This panel will consider how the Schrems II judgment so far impacted international transfers in practice and discuss ongoing initiatives such as the “European cloud”, Gaia-X, and legal and technical questions of data sovereignty and data localisation. It aims to provide an overview of relevant developments during the past year as well as important ongoing initiatives, including in the area of enforcement.
• How effective has the EU been so far in applying and enforcing the CJEU Schrems II judgment?
• What kind of technical and organisational measures have organisations put in place to apply the Schrems II judgment and to ensure an adequate level of protection?
• Could the adhesion of non-EU cloud operators to sovereign projects, such as Gaia-X or to the approved EU-wide cloud codes of conduct, solve the Schrems II challenge?
• How can organisations in the EU avoid non-EU government surveillance in practice and are there any lessons to be learned in this respect from the UK adequacy decisions?