Hunton Andrews Kurth Focuses on Schrems II and the Practical Implications for Businesses

NEW YORK--(BUSINESS WIRE)--#GDPR--Leaders from Hunton Andrews Kurth LLP’s global privacy and cybersecurity practice and the Centre for Information Policy Leadership discussed the implications of the Court of Justice of the European Union’s landmark Schrems II decision, which invalidated the EU-U.S. Privacy Shield for cross-border transfers of personal data.

In a recent webinar, Hunton Andrews Kurth partners Lisa Sotto, Aaron Simpson, David Dumont, and Bridget Treacy joined CIPL President Bojana Bellamy to provide an overview of the Schrems I and II cases. They also discussed the CJEU’s ruling on Standard Contractual Clauses and their role going forward, along with a number of key policy considerations.

The Schrems II decision on July 16 invalidated the Privacy Shield, which more than 5,000 companies and organizations used as a principal legal framework for the transfer of personal data from the EU to the United States. The decision did not invalidate SCCs but creates significant additional obligations for companies to continue to use SCCs to transfer EU personal data to the US or to other jurisdictions around the world.

A full recording of the webinar can be accessed here. An article on the case can be found here.

“This decision places a significant burden on businesses by requiring them to evaluate each data transfer recipient to determine whether the recipient offers an ‘adequate level of protection,’” said Sotto. “This means assessing the type of personal data being transferred, how it will be processed, whether it may be subject to access by government agencies for surveillance purposes and, if so, the safeguards available. Most businesses are not in a position to make this evaluation or to evaluate foreign legal systems on a regular basis as the ruling requires.”

While discussing the path forward, Simpson noted: “The goal for accountable organizations needs to be minimizing the residual risk as much as reasonably possible through mitigation efforts. This requires thinking about what additional safeguards you can put in place.”

Hunton Andrews Kurth’s privacy and cybersecurity practice is ranked as a leader in its field. The firm has been ranked by Computerworld magazine, Chambers and Partners, and The Legal 500 as a top law firm globally for privacy and data security. The firm’s Centre for Information Policy Leadership works with industry leaders, regulatory authorities, and policy makers to develop global solutions and best practices for privacy and responsible data use to enable the modern information age.
For more information, visit

About Hunton Andrews Kurth LLP
With 1,000 lawyers in the United States, Asia, Europe and the Middle East, Hunton Andrews Kurth LLP serves clients across a broad range of complex transactional, litigation and regulatory matters. We are known for our strength in the energy, financial services, real estate, and retail and consumer products industries, as well as our considerable experience in more than 100 distinct areas of practice, including privacy and cybersecurity, intellectual property, environmental, and mergers and acquisitions.


Jeremy Heallen