In the ruling of July 16, 2020, known as Schrems-II by the Austrian citizen Maximiliam Schrems who will present the claim, the Court of Justice of the Union therefore annuls Decision 2016/1250 of the commission, which declared the level adequate protection of the “Privacy Shield” scheme for international data transfers to the United States. [1]
With the ruling, the European Court of Justice points out that the North American country does not have sufficient guarantees to protect the privacy of the data of European citizens. The “Privacy Shield” consisted of an agreement concluded in 2016 between the European Union and the United States through which North American companies such as Facebook, Google or Apple could transfer data from European users to servers in the United States.
In the European Union, the General Data Protection Regulation governs, in the ruling, the European Court of Justice considers that transfers of personal data carried out for commercial purposes must be governed by the rules established in this regulation, so the level Their protection must be equivalent to that offered within the Union. [2]
The main reason given for making this decision is that the personal data protection policies related to the internal regulations of the United States are not equivalent to those established in the General Data Protection Regulation of the European Union, in the understanding that US authorities may have access to and use data transferred from the European Union. Specifically, Section 702 of the United States Foreign Intelligence Surveillance Act allows the National Security Agency (NSA) to collect information pertaining to non-U.S. Citizens outside the country through data stored with electronic means of service providers. communications.
In the ruling, the validity of the standard contractual clauses that had been challenged is maintained.
As a result of this decision, 5,300 companies that were located within the framework of the “Privacy Shield” will not be able to transfer European personal data to North American servers.
By Manuel Londoño.
————————————————– ——-
[1] For more information consult Https://www.aepd.es/es/derechos-y-deberes/cumple-tus-deberes/medidas-de- compliance / international-transfers / statement-privacy-shield #: ~: text = July% 20of% 202020-, The% 20Court% 20de% 20Justicia% 20de% 20la% 20Uni% C3% B3n% 20Europea% 20declara% 20inv% C3% A1lido, international% 20de% 20datos% 20a% 20EEUU & amp; text = Esta% 20Decisi% C3% B3n% 20substitute% C3% ADa% 20a% 20su, TJUE% 20en% 20octubre% 20de% 202015.
[2] Information supplied by https: //www.xataka. com / privacy / european-justice-overrides-privacy-shield-european-personal-data-may-not-be-transferred-to-us-servers
References:
- https://www.xataka.com/privacidad/justicia-europea-anula-privacy-shield-datos-personales-europeos-no-podran-transferirse-a-servidores-ee -uu
- Https://www.aepd.es/ en / rights-and-duties / fulfill-your-duties / measures-of-compliance / international-transfers / statement-privacy-shield #: ~: text = July% 20de% 202020-, The% 20Court% 20de% 20Justicia% 20de% 20la% 20Uni% C3% B3n% 20Europea% 20declara% 20inv% C3% A1id, international% 20de% 20datos% 20a% 20EEUU & amp; text = Esta% 20Decisi% C3% B3n% 20substitute% C3% ADa% 20a% 20su, CJEU% 20en% 20october% 20de% 202015.
- https://www.garrigues.com/es_ES/noticia/tribunal-justicia-union-europea-anula-escudo-privacidad-privacy-shield
- https://www.dataprotectionreport.com/2020/06/schrems-ii-judgement-due-in-july-what-this-might-mean-for-your- outsourcing-deal /
- https://noyb.eu/en/cjeu
- https: // www .jonesday.com / en / insights / 2020/07 / schrems-ii-confirms-validity