New data transfer agreement between the United States and Europe
July 11 was an historical and very important day for the data protection sector, since the European Commission adopted the adequacy decision that allows data transfer agreement between the United States and Europe.
Data transfer agreement between the United States and Europe: what is it and what does it mean?
This is a bilateral agreement that allows for the transfer of personal data from Europe to providers or entities located in the United States. This means that, from then on, these data transfers to the US are considered to already have a level of protection comparable to those taking place between EU Member States, which is a great step towards guaranteeing the security of the circulating data.
With this agreement adopted, some of the concerns raised by the Court of Justice of the European Union (CJEU) have been answered and resolved, causing the revocation of old agreements, such as the Privacy Shield, which we will explain later.
These fixed concerns are:
- Limitation of access to data by the United States intelligence services to what is “strictly necessary and proportionate”.
- The empowerment of various remedies for European citizens if their data is improperly processed by US companies.
The third time’s a charm… or not.
It therefore seemed that the third time was a charm and that this agreement put an end to a provisional situation that had existed for 3 years, when the CJEU annulled the aforementioned Privacy Shield, knocked down for “not offering a sufficient guarantee of protection according to the regulation of the European Union”, largely due to the fact that, in the United States, there is no federal law that regulates the management of data, which means the US intelligence services (such as the CIA, the FBI or the National Security Agency) can review it when they deem fit in cases of national security, a fact that here in Europe is prohibited.
However, Noyb, an organization led by the Austrian Max Schrems who fights for people’s right to privacy and that has already managed to bring to court and overthrow the two previous resolutions, announces that it will resubmit this agreement to the courts in “a few months” because they consider that “it is a copy of the Privacy Shield and that there are only few changes, especially in American legislation”.
It will therefore be necessary to follow the likely future claim submitted to the CJEU and the subsequent decision of the European Court. We will continue to track this judicial process and, and as the saying goes, maybe the third time’s a charm.
If you need more information on this or any other topic, do not hesitate to contact us!
Information on data protection
LEGAL IT GLOBAL 2017, SLP
Providing the service.
Sending the newsletter.
Compliance with the service provision.
Your data will not be shared with any third party, except service providers with which we have signed a valid service agreement.