Starting in 2020, companies await the legal framework to transfer personal data of European citizens to the United States. However, European privacy rules are difficult to reconcile with US laws. So the politicians are finalizing a deal now that will be scrapped again some time later.
From the spring, there will once again be a legal framework for sending data about European citizens to the US. This regulation already existed on two occasions in the past, but had to be amended each time because not all European data protection laws were complied with.
Lisa de Smet, Cranium’s chief data protection adviser, does not expect the upcoming Privacy Shield to send up an EU court review: “I expect to challenge the framework again because little has changed in essence.”
Europe has taken a new step towards a data exchange agreement with the US
The GDPR issue
The Atlantic must harmonize European rules with the US Constitution. Many principles from both the Acts contradict each other which makes the situation very complicated. “It takes a lot of time to get an agreement through the European Court without any problems. You don’t change the US Constitution overnight.
It takes more time to reach an agreement through the European Court of Justice without any problems.
Lisa de Smet, Cranium’s Chief Data Protection Counsel
The past has already proven this. The Privacy Shield made it possible to transfer personal data to the US before 2020. Overturned at the Court of Justice of the European Union Schrams II Legal framework. The verdict was given by the lawyer’s name, Max Schrems. The same person who repealed Privacy Shield’s predecessor in 2015.
Both legal frameworks failed in court because they breached EU member states’ privacy rules. These privacy rules were eventually brought together under the GDPR, which serves as the EU’s tool to protect economic powerhouses from the tech world. to keep under control.
De Smet explains why the rules are important in this regard: “GDPR has a foreign effect. This means that the transfer of data outside the European Economic Area is only possible in compliance with the GDPR. Otherwise, you are in violation. The problem with the legal framework is that because of US law, companies can never guarantee that European data is protected from government spying in the US.
The problem of espionage
Due to external pressure, there was no time to consolidate the ground rules first. For companies, a new legal framework cannot come soon enough. Without the proper legal framework, US companies are not allowed to store data from European customers in their US data centers. Some clarify by applying pressure and making empty threats Social media services outside of Europe.
De Smet is not surprised that American companies want to speed up current affairs. They don’t have the ability to deal with the problem. “A data center in Europe is sometimes considered the solution. However, American companies are subject to US law even in that case. So it’s possible they’re asking for a loophole where they can spy.
Does overthinking pay off?
Biden made the decision late last year, responding to requests from companies from his home country Get back on track Throughout the process. President Joe Biden signed it on October 7 An executive order This will enable the transfer of data from European citizens to US data centers. This document presents the agreements made by Washington and Brussels Made earlier this year on paper.
It is New configuration It promises to address the major pitfalls of the previous Privacy Shield. For example, there will be stricter criteria on what data is allowed to cross US borders, and it will be better protected against intelligence services. An independent monitoring body concerned with the privacy of EU citizens will also be set up.
For critics, the fix is nothing more than a political gimmick. Max Schrems created it On a blog Already looking forward to the deal. According to him, the project uses vague regulations to hide loopholes for monitoring European citizens. He also thinks that the inspection body is no more than a mock court.
“Since the draft decision is based on a well-known implementation decision, I don’t see how it can survive an appeal to the courts,” Max Schrems says in a statement. Report. “The European Commission seems to be making the same decisions over and over again, in flagrant violation of our fundamental rights.”
I fear the negotiations are mainly politically driven.
Lisa de Smet, Cranium’s Chief Data Protection Counsel
According to de Smet, Europe is opting for a deal that would allow it to continue to go through one door with the US. “This agreement is a concession to the US, and I fear that the negotiations are mainly politically driven. Many things play a role in the GDPR world. For example, consider economic interests, because it is important for trade between the US and Europe to be possible.
Europe did not show its teeth
The deal is expected in the spring of 2023. Data will be transferred back to the United States in accordance with the provisions of this legal framework. Max Schrems’ fighting interest group may again challenge the legal framework from the live release. If the interest group succeeds in destroying the law again, history starts all over again.
Not much faith in the deal. Things have already gone too far and European leaders can’t change it anymore. “A draft sufficient decision has already been drawn up, so we are really in the final stages,” De Smet concludes.
“Award-winning beer geek. Extreme coffeeaholic. Introvert. Avid travel specialist. Hipster-friendly communicator.”