ECJ overturns data transfer agreement with USA
The European Court of Justice (ECJ) has overturned the EU-US data protection agreement "Privacy Shield". However, user data of EU citizens can still be transferred to the US and other countries based on "standard contractual clauses", as the Luxembourg judges decided on Thursday. The proceedings deal with the legal dispute of the Austrian lawyer Max Schrems against Facebook.
https://orf.at/stories/3173791/
The Austrian lawyer said in a first reaction that he was very happy with the verdict. “At first glance, the Court seems to have followed us in all aspects. This is a total blow to the Irish data protection agency DPC and Facebook. It is clear that the US must seriously change its surveillance laws if US companies want to continue to play a role in the EU market. ”
Schrems had complained to the Irish data protection authority that Facebook Ireland forwards its data to the parent company in the USA. He justified his complaint by saying that Facebook in the United States was obliged to make data available to US authorities such as the NSA and the FBI - without the victims being able to take action against it.
Irish court turned to ECJ
An Irish court now wanted to know from the ECJ whether the standard contractual clauses and the EU-US data protection shield (“Privacy Shield”) are compatible with the European level of data protection. The Luxembourg judges now declared the "Privacy Shield" invalid. With regard to the access options of the US authorities, the data protection requirements are not guaranteed. In addition, legal protection for those affected is insufficient.
The core of the standard contractual clauses is to provide guarantees that there is adequate protection for the data of EU citizens when transferring data from the EU abroad. The Privacy Shield is another channel that is only available for data transfer to the United States. Advocate General Henrik Saugmandsgaard Öe had already raised concerns about the “Privacy Shield” in mid-December of the previous year.
2015 success for Schrems against "Safe Harbor"
At Schrems ’instigation, the CJEU overturned the predecessor of the data protection shield, the“ Safe Harbor ”regulation in 2015 because it did not adequately protect the data of European citizens against access by US authorities. The revelations of whistleblower Edward Snowden in 2013 regarding widespread Internet surveillance by US secret services also played an important role in this assessment.
SPÖ and NEOS pleased
The SPÖ club chairman Jörg Leichtfried and SPÖ data protection spokesman Christian Drobits welcomed the verdict. "We congratulate data protection officer Max Schrems for his persistent and successful work against the transmission of Facebook user data to US authorities," said Leichtfried and Drobits. The judgment would also take into account years of criticism from the SPÖ. “This is about protecting fundamental rights. With the transfer of personal data, there is a great risk that especially US authorities, such as NSA and FBI, could access it too easily. That is now being stopped, ”said the SPÖ MPs.
“The decision of the ECJ finally ends the questionable EU-US data exchange deal. It is a victory for data protection, digital fundamental rights and the rule of law, ”said deputy NEOS club chairman Niki Scherak. "An exuberant US surveillance state is a danger to Europeans' data, today's judgment clearly puts the US in its place." It's just a shame that it took a lawsuit and the end of "Privacy Shield" none political decision.
After a first read of the judgement on #PrivacyShield it seems we scored a 100% win - for our privacy
The US will have to engage in serious surveillance reform to get back to a "privileged" status for US companies.
More details here: https://t.co/t7LFgE7LmT#ThanksToEveryone!
— Max Schrems (@maxschrems) 16. Juli 2020
The European Court of Justice (ECJ) has overturned the EU-US data protection agreement "Privacy Shield". However, user data of EU citizens can still be transferred to the US and other countries based on "standard contractual clauses", as the Luxembourg judges decided on Thursday. The proceedings deal with the legal dispute of the Austrian lawyer Max Schrems against Facebook.
https://orf.at/stories/3173791/
The Austrian lawyer said in a first reaction that he was very happy with the verdict. “At first glance, the Court seems to have followed us in all aspects. This is a total blow to the Irish data protection agency DPC and Facebook. It is clear that the US must seriously change its surveillance laws if US companies want to continue to play a role in the EU market. ”
Schrems had complained to the Irish data protection authority that Facebook Ireland forwards its data to the parent company in the USA. He justified his complaint by saying that Facebook in the United States was obliged to make data available to US authorities such as the NSA and the FBI - without the victims being able to take action against it.
Irish court turned to ECJ
An Irish court now wanted to know from the ECJ whether the standard contractual clauses and the EU-US data protection shield (“Privacy Shield”) are compatible with the European level of data protection. The Luxembourg judges now declared the "Privacy Shield" invalid. With regard to the access options of the US authorities, the data protection requirements are not guaranteed. In addition, legal protection for those affected is insufficient.
The core of the standard contractual clauses is to provide guarantees that there is adequate protection for the data of EU citizens when transferring data from the EU abroad. The Privacy Shield is another channel that is only available for data transfer to the United States. Advocate General Henrik Saugmandsgaard Öe had already raised concerns about the “Privacy Shield” in mid-December of the previous year.
2015 success for Schrems against "Safe Harbor"
At Schrems ’instigation, the CJEU overturned the predecessor of the data protection shield, the“ Safe Harbor ”regulation in 2015 because it did not adequately protect the data of European citizens against access by US authorities. The revelations of whistleblower Edward Snowden in 2013 regarding widespread Internet surveillance by US secret services also played an important role in this assessment.
SPÖ and NEOS pleased
The SPÖ club chairman Jörg Leichtfried and SPÖ data protection spokesman Christian Drobits welcomed the verdict. "We congratulate data protection officer Max Schrems for his persistent and successful work against the transmission of Facebook user data to US authorities," said Leichtfried and Drobits. The judgment would also take into account years of criticism from the SPÖ. “This is about protecting fundamental rights. With the transfer of personal data, there is a great risk that especially US authorities, such as NSA and FBI, could access it too easily. That is now being stopped, ”said the SPÖ MPs.
“The decision of the ECJ finally ends the questionable EU-US data exchange deal. It is a victory for data protection, digital fundamental rights and the rule of law, ”said deputy NEOS club chairman Niki Scherak. "An exuberant US surveillance state is a danger to Europeans' data, today's judgment clearly puts the US in its place." It's just a shame that it took a lawsuit and the end of "Privacy Shield" none political decision.
After a first read of the judgement on #PrivacyShield it seems we scored a 100% win - for our privacy
The US will have to engage in serious surveillance reform to get back to a "privileged" status for US companies.
More details here: https://t.co/t7LFgE7LmT#ThanksToEveryone!
— Max Schrems (@maxschrems) 16. Juli 2020