The European Union Data Protection Board has ordered that data transfers between the EU and the US under the ‘Privacy Shield’ protocol cease immediately after a court has declared that the instrument is incompatible with the EU law.
In a landmark ruling last week, the EU Court of Justice ruled that an EU-EE data flow agreement. The so-called ‘Privacy Shield’ is not private enough to pass European legislation. The case was brought against Facebook by an Austrian activist after National Security Agency contractor Edward Snowden revealed that the US government was analyzing people’s communications and online data, including data transferred under ‘Privacy Shield’ and its predecessor, ‘Safe Harbor’.
Also on rt.com
Facebook suffers a major legal setback as a European higher court rejects the data exchange pact between the US and the EU
Tech companies will have no grace period to change their privacy protocols, and must comply immediately, the European Data Protection Board (EDPB) said in a statement on Friday. Furthermore, the responsibility lies with these companies to ensure that any protocol they switch to is legally sound.
There are two such protocols: Standard Contractual Clauses (SCC) and Binding Corporate Rules (BCR). However, not all of its variants comply with European privacy law, and companies that use them must perform a privacy assessment and stop submitting data if this assessment fails.
EDPB stated that the US government’s data protection policies allow intelligence agencies and law enforcement to interfere “With fundamental rights” of Europeans.
For U.S. companies, it remains to be seen if data transfers can be arranged under SSC and BCR rules. If not, Max Schrems, the activist who presented the case in the first place, said last week that “The United States will have to seriously change its surveillance laws, if American companies want to continue to play an important role in the EU market.”
Do you think your friends would be interested? Share this story!
