Schrems II Invalidates Privacy Shield – Do I Need to Worry?


In a major development, earlier this week the European Court of Justice released a judgement that invalidated the US Privacy Shield mechanism that was created to permit data to transfer from the EU to the US. Although anticipated, this decision (popularly known as “the Schrems II decision”) has caused a great deal of concern, confusion and uncertainty within the international business community.

Does this decision impact the collection, storing and processing of health risk assessment data by Canadian businesses like Wellness Checkpoint? No. The Privacy Shield mechanism is relevant only in the context of transfers of personal data from the European Union (EU) to the US. All assessment data collected by Wellness Checkpoint is stored within a secure, state-of-the-art facility located in Winnipeg, Canada.

EU law requires that an “adequate level of protection” be ensured before personal data of EU citizens can be transferred from the EU to another country. The European Commission has determined that Canada (along with a number of other countries) is “adequate” and so personal data can flow from EU member states into Canada.

What does the Schrems II decision mean for the future of international data transfers, particularly to the US? Tough to say with any certainty, but as the experts point out, the stakes are enormous so some form of compromise has to be found.

If you have any questions about the decision, or how InfoTech safeguards the privacy and confidentiality of the information provided by respondents answering our Wellness Checkpoint health risk assessment, let’s talk.

Contact Us.