Privacy Shield: the EU-US shield is inadequate
As anticipated by many parties, today the Court of Justice of the European Union has ruled on the so-called Privacy Shield, the bilateral agreement between Europe and the United States for the overseas transfer of data belonging to citizens of the old continent. Decision 2016/1250 affirming the adequacy of the measures in force is effectively canceled.
#ECJ: the Decision on the adequacy of the protection provided by the EU-US Data Protection Shield is invalidated, but @EU_Commission Decision on standard contractual clauses for the transfer of personal data to processors established in third countries is valid #Facebook #Schrems pic.twitter.com/BgxGAvuq3T
- EU Court of Justice (@EUCourtPress) July 16, 2020
Is the last shot of the scene of the case, Schrems named after the activist and the lawyer of austrian Maximillian Schrems: in the past years, has filed a complaint against the transfer of the information related to its account Facebook to servers in the United States, asking for the interruption. Rejected request initially to the sender by the High Court of the irish because, with the decision 2000/520, the european authorities had considered the appropriate level of protection guaranteed by the United States with the so-called “judgment Schrems of The”. These are the words of the person concerned.
I Am very happy with the judgment. It seems that the Court has heard in every aspect. It is a hard blow to the Irish DPC and Facebook. It is clear that the United states will have to change in a serious way their laws on surveillance if the US companies want to continue to play an important role in the european market.
BREAKING: The EU's Court of Justice has just invalidated the "Privacy Shield" data sharing system between the EU and the US, because of overreaching US surveillance. All details available here: https://t.co/xN4HKhZaBT #PRISM #FISA702 #Privacy #PrivacyShield #SCCs #GDPR #CJEU
— Max Schrems 🇪🇺🇦🇹 (@maxschrems) July 16, 2020
Here is what is stated in the document published today by the european Court of Justice in relation to the agreement defined the shield, the EU and the US .
With its judgment today, the Court finds that ... does not reveal any element capable of affecting the validity. It declares, however, invalidate the decision 2016/1250.
The judgment not only affects Facebook, but more in general all those companies that offering their services to the european citizens, play the collection, storage or processing of data outside of the old continent. Today there are about 5,300 of the company that are recourse to the extent permitted by the Privacy Shield.
... the limitations of the protection of personal data resulting from the internal rules and regulations of the United States in terms of access and use, by the u.s. government, such data transferred from the Eu to that third Country, and which have been assessed by the Commission in the decision 2016/1250, are not framed so as to meet the requirements substantially equivalent to those required in Eu law by the principle of proportionality, since the surveillance programs based on the aforesaid regulations are not limited to what is strictly necessary.
it is Not excluded that, following what is established fact, as already mentioned Facebook, but also Google, Amazon, Microsoft, Apple and other big names in the online world are called to intervene on their modus operandi, ensuring a more careful management of the data, based on the principle of territoriality, by their strategy, which today relies mostly on the cloud infrastructure. From an evaluation of potential impacts at the level of the diplomatic relations between the United States and Europe.
Source: Court of Justice of the European Union (PDF)
Schrems case: EU-US privacy shield inadequate
The Court considers that the requirements imposed by the United States in terms of security, public interest and support for law enforcement activities in the surveillance have priority, ending up impacting on some fundamental rights of people including those concerning the transfer of information that concern to third countries. A scenario that cannot be considered compliant with the European regulations on the subject.#ECJ: the Decision on the adequacy of the protection provided by the EU-US Data Protection Shield is invalidated, but @EU_Commission Decision on standard contractual clauses for the transfer of personal data to processors established in third countries is valid #Facebook #Schrems pic.twitter.com/BgxGAvuq3T
- EU Court of Justice (@EUCourtPress) July 16, 2020
Is the last shot of the scene of the case, Schrems named after the activist and the lawyer of austrian Maximillian Schrems: in the past years, has filed a complaint against the transfer of the information related to its account Facebook to servers in the United States, asking for the interruption. Rejected request initially to the sender by the High Court of the irish because, with the decision 2000/520, the european authorities had considered the appropriate level of protection guaranteed by the United States with the so-called “judgment Schrems of The”. These are the words of the person concerned.
I Am very happy with the judgment. It seems that the Court has heard in every aspect. It is a hard blow to the Irish DPC and Facebook. It is clear that the United states will have to change in a serious way their laws on surveillance if the US companies want to continue to play an important role in the european market.
BREAKING: The EU's Court of Justice has just invalidated the "Privacy Shield" data sharing system between the EU and the US, because of overreaching US surveillance. All details available here: https://t.co/xN4HKhZaBT #PRISM #FISA702 #Privacy #PrivacyShield #SCCs #GDPR #CJEU
— Max Schrems 🇪🇺🇦🇹 (@maxschrems) July 16, 2020
Here is what is stated in the document published today by the european Court of Justice in relation to the agreement defined the shield, the EU and the US .
With its judgment today, the Court finds that ... does not reveal any element capable of affecting the validity. It declares, however, invalidate the decision 2016/1250.
The judgment not only affects Facebook, but more in general all those companies that offering their services to the european citizens, play the collection, storage or processing of data outside of the old continent. Today there are about 5,300 of the company that are recourse to the extent permitted by the Privacy Shield.
... the limitations of the protection of personal data resulting from the internal rules and regulations of the United States in terms of access and use, by the u.s. government, such data transferred from the Eu to that third Country, and which have been assessed by the Commission in the decision 2016/1250, are not framed so as to meet the requirements substantially equivalent to those required in Eu law by the principle of proportionality, since the surveillance programs based on the aforesaid regulations are not limited to what is strictly necessary.
it is Not excluded that, following what is established fact, as already mentioned Facebook, but also Google, Amazon, Microsoft, Apple and other big names in the online world are called to intervene on their modus operandi, ensuring a more careful management of the data, based on the principle of territoriality, by their strategy, which today relies mostly on the cloud infrastructure. From an evaluation of potential impacts at the level of the diplomatic relations between the United States and Europe.
Source: Court of Justice of the European Union (PDF)