Serena Crespi
This article examines whether the principles set out in the Schrems judgment apply only in the specific context of an adequacy decision concerning the international transfer of data or also to access to data by EU Member State intelligence authorities. This is a pertinent question, given that art.4(2) TEU provides that national security remains the sole responsibility of each Member State. This article analyses art.4(2) TEU and art.8 of the Charter, the new Data Protection Regulation 2016/679, along with the relevant case law of the CJEU (e.g. Digital Rights Ireland, Tele2) and of the ECHR (e.g. Zakharov, Szabo and Vissy) in order to assess whether, and if so, and to what extent, EU law requirements may affect the activities of Member States in the area of national security.