No, there has been no new “Schrems” judgment from the CJEU. But the publication of the post-Schrems II “Recommendations” by the European Data Protection Board (EDPB) on November 11, 2020, is such a huge aftershock than one could mistake it for an entirely new earthquake shaking the international data transfer system.

Following the invalidation of the U.S.-EU Privacy Shield by the Court of Justice of the European Union (CJEU), Kenneth Propp and Peter Swire’s article ‘After Schrems II: A Proposal to Meet the Individual Redress Challenge’ argues that the core fundamental rights concerns expressed by the CJEU must be addressed in order for the U.S. and the EU to negotiate a replacement agreement. In particular, the article makes a preliminary proposal to address CJEU concerns that U.S. surveillance law safeguards lack essential equivalence to EU safeguards. One particular concern, and the focus of Propp and Swire’s article, is that the U.S. lacks an “effective and enforceable” right of individual redress.

CBDF Senior Fellows Théodore Christakis and Jennifer Daskal, and CBDF Research Director Peter Swire have published extensively in the immediate aftermath of the Court of Justice of the European Union’s decision in Schrems II. This post highlights six items from the first week following one of the most important decisions about cross-border data flows to date:

Last fall, the United Kingdom and United States announced the first executive agreement under the CLOUD Act.  The 180 days for Congress to disapprove the agreement expired on July 8, without the House or the Senate holding public hearings or taking any formal action on the agreement.  According to a July 16 interview with the U.S. Department of Justice, the agreement will take effect after an exchange of diplomatic notes, which has not yet occurred. The Cross-Border Data Forum, with whom we work, has published extensive materials about these executive agreements, including an article by Jennifer Daskal and Peter Swire explaining multiple privacy safeguards in the U.S./U.K. agreement that go beyond the minimum requirements of the CLOUD Act.

How do African law enforcement authorities access African data held by US companies for the purpose of legitimate criminal investigations? How―and to what extent― can African countries benefit from the cross-border data access reform initiatives emerging in Europe and the US? How should African stakeholders approach the internet’s increasing cross-border legal challenges? These are some of the questions raised at one of the sessions of the recent virtual conference hosted by the Internet & Jurisdiction Policy Network (I&J) in partnership with the African Union Commission (AUC).[1] The conference brought more than 130 participants of key regional stakeholders together to discuss a range of transnational and regional challenges in cyberspace, including cross-border access to electronic evidence.

The world’s first cybercrime treaty is undergoing an update.  When the Budapest Convention was drafted approximately 20 years ago, the treaty focused on harmonizing laws and increasing cooperation across borders so that a range of cybercrime, such as a denial of service attack or the release of a computer virus, could be prosecuted in the multiple countries affected.  It was written before the exponential growth in Internet usage, the development of cloud computing, and the digitalization of just about every kind of interaction.  These changes have made electronic evidence important to just about every crime—effectively turning almost all crime into cybercrime.  And they have also created enormous challenges for law enforcement given, among other reasons, the global nature of the Internet.  Increasingly, a range of electronic evidence relevant to and critical to the investigation and prosecution of crime – everything from basic subscriber information used to identify particular perpetrators to the content of emails – is stored in a different country from the one where the crime occurred or is being investigated.  This globalization of criminal evidence is creating significant hurdles for law enforcement.[1]