When it comes to data protection, there are still disagreements between the European Union (EU) and the United States of America (USA). In recent years, this has caused trouble for tech companies from the USA in particular. Now the current US President Joe Biden seems to want to take decisive action against this. So he has brought the new edition of the so-called Privacy Shield again a step further.
Data of EU citizens should be safe
In recent years, U.S. corporations such as Meta or Google had to endure in the EU, in some cases, hefty fines. The reason for this is inadequate data protection. Even today, masses of data from EU citizens are sent to the USA for further processing. Data protectionists from the EU have been taking vehement action against this for some time. After all, there are no guarantees for EU citizens that their data will not be screened by community services, other U.S. authorities or even companies. To solve the problem, the U.S. and EU agreed in March that the so-called Privacy Shield should get a successor.
Now Joe Biden has put another important step on the road to the final agreement behind him. In a so-called executive order, the U.S. president is namely clearing the way for better protection of EU citizens’ data in the United States. The White House has published the order on its own website. There is one catch, however. For example, even in the new version of the data protection agreement, mass surveillance is still to be allowed. Given that mass surveillance was one reason the European Court of Justice (ECJ) declared the original Privacy Shield to be contrary to European law, this does seem a bit confusing.
More data protection was not in it?
If one takes a look at the US President’s decree, at least data protectionists are likely to turn up their noses a bit. After all, the Privacy Shield 2.0 does not really seem to conform to European data protection law at first glance. Among other things, bulk collection will continue to be permitted if there is reason to do so. This is a mass surveillance of telecommunications channels. According to the decree, this type of data collection should be possible for the intelligence services if, for example, it is a matter of combating terrorism, threatening cyberattacks, the proliferation of weapons of mass destruction or financial crimes of international scope.
The decree also sets out a new complaints procedure. With its help, EU citizens should be able to defend themselves against the activities of the authorities. This is based on a two-stage system. First, an officer for civil rights will check whether the complaint is justified. In a second stage, a data protection review court is to take action. This three-member panel is to be set up by the U.S. Attorney General in the near future.
Data privacy activists threaten lawsuits
With the US President’s decree, the ball is now back in the EU’s court. So it is now up to the EU Commission to examine the decree in detail. As part of an adequacy decision, the body must then determine whether or not the regulations are compatible with EU data protection law. However, since the Commission must also consult other bodies, such as the EU’s Data Protection Committee, experts believe that a decision will probably not be realistic until early next year. If the Commission decides in favor of the new Privacy Shield in its adequacy test, however, this will be far from a success for the USA. After all, data protectionists are already going on the barricades.
One of the most famous of them is probably the Austrian Max Schrems. In an initial statement, Schrems has expressed anything but a positive view of the US president’s decree. Rather, he emphasizes here again that the data of EU citizens may still be screened by so-called spy software in the U.S. – even on the basis of the new decree. In view of the fact that the ECJ has now ruled twice that this procedure is illegal, the Commission’s examination is actually pointless. Since Schrems played a major role in the first two ECJ rulings, he knows better than almost anyone what he is talking about.
When will there finally be legal certainty in data protection?
It is not only in the interests of EU citizens that a common denominator is finally found between the EU and the US on the issue of data protection. Large tech companies like Meta have also been insisting on this for years. As recently as March, Meta had to pay 17 million euros in fines for a violation of the General Data Protection Regulation (GDPR). Therefore, there is probably agreement in principle that a Privacy Shield should finally be initiated, which is also formulated in terms of EU law. This is also what the IT industry association Bitkom would like to see. Unlike Schrems, Bitkom also sees the new decree as a clear “step forward in securing international data transfers,” according to the association’s management. However, since the decree in its current form would not withstand a lawsuit before the ECJ, there will be no way around a revision. We are curious to see what the result of the EU Commission’s adequacy test will be.
No replies yet
Neue Antworten laden...
Gehört zum Inventar
Beteilige dich an der Diskussion in der Basic Tutorials Community →