Had you asked any privacy lawyer after the ECJ’s abolishment of Safe Harbor on October 6th 2015, if there was any valid alternative for transferring personal data into the United States, you would have ended up with a variety of answers and thus more confused than before.
As the European Commission announced on Tuesday, a solution is in sight. However, celebrating the end of legal uncertainty seems a bit premature at this point of time.But before we take closer look at the newly minted EU-US Privacy Shield let’s recap first
In the wake of Edward Snowden’s revelations on indiscriminate surveillance of Europeans and in the light of US legislation, especially the Freedom Act, Max Schrems, an Austrian, went to war with facebook.com and the Irish Office of the Data Protection Commissioner. He wanted the Irish Office of the Data Protection Commissioner to examine, whether facebook actually observed the Safe Harbor rules and to check any infringement on his human right to privacy. The Irish Office of the Data Protection Commissioner took the position that since the EU Commission had accepted the Safe Harbor rules, the office itself had no authority for independent checks or declarations in this matter. Max Schrems thus ended up arguing his case before the ECJ and won. The ECJ, as we all know, did take the matter one step further. It did not only rule that a Commissions’ decision did not limit the Office’s authority for independent checks, but also that Safe Harbor itself was actually not a safe harbor for privacy data. The ECJ based its ruling on the following reasons: basic human rights of European citizens can be infringed upon when privacy data is transferred into the US, since US legislation allows government institutions to demand from private companies etc ...Zum vollständigen Artikel