A Weaponized Court of Justice in Schrems II

The U.S.-EU conflict over the application of the General Data Protection Regulation (GDPR) to U.S.-based digital platform companies is marked by a startling legal development: the insertion of a constitutional court squarely into the heart of the dispute. The engagement of the EU’s top court - the Court of Justice (CJEU) - in the Schrems I and Schrems II cases - has significantly inflamed the dispute. The CJEU has now twice struck down GDPR accommodations reached between the United States and the European Union. In doing so, the Court has rebuked both U.S. and EU officials. By transfiguring provisions of the GDPR with constitutional (that is, treaty-based) and human rights values, the Court has placed out of reach any accommodation that does not involve significant reform of U.S. privacy and national security provisions. Heated trans-Atlantic disputes involving assertions of extraterritorial extensions of regulatory power is an inappropriate place for a constitutional court like the CJEU to throw its declarative weight around.