Privacy Shield – verdict: what's next?

Just a few days ago, ‘Privacy Shield’, the data protection pact between the USA and the EU, was canceled by the European Court of Justice. Of course, this does not remain without consequences for various digital services.

European politics is understandably in turmoil, as it had to say goodbye to the Safe Harbor Agreement, the predecessor of the ‘Privacy Shield’, years ago. While Safe Harbor was discredited by the Edward Snowden revelations, “Privacy Shield” was very controversial right from the start.

Enthusiasm among politicians and data protection officers

Accordingly, several politicians were pleased with the success of the opponents of the agreement, and American companies have to adapt to the new circumstances. Max Schrems, who had filed a lawsuit against Facebook years ago and thus got the ball rolling, was convinced that EU data protection law and US surveillance law were not compatible. He is convinced that there is no other alternative than that the United States must adapt its data protection regulations for all people.

However, the end of “Privacy Shield” also has some temporary disadvantages. Standard contractual clauses regarding data protection are now invalid and bring great legal uncertainty to many companies. Especially companies whose business models are based on the exchange of personal data are currently facing uncertain times.

The Austrian Schrems had originally sued the Irish authorities because Facebook used its Irish branch to transfer the data of its European customers to the USA. There companies like Facebook are obliged to transmit such data to the FBI or the NSA if necessary. Those affected cannot take action against it there. Of course, this does not correspond to the European guidelines.

The companies concerned will either have to adapt or end the data transfer.

New agreement will take years

Of course, the recent verdict does not mean the end. According to Article 49 of the GDPR, the transmission of data is still possible, for example if this happens voluntarily. This means, for example, online hotel bookings in the United States. In principle, data can still be exchanged, but the respective data protection authorities are now obliged to decide in individual cases whether they are permissible or not. Contradicting this, the organization noyb is of the opinion that the data exchange should also be ended in any case if a company falls under the American jurisdiction. In most cases this is the case.

There is no question that both sides are interested in continuing to enable data transfers, the economic exchange between the United States and Europe amounts to approximately $ 7 trillion. A new pact will probably take some time.

Via and Spiegel
Image via Pixabay

Leave a Reply

Your email address will not be published.