, on another element of the Opinion. One with equally broad application. The question of whether and which other objective and provisions contained in Treaty provisions are of relevance in the context of the interpretation of EU State aid law, and in particular Article 107(3) TFEU.
Continue reading

After Schrems II : Uncertainties on the Legal Basis for Data Transfers and Constitutional Implications for Europe

I. Schrems II Places International Data Transfers in a Legal Limbo 
A. In Theory Schrems II Proposes a Holistic and Coherent Regime of Protection
B. In Practice It’s Uncertainties Time: The Show Must Go On, But… How?
II. Constitutional Implications for Greater Europe
A. A Shakeup of the EU Equivalent Protection Mechanisms
B. Implications for the European public order
Conclusion: Towards Data Localization?


The judgment issued by the Court of Justice of the EU (CJEU) on 16 July 2020 in Data Protection Commissioner v Facebook Ireland Limited, Maximillian Schrems (Case C-311/18, “Schrems II”), is without doubt a constitutional judgment. It affirms strongly the importance of maintaining a high level of protection of personal data transferred from the European Union to third countries dealing in a comprehensive way with the issue of government access to data not only by the United States (US) but also by any other country. By doing so it creates a lot of uncertainties on the legal basis of future data transfers from the EU to other countries. And it also has important constitutional implications for the European public order.

This article will not discuss the facts of the case or the arguments used by the Court in relation with the Privacy Shield arrangement or Standard Contractual Clauses (SCCs). This has already been done in this blog in the excellent analysis published last Friday by Christopher Kuner. Similarly, a series of very interesting comments have been published since last Thursday ranging from Max Schrems’ Noyb Organisation’s first reactions, to US perspectives on the judgment proposed by Peter Swire, Jennifer Daskal or Kenneth Propp and Peter Swire.

The objective of this article will be to offer some complementary thoughts and perspectives focusing on the uncertainties created by the judgment for the future of international data transfers (Part I) and the constitutional implications not only for the EU but also for greater Europe (Part II).

Continue reading

The Schrems II judgment of the Court of Justice and the future of data transfer regulation


On 16 July 2020, the Court of Justice of the EU (CJEU) issued its judgment in Data Protection Commissioner v Facebook Ireland Limited, Maximillian Schrems (Case C-311/18, “Schrems II”). The case is a companion to the Court’s 2015 ruling in Maximillian Schrems v. Data Protection Commissioner (Case C-362/14, “Schrems I”), in which the Court invalidated the Commission adequacy decision underlying the EU-US Safe Harbour arrangement.

In Schrems II the Court both affirmed the validity of the standard contractual clauses (SCCs) for data transfers under Commission Decision 2010/87/EU (later amended by Commission Decision 2016/2297), and invalidated Commission Decision 2016/1250 that was the legal basis of the EU-US Privacy Shield, which was the successor to the Safe Harbour. Beyond its impact on the SCCs and the Privacy Shield, the Schrems II judgment has important implications for the future regulation of international data transfers.

Continue reading

Interchange fees restrict competition: Is the UK Supreme Court giving Article 101(1) TFEU a final glance?

In a long running legal battle, some clarity has finally been provided by the Supreme Court of the United Kingdom in relation to the implications of multi-lateral interchange fees (MIFs) between card companies with respect to European Competition Law. In the combined cases of Sainsbury’s Supermarkets Ltd (Respondent) v Visa Europe Services LLC and others (Appellants) Sainsbury’s Supermarkets Ltd and others (Respondents) v Mastercard Incorporated and others (Appellants) [2020] UKSC 24 the Supreme Court found unequivocally in favour of the supermarket chains and held that the MIFs were a restriction of competition contrary to Article 101(1) of the Treaty on the Functioning of the European Union (TFEU). The appellate judgment represents a series of firsts not just for the UK Court but also for the MIF legal debate generally. It is the first UK appellate consideration of the binding effects of Article 101 CJEU jurisprudence and the first ruling by any European Court that Visa’s multilateral interchange fee is a restriction of competition. The irony that such a landmark  decision on issues of European Competition Law was delivered by the UK as it enters into the final six months of its transition period before exiting the Union, is not lost. However all irony aside, it is hoped that the judgment will end the legal debate concerning interchange fees set by Visa and Mastercard once and for all.

Continue reading

The EU-Armenia Comprehensive and Enhanced Partnership Agreement (CEPA): Legal basis litigation 2.0

In April 2020 the European Commission challenged before the European Court of Justice (ECJ) two Council Decisions taken within the Partnership Council under the CEPA with Armenia. The implementation of the CEPA required the establishment of joint institutions such as the Partnership Council, the Partnership Committee, subcommittees and other bodies. The Council laid down procedural rules for the functioning of the joint bodies under the CEPA in two separate Decisions: the first one relates to Title II of the Agreement and covers Common Foreign and Security Policy (CFSP) aspects; the other one relates to the rest of the Agreement and covers TFEU-related matters respectively.

The Commission did not agree with the choice of legal bases of the CFSP-related Decision, notably the substantive legal basis of Article 37 TEU and the procedural legal basis of the second paragraph of Article 218(8) TFEU. Furthermore, according to the Commission, the Council was not allowed to split artificially a single act into two different parts with different centres of gravity.
Continue reading

POMFR Book review: Anu Bradford, The Brussels Effect: how the European Union rules the world (OUP 2020)

In the ‘Brussels Effect: how the European Union rules the world’ Bradford described how EU regulations impact standards around the world through the process of unilateral regulatory globalization. The book develops on from Bradford’s highly influential earlier article.

Territorial extension’ is described by Scott as the practice of enabling the EU ‘to govern activities that are not centered upon the territory of the EU and to shape the focus and content of third country and international law.’ I have described ‘rule-transfer’ as ‘a means or process by which EU legal rules are adopted in third country legal orders’ and showed how EU rules move and are adopted abroad.Continue reading

The plight of unaccompanied migrant minors in Greek detention system: A national and international perspective

Source: Human Rights Watch


On 14 April 2020, Human Rights Watch started the #FreeTheKids campaign to urge the Greek government for the release of ‘unaccompanied migrant minors’, who were detained in police cells and other detention centres in the country. While Greece has an age old problem of detaining these minors in crowded and unhygienic cells, COVID-19 gave thrust to this campaign since these cells made it difficult to observe the guidelines issued by the World Health Organisation (‘WHO’) regarding social distancing, basic health care and sanitation, exposing the minors to the risk of infection. These conditions were highlighted by the drawing of the child who was in such detention centre for almost three months.

A majority of these unaccompanied migrant minors are kept in police stations and detention facilities. A better alternative for accommodation would be Reception and Identification Centres (‘RIC’) as they provide a safer space for short-term stays than holding minors in jail cells. While the livings conditions in RICs are not perfect, the United Nations High Commissioner for Refugees (‘UNHCR’) in its report stated that unlike police cells, these centres at least allow the children to move in and out freely, they provide medical services, psychosocial support as well as informal education and recreational activities for these minors (para. 2.3.3). However, due to acute shortage of RICs and heavy influx of migrant minors, they are accommodated in Greek police cells.

While one year has passed since the European Court of Human Rights (‘ECtHR’) held in H.A. v. Greece and Sh.D. v. Greece that detention of unaccompanied migrant minors in police cells violates international laws, the government of Greece is yet to make sufficient adjustments to its detention system. Building on relevant case law and reports, this article concludes that Greek’s practice of detaining unaccompanied migrant minors in the name of ‘protective custody’ is in violation of their human rights in both ordinary circumstances and extraordinary situations like COVID-19. It also examines the efforts made by the Greek Government in this regard and the intervention of the European Union in order to mitigate the plight of these unaccompanied migrant minors especially in these extraordinary circumstances.
Continue reading