December 24, 2020
Written by
Gary LaFever
EU-UK Trade and Cooperation Agreement Does Not Address Adequacy Decision So the CJEU Shrems II Ruling Applies to the UK LinkedIn Logo

EU-UK Trade and Cooperation Agreement Does Not Address Adequacy Decision So the CJEU Shrems II Ruling Applies to the UK

The Brexit deal does not include any adequacy decision on data protection for the UK, so the principles embodied in the CJEU Schrems II (C-311/18) and subsequent CJEU rulings apply to the UK.

The CJEU made it clear in October 2020 cases involving the UK, France, and Belgium (Case C-623/17; C-511/18; C-512/18; C-520/18) that even within the EU (prior to Brexit) legislative initiatives dealing with economic and national security issues do not override the constitutional rights of EU data subjects. For predictability of operations purposes, data controllers are best served by technical and organisational measures that comply with CJEU rulings to avoid potential disruptions to operations similar to those resulting from the invalidation of “the legislative initiative formerly known as the Privacy Shield," including:

  • Transfer to Cloud Services Providers or Other Processors Which Require Access to Data in the Clear; and
  • Remote Access to Data for Business Purposes. [1]
New EU-UK Trade and Cooperation Agreement Highlghted and annotated text of official European Union Brexit Deal Brochure

Click here for the full text of the European Commission's overview of the agreement with the United Kingdom on the terms of its future cooperation with the European Union.

Companies can ensure ongoing use of data by establishing a defensible position by implementing Supplemental Measures / Additional Safeguards that comply with Schrems II requirements to achieve desired business results while respecting and enforcing the fundamental rights of data subjects.

Learn About Schrems II Compliant Supplementary Measures / Additional Safeguards

Schrems II Supplementary Measures DO EXIST

After holding several panels on Schrems II issues with the European Data Protection Supervisor (EDPS), None of Your Business (NOYB), Future of Privacy Forum (FPF), Promontory, Cooley, and Fieldfisher, we received over a thousand follow-up questions, and hundreds of inquiries requesting briefings. We created a no-cost Briefing Portal in response to overwhelming requests from General Counsels and senior-level privacy professionals for additional information.

This Briefing Portal streamlines the process for interested professionals and provides a no-cost, self-paced educational platform. Access expert content, analysis, and discussion of the key concepts behind Schrems II, and learn how to support your clients or organisation to take action.

Register at to learn about Schrems II Compliant Supplementary Measures / Additional Safeguards and other matters pertaining to lawful international data transfers after Schrems II using SCCs and BCRs.

Schrems II - Lawful Data Transfer

You may be interested in joining the Schrems II Linkedin Group focused on critical discussions and analyses related to using technically-enforced Supplementary Measures and SCCs, which you will not find elsewhere.


[1] See;; and

This article originally appeared in LinkedIn. All trademarks are the property of their respective owners. All rights reserved by the respective owners.