On July 16th, 2020, with its so-called "Schrems II'' decision, the Court of Justice of the European Union (CJEU) invalidated the deal setting the rules for transatlantic data transfers — the EU-US Privacy Shield. In its judgment, the Court estimated that the deal did not guarantee a sufficient level of protection for the personal data of European citizens.
Although the news received a fair amount of media attention when it was released, public interest for the matter has now faded. Still, this decision has left a great number of actors in a long-lasting period of uncertainty and legal insecurity. Among the first to be impacted are European companies: according to a study led by several company federations throughout the European Union, 75% of companies that use Standard Contractual Clauses (SCCs) for international data transfers, regardless of their size, are European. EU citizens are also impacted by this decision, in the sense that they no longer benefit from the data protection mechanism guaranteed by the Privacy Shield. Even though the latter was imperfect, it has now been repealed, without anything to replace it.
In this context, Renaissance Numérique organised, on December 16th, 2020, a seminar gathering around thirty actors, including representatives of companies, lawyers, university researchers, MPs and members of the administration. This discussion had two objectives: explore the consequences of this decision by the Court of Justice of the European Union, and consider paths to solve this situation for those concerned by it. This note is fuelled by these exchanges.
Many concerns relating to the capacity of the actors to implement the "Schrems II decision" have emerged from the discussion. Not only does the decision not provide enough time to the actors for a sensible analysis and an evaluation of the enforceability of the recommendations issued by data protection authorities subsequently, but the decision is also retroactive. As a result, beyond future international data transfers, the conformity of all previous data transfers operated under the Privacy Shield since 2016 must be reassessed, hence questioning many current contracts. Some lawsuits have already been filed following the decision, amongst which several are against French companies. However, the results of those procedures and the subsequent legal precedent will most probably not be known before the summer of 2021. Until then, if no political decision is made, many activities will be threatened, at a time when data plays a key role in our economy.
Beyond the legal debate, this decision by the Court of Justice of the European Union weighs strong economic and political aspects that cannot be left to the regulators alone. In an uncertain context, where the position of the next American Administration is not known yet, this situation questions the efficiency of the European model of data protection.
Concerned by this deadlock, Renaissance Numérique, through this reflection, invites the European Commission and Europe’s executive power to engage in a dialogue with key stakeholders, in order to establish a shared method for the implementation of the Court’s decision.
 "The Court of Justice invalidates Decision 2016/1250 on the adequacy of the protection provided by the EUUS Data Protection Shield", Court of Justice of the European Union, press release No 91/20, Luxembourg, 16 July 2020.
 Among the responding companies. "Schrems II. Impact Survey Report", DIGITALEUROPE, BusinessEurope, the European Round Table for Industry (ERT) and ACEA, 26 November 2020.
 Renaissance Numérique would like to thank all the participants in the seminar of December 16th, 2020 who contributed to this reflection, especially Florence Raynal, Head of the European and International Affairs Department of the CNIL (French data protection authority), Théodore Christakis, Professor of International and European Law at Université Grenoble Alpes, Juliette Rouilloux-Sicre, President of the Digital Regulation Committee of the MEDEF (France’s largest employer federation) and Etienne Drouard, Partner at Hogan Lovells.
 The noyb association, founded by Max Schrems, has filed a complaint against several French companies such as Leroy Merlin, Sephora and Decathlon. "La fin du Privacy Shield : sortons les entreprises de cet imbroglio juridique !", Jean-Sébastien Mariez, JDN, 21 December 2020.