Using State-Based Adequacy Now, National Adequacy Over Time to Anticipate and Defeat Schrems III

Abstract

Consequent to their incongruous developments of data privacy law, the European Union and United States have struggled to lawfully trade data with one another. Both nevertheless aspire to make the transfers occur. Therefore, they have negotiated two agreements for lawful data trade: (1) Safe Harbor and (2) Privacy Shield. But the European Union has also required the United States to guarantee nearly “equivalent” protections to its own. Given the Court of Justice of the European Union’s decisions in Schrems v. Data Protection Commissioner (Schrems I) and Data Protection Commissioner v. Facebook Ireland Ltd. (Schrems II) to invalidate the agreements, achieving the equivalency requirement will be demanding. This Note contends that the upcoming successor agreement should allow well-suited states in the United States to obtain “adequacy” determinations for themselves, rather than trying to adapt the structurally dissimilar federal legislation to meet European Union standards. This approach is the only realistic way to anticipate and defeat an inevitable “Schrems III” court challenge.