(a)
does the level of protection afforded by the United States respect the essence of an
individual’s right to a judicial remedy for breach of his or her data privacy rights
guaranteed by Article 47 of the Charter?
If the answer to Question 5(a) is in the affirmative:
(b)
are the limitations imposed by US law on an individual’s right to a judicial remedy in the
context of US national security proportionate within the meaning of Article 52 of the
Charter and do not exceed what is necessary in a democratic society for national security
purposes?
(6) (a) What is the level of protection required to be afforded to personal data transferred to a third
country pursuant to standard contractual clauses adopted in accordance with a decision of the Commission
under Article 26(4) [of Directive 95/46] in light of the provisions of [Directive 95/46] and in particular
Articles 25 and 26 read in the light of the Charter?
(b)
What are the matters to be taken into account in assessing whether the level of protection
afforded to data transferred to a third country under [the SCC Decision] satisfies the
requirements of [Directive 95/46] and the Charter?
(7)
Does the fact that the standard contractual clauses apply as between the data exporter and the
data importer and do not bind the national authorities of a third country who may require the data
importer to make available to its security services for further processing the personal data
transferred pursuant to the clauses provided for in [the SCC Decision] preclude the clauses from
adducing adequate safeguards as envisaged by Article 26(2) of [Directive 95/46]?
(8)
If a third country data importer is subject to surveillance laws that in the view of a data
protection authority conflict with the [standard contractual clauses] or Article 25 and 26 of
[Directive 95/46] and/or the Charter, is a data protection authority required to use its enforcement
powers under Article 28(3) of [Directive 95/46] to suspend data flows or is the exercise of those
powers limited to exceptional cases only, in light of recital 11 of [the SCC Decision], or can a
data protection authority use its discretion not to suspend data flows?
(9) (a)
For the purposes of Article 25(6) of [Directive 95/46], does [the Privacy Shield Decision]
constitute a finding of general application binding on data protection authorities and the courts of the
Member States to the effect that the United States ensures an adequate level of protection within the meaning
of Article 25(2) of [Directive 95/46] by reason of its domestic law or of the international commitments it has
entered into?
(b)
(10)
(11)
If it does not, what relevance, if any, does the Privacy Shield Decision have in the
assessment conducted into the adequacy of the safeguards provided to data transferred to
the United States which is transferred pursuant to the [SCC Decision]?
Given the findings of the High Court in relation to US law, does the provision of the Privacy
Shield ombudsperson under Annex A to Annex III to the Privacy Shield Decision when taken in
conjunction with the existing regime in the United States ensure that the US provides a remedy to
data subjects whose personal data is transferred to the United States under the [SCC Decision]
that is compatible with Article 47 of the Charter]?
Does the [SCC Decision] violate Articles 7, 8 and/or 47 of the Charter?’
Admissibility of the request for a preliminary ruling
69
Facebook Ireland and the German and United Kingdom Governments claim that the request for a
preliminary ruling is inadmissible.
70
With regard to the objection raised by Facebook Ireland, that company observes that the provisions of
Directive 95/46, on which the questions referred for a preliminary ruling are based, were repealed by