Potential Impact of Schrems II on India’s Adequacy Determination

This article was originally published on the official blog of the Indian Journal of Law and Technology (ILJT). It is a bi-annual, peer-reviewed, open access law journal published annually by the National Law School of India University, Bangalore. As stated on its website, IJLT is the first law journal in India devoted exclusively to the study of the interface between law and technology. Please click here to read the complete article.

On July 16, 2020, the Court of Justice of the European Union (“CJEU”) in Data Protection Commissioner v. Facebook Ireland and Maximillian Schrems (Case C-311/18) (aka “Schrems II” after the petitioner, an Austrian privacy advocate Maximillian Schrems), invalidated the decision on the adequacy of the protection provided by the EU-US Privacy Shield, meaning the Privacy Shield is no longer available as an instrument for transferring personal data from the EU to the US.

In an article, originally published on the official blog of Indian Journal of Law and Technology (ILJT), I have made an attempt to evaluate India’s chances of securing an adequacy status from the EU, in the light of Schrems II judgement. You can find the article here. Please feel free to post your comments, preferably on the blog itself or here on Medium.

Here is what you can expect to find in the article which consists of two parts. In Part I, the “what”, “why” and the “how” of adequacy decisions under GDPR are presented. Part II analyzes the alternatives to adequacy decisions and their relevance for India. It explores the contentious issues in India’s Personal Data Protection Bill, 2019 (“PDB Bill, 2019”), based on the grounds on which Privacy Shield was overruled. There is a reference to the EU-Japan adequacy agreement, which might serve as an alternative for India while not fully aligning its privacy regime with the EU. The article concludes with a few recommendations.