August 20, 2020

NOYB files complaints to invalidate EU to US data transfers under SCCs

On August 17, 2020, the NOYB, a non-profit digital rights organization founded by privacy activist Max Schrems, filed complaints against companies that continue to use Privacy Shield and Standard Contractual Clauses (SCC) to transfer Personal Data to the United States.  NOYB argues that the recent Court of Justice of the European Union ruling on the EU-US Privacy Shield Framework found that “US surveillance laws violated the essence of EU fundamental rights.”  NOYB filed the complaints in the European Union and European Economic Area member states, asserting that it has analyzed the HTML source code of major EU webpages and found that multiple companies still used Google Analytics (which is certified under the Privacy Shield Framework) and Facebook Connect (which uses the SCCs), which resulted in the personal data being transferred to the U.S. 

This complaint follows on the heels of the July 16, 2020 decision by the EU Court of Justice to invalidate the EU-US Privacy Shield program while upholding the validity of SCCs as means to legally transfer personal data outside of the EU.  However, NYOB challenges the legality of using SCCs to the US, claiming that companies in the EU “cannot use SCCs when the recipient in the US falls under these mass surveillance laws” unless US data importers warn EU data senders of these laws beforehand.  

NOYB Press Release | NOYB List of Complaints