Since 2020, companies have been waiting for a legal framework to send the personal data of European citizens to the United States. However, European privacy rules are difficult to reconcile with US laws. The politicians are therefore finalizing an agreement which will most likely be destroyed again some time later.
From spring, there will again be a legal framework for sending data on European citizens to America. The regulation has already existed twice in the past, but had to be revised each time because not all European data protection laws were complied with.
Lisa De Smet, Chief Data Protection Advisor at Cranium, does not expect the upcoming Privacy Shield to pass scrutiny by the EU Court of Justice: “I expect that the framework is again challenged because little has changed in substance.”
read also
Europe takes another step towards a data exchange agreement with the United States
GDPR issue
The transatlantic framework must reconcile European rules with the American constitution. Many principles of the two legislations contradict each other, which makes the situation very complex. “It takes much longer to reach an agreement that will pass smoothly before the European Court of Justice. You just don’t change the US Constitution overnight.”
It will take much longer to reach an agreement that will pass smoothly before the European Court of Justice.
Lisa De Smet, Chief Data Protection Advisor at Cranium
The past has already proven that sending personal data to the USA was possible before 2020 thanks to the Privacy Shield. Overturned by the Court of Justice of the EU Scram II the legal framework. The judgment was given the name of the prosecutor, Max Schrems. The same person who also had the Privacy Shield’s predecessor revoked in 2015.
Both legal frameworks failed in court because they violated EU member states’ privacy rules. These privacy rules were eventually consolidated into the GDPR, which serves as an instrument for the EU to protect the economic powers of the technological world. keep under control.
De Smet explains why GDPR rules are important: “The GDPR has extraterritorial effect. This means that the transmission of data outside the European Economic Area is only possible in accordance with the GDPR. Otherwise, you are in violation. The problem for legal frameworks is that companies can never guarantee that European data is protected from US government espionage due to US law.
spying problem
Due to external pressure, there is simply no time to coordinate the underlying rules first. For businesses, a new legal framework cannot come soon enough. Without a valid legal framework, US companies are not allowed to store European customer data in their US data centers. Some make it clear by exerting pressure and throwing empty threats around them social media services outside of Europe.
De Smet is not surprised that American companies like to speed up routine business. They don’t have the ability to get around the problem. “We sometimes think that a data center in Europe is the solution. However, US companies will continue to be subject to US law even then. It therefore remains possible that they ask for a loophole through which they can spy.
Does it pay to think longer?
Biden then responded to the wishes of businesses in his country and decided late last year to get back on track throughout the process. President Joe Biden signed it on October 7. an executive order which should allow the transfer of data from European citizens to American data centers. The document outlines the agreements reached by Washington and Brussels made earlier this year on paper.
He new frame promises to remedy the main stumbling blocks of the previous Privacy Shield. For example, there would be stricter criteria on the exact data allowed to enter American territory and it would be better protected against intelligence services. An independent oversight body will also be set up for privacy-conscious EU citizens.
Although for critics, the adjustments are just political juggling. Max Schrems did it in a blog already eagerly awaiting the agreement. According to him, the proposal hides loopholes to allow surveillance of European citizens using vague terms. He also thinks that the inspection body is nothing more than a sham court.
“Since the draft decision is based on the well-known enforcement decision, I don’t see how it can survive an appeal to the Court of Justice,” Max Schrems said in a statement. statement. “It seems that the European Commission is constantly renewing the same decisions, in flagrant violation of our fundamental rights.
I fear that the negotiations are mainly driven by political considerations.
Lisa De Smet, Chief Data Protection Advisor at Cranium
According to De Smet, Europe opts for an agreement that allows it to continue to go through a door with the United States. “The deal is more of a concession to the US, I’m afraid the negotiations are driven primarily by political considerations. GDPR operates in a world in which many other things play a part. Consider, for example, the economic interests, because it is important that trade between America and Europe remains possible.
Europe does not show its teeth
The agreement is expected in the spring of 2023. The data can then be sent again to the United States according to the rules of this legal framework. Max Schrems’ combative interest group, nyob, can again challenge the legal framework as soon as it is published. If the interest group manages to have the frame destroyed again, the saga begins again.
There is not much hope for the deal. European leaders can no longer change this because things have already come too far. “A draft adequacy decision has already been drawn up, so we are actually in the final phase,” concludes De Smet.
“Devoted bacon guru. Award-winning explorer. Internet junkie. Web lover.”