International data transfers: what shall we do to avoid a Schrems III?


  • Romain Robert


  • Benoît Van Asbroeck
  • Clara Guerra
  • Kate Ruane
  • Max Schrems
  • Gabriela Zanfir-Fortuna

Organisation: NOYB

Room: Online 2

Timing: 16:00 - 17:15 on 29 January 2021

Two CJEU decisions and 7 years on, and despite the anxiety created by the Schrems II ruling, it seems that it is still business as usual with EU-US data transfers. The guidelines of the European Data Protection Board (EDPB) and the EU Commission (COM) do not seem to be implemented in practice. Is it still possible to use US-based service providers such as Microsoft, Google, Amazon, or Apple? How can a long-term solution look like for the US? Looking beyond the US, what does the law say about transfers to the UK or to China?

• Is a risk-based approach to international transfers possible?
• What role can consent as a transfer mechanism play?
• Is it still possible to use US-based service providers without violating the GDPR?
• What does the new US administration intend to facilitate international transfers?


Romain Robert


Romain Robert is a qualified lawyer specialised in technology law. He worked from 2002 to 2011 in various Brussels law firms, where he specialised in IP and ICT law. Between 2007 and 2011, he was also a researcher at the CRIDS, Research Centre in Law and Society at the University of Namur. In 2011, he joined the Belgian DPA as a legal advisor. He worked for within the Policy and Consultation Unit of the EDPS as of 2015 and then within the Secretariat of the EDPB as of May 2018. In April 2020, Romain joined noyb (None of Your Business, an NGO conducting strategic litigation to enforce digital rights).


Benoît Van Asbroeck

Bird and Bird (BE)

Clara Guerra

Portuguese DPA (PT)

Senior consultant of the PT DPA, where she works since 1997. Guest Lecturer in the Faculty of Law of the Portuguese Catholic University teaching Data Protection.
She is member of the EDPB’s expert groups ITS (International Transfers) and BTLE (Borders, Travel & Law Enforcement) and joined the two taskforces set up by the EDPB following Schrems II.
She was recently elected as Coordinator of the Coordinated Supervision Committee that works in the framework of the EDPB. At national level, she is now following cross-border cases and she keeps working in the area of law enforcement where she has a long experience.

Kate Ruane

American Civil Liberties Union ACLU (US)

Kate Ruane is a senior legislative counsel with the American Civil Liberties Union. She focuses her work on free speech, privacy, and surveillance issues. In her career, she has researched, written, and advocated extensively on free speech policy in the United States, online expression and content moderation, and data privacy practices. Kate received her J.D. from American University Washington College of Law and her B.A. from the University of Pennsylvania."

Max Schrems


Max Schrems is an Austrian activist and author who became known for campaigns against Facebook for privacy violation, including its violations of European privacy laws and alleged transfer of personal data to the US National Security Agency (NSA) as part of the NSA's PRISM program. Schrems is the founder of NOYB – European Center for Digital Rights.

Gabriela Zanfir-Fortuna

Future of Privacy Forum (US)

Dr. Gabriela Zanfir-Fortuna is Senior Counsel for the Future of Privacy Forum, a think-tank based in Washington DC, where she leads the work on Global privacy developments and European data protection law and policy. Prior to moving to the US in 2016, she worked for the European Data Protection Supervisor in Brussels. She holds a PhD in law with a thesis on the rights of the data subject from the perspective of their adjudication in civil law and is a co-author of the GDPR Commentary, OUP 2020. Gabriela won the inaugural CPDP Junior Scholar Award (2014).