# ECJ "overturns" Data Transfer agreement with USA



## Alexander1970 (Jul 16, 2020)

ECJ overturns data transfer agreement with USA

The European Court of Justice (ECJ) has overturned the EU-US data protection agreement "Privacy Shield". However, user data of EU citizens can still be transferred to the US and other countries based on "standard contractual clauses", as the Luxembourg judges decided on Thursday. The proceedings deal with the legal dispute of the Austrian lawyer Max Schrems against Facebook.

https://orf.at/stories/3173791/

The Austrian lawyer said in a first reaction that he was very happy with the verdict. “At first glance, the Court seems to have followed us in all aspects. This is a total blow to the Irish data protection agency DPC and Facebook. It is clear that the US must seriously change its surveillance laws if US companies want to continue to play a role in the EU market. ”

Schrems had complained to the Irish data protection authority that Facebook Ireland forwards its data to the parent company in the USA. He justified his complaint by saying that Facebook in the United States was obliged to make data available to US authorities such as the NSA and the FBI - without the victims being able to take action against it.

Irish court turned to ECJ

An Irish court now wanted to know from the ECJ whether the standard contractual clauses and the EU-US data protection shield (“Privacy Shield”) are compatible with the European level of data protection. The Luxembourg judges now declared the "Privacy Shield" invalid. With regard to the access options of the US authorities, the data protection requirements are not guaranteed. In addition, legal protection for those affected is insufficient.

The core of the standard contractual clauses is to provide guarantees that there is adequate protection for the data of EU citizens when transferring data from the EU abroad. The Privacy Shield is another channel that is only available for data transfer to the United States. Advocate General Henrik Saugmandsgaard Öe had already raised concerns about the “Privacy Shield” in mid-December of the previous year.

2015 success for Schrems against "Safe Harbor"

At Schrems ’instigation, the CJEU overturned the predecessor of the data protection shield, the“ Safe Harbor ”regulation in 2015 because it did not adequately protect the data of European citizens against access by US authorities. The revelations of whistleblower Edward Snowden in 2013 regarding widespread Internet surveillance by US secret services also played an important role in this assessment.
SPÖ and NEOS pleased

The SPÖ club chairman Jörg Leichtfried and SPÖ data protection spokesman Christian Drobits welcomed the verdict. "We congratulate data protection officer Max Schrems for his persistent and successful work against the transmission of Facebook user data to US authorities," said Leichtfried and Drobits. The judgment would also take into account years of criticism from the SPÖ. “This is about protecting fundamental rights. With the transfer of personal data, there is a great risk that especially US authorities, such as NSA and FBI, could access it too easily. That is now being stopped, ”said the SPÖ MPs.

“The decision of the ECJ finally ends the questionable EU-US data exchange deal. It is a victory for data protection, digital fundamental rights and the rule of law, ”said deputy NEOS club chairman Niki Scherak. "An exuberant US surveillance state is a danger to Europeans' data, today's judgment clearly puts the US in its place." It's just a shame that it took a lawsuit and the end of "Privacy Shield" none political decision.



After a first read of the judgement on #PrivacyShield it seems we scored a 100% win - for our privacy

The US will have to engage in serious surveillance reform to get back to a "privileged" status for US companies.

More details here: https://t.co/t7LFgE7LmT#ThanksToEveryone!

— Max Schrems (@maxschrems) 16. Juli 2020


----------



## FAST6191 (Jul 16, 2020)

Nice to see but the practical end results I don't expect much from.


----------



## notimp (Jul 16, 2020)

The story here imho mostly is that Max Schrems had to to sue to get 'Privacy shield' (dont go by the label  ) ended, instead of european institutions actually caring about citizens privacy rights more than about political relations with the US.

But then at this point, everyone just expects, that 'NGOs' will do that job in this field - because eveyone is so new to that internet thing... """""" (added a few airquotes..  )

Argumentation used was data espionage (mass surveillance) on EU citizens.


As FAST6191 stated, a 'designated loophole' already is in place (GDPR) to have a legal basis for data exchange, but under this clause, companies have to stop complying when the law in the country they are processing the data interferes with EU law. And it up to EU data protection agencies to prove a violation.

Means companies have more legal uncertainty - but probably not enough so they'd change much.


edit: Schrems stated, that because this is now a high level legal conflict (EU institutions have to investigate if US companies are complying and look into reasons given), this ultimately would have to lead to the US changing their standing laws on data protection - or lack thereof (puts real corporate pressure onto US lawmakers).
src: https://www.derstandard.at/story/20...ld-was-das-ende-des-eu-us-datenabkommens-fuer (german)


----------



## Alexander1970 (Jul 16, 2020)

notimp said:


> The story here imho mostly is that Max Schrems had to to sue to get 'Privacy shield' (dont go by the label  ) ended, instead of european institutions actually caring about citizens privacy rights more than about political relations with the US.
> 
> But then at this point, everyone just expects, that 'NGOs' will do that job in this field - because eveyone is so news to that internet thing... """""" (added a few airquotes..  )
> 
> ...




Austria is a small Country,please "let them have the joy".

(I hope,it is clear,this is obvious sarcasm.)


----------



## notimp (Jul 16, 2020)

Last time you heard of Austria doing anything in relation to Schrems was our legal courts not wanting to deal with "how facebook works", and throwing one of his formal legal suits out of court with the "legal reasoning": "This will go on to higher courts anyhow..." end quote.

noyb (the NGO) is entirely crowd financed, and last time I checked, they had no more than two full time employees. (But a bunch of qualified volunteers..  )

https://support.noyb.eu/join

(So hardly the thing that would invoke national pride in people.. National shame (for not caring more) more likely..  )


----------

