The data protection commissioners of the EU countries have surprisingly certified that the planned data protection agreement (Data Privacy Framework) with the USA largely complies with the legal regulations in the EU. This should clear the way for the agreement to enter into force – unlike two failed predecessor versions.
Data Privacy Framework as third attempt
The data privacy agreement now under review represents the third attempt to reach an agreement that would allow the legally secure transfer of personal data from the EU to the United States. So far, such a transfer has not been guaranteed, which poses problems for many companies when they want to evaluate or further process data in the US. The previous Privacy Shield and SafeHarbor projects had failed before the European Court of Justice because many data protection requirements could not be met.
The third agreement now on the table seems much more likely to meet EU requirements. After a year of negotiations between the two parties, and the U.S. government under Joe Biden issuing numerous presidential executive orders that issued implementing regulations for laws affecting data collection and processing, the overall conclusion is positive. “We see the will to create an adequate level of protection for data subjects whose personal data is transferred to companies in the U.S.,” said, for example, the German government’s data protection commissioner, Ulrich Kelber.
Smaller concerns remain
There are no fundamental problems with the text of the adequacy certificate, which confirms that at least a similar level of data protection is maintained in the US as in the EU. The opinion of the data protection commissioners of the EU countries, for example, emphasized that now, for the first time, a possibility is provided to have data protection violations checked in the USA. Private individuals from the EU thus have the security of being able to take legal action in the U.S. if their data protection rights have been violated. The Hamburg data protection commissioner, Thomas Fuchs, sees this as “unprecedented concessions” on the part of the USA.
However, the Data Privacy Framework has not been entirely free of criticism. For example, the EU data protection commissioners criticized the fact that mass data collection on the basis of the Foreign Intelligence Surveillance Act should continue to be possible without a court order. Further questions were put to the EU Commission on a number of other points.
In addition, the data protection commissioners have imposed on the EU Commission in their statement that the actual effects of the data privacy framework are to be regularly subjected to a fundamental review. Such a review is to take place every three years at the latest. This is to ensure that there is actually effective legal protection and a reduction in intelligence activities.
Data Privacy Framework likely to come into force
Further developments are relatively predictable based on the opinion of the data protection commissioners that has now been issued. The EU Commission’s certificate of adequacy will be submitted to the EU Parliament, which can only reject it with an absolute majority – which is unlikely to happen based on the basically positive opinion. This should bring the agreement between the EU and the USA into force.
However, this does not yet mean that all companies will be able to transfer data from the EU to the USA without any problems. To do so, the companies in question must register with the U.S. trade regulator or the U.S. Department of Commerce. In doing so, they agree to comply with the negotiated provisions, which is monitored by the aforementioned authorities. If there are violations of the voluntary commitment, enormous penalties may be imposed in the USA.
No replies yet
Neue Antworten laden...
Gehört zum Inventar
Beteilige dich an der Diskussion in der Basic Tutorials Community →