EU Data Policy Decision to Affect Business With Australia

The Court of Justice of the European Union’s recent Schrems II decision will have severe impacts on the way international businesses operate and handle private data. This decision upholds the EU General Data Protection Regulation (GDPR) and strengthens its reach beyond just the EU. The GDPR framework regulates the export of data of EU citizens outside of the region and is widely considered one of the world’s strongest privacy frameworks. It requires an adequate level of data protection be guaranteed before data can be exported. 

The Schrems II decision has struck down the use of the “Privacy Shield” agreement which operates between the EU and the US government. Prior to this decision, this Privacy Shield formed the basis of how these US companies processed the data of their EU trading partners.

Many other countries have demonstrated adequacy in data protection at a country level (such as New Zealand) and have been EU-certified. These countries should be relatively unaffected by the Schrems II decision.

Australia does not have a “Privacy Shield” agreement with the EU however our data protection level has not been deemed EU adequate. This is largely due to our national Privacy Act not applying to small businesses, employee data, and political parties etc. 

The Schrems II decision will mean significant changes to how Australian companies do business with EU partners. The Court of Justice of the European Union has clarified that this means extra requirements to ensure data processing and privacy clauses in contracts will meet GDPR standards. Whilst the full scale of the impact of this decision has yet to be seen (and will likely vary depending on the organisation and its existing data privacy protocols) it seems evident that big changes lie ahead.