Berlin As negotiations for a new EU-US data protection agreement have not progressed, German companies are seeking an interim solution from the EU Commission for Atlantic data transfer.
“What companies in the EU and on both sides of the Atlantic need now is a legitimate commitment to data exchange and a clear political signal of support,” a joint statement said. SAP, Tysen-Group And the SPD Economic Forum to the EU Commission. “Until a new data protection agreement is agreed between the United States and the European Union, a change strategy is needed.” A similar letter arrived in March to the German government.
The signatures of the letter to the Commission’s Deputy Chairmen Valdis Dombrovsky and Margaret Westerger and EU Justice Commissioner Didier Reinders have been in response to the European Court of Justice (ECJ) ruling on data transfer between the United States and the United States since July 2020. Europe. The letter is available at Handelsplot.
At the time, the judges rescinded the “Privacy Shield” agreement, saying that the United States did not have data security comparable to that of the European Union, and that data was not adequately protected from access by the U.S. Secret Service. Many US cloud services violate the European Public Data Protection Regulation (GDPR). Companies using the services anyway will be fined up to 20 million euros.
Great jobs of the day
Find the best jobs now and then
Notified by email.
As the letter to the Commission for the Transfer of Data to the United States states, “there is no secure legal basis for companies.” Uncertainty in the economy is correspondingly large. The situation is “a very serious obstacle to further decisions on investment and economic activity.” The signatories of the letter therefore call on Brussels to “take concerted action at the European level to ensure legally compliant changes in data transfer.”
The time for a solution is essential
An interim solution is outlined in a level paper attached to the letter. Other German companies were involved in the production of this paper, including Siemens And the Alliance and American technology companies Microsoft, Amazon, Google And Facebook.
It describes various security measures compliant with the European Public Data Protection Regulation (GDPR), including the so-called Fixed Agreement Terms for Data Transfer between EU Countries and Third Countries. Or technical precautions such as “encryption of stored data using client keys”.
The time for a solution is essential. This is because data security professionals in Germany want to focus nationwide on the use of US cloud services such as Amazon, Microsoft and Google. Hamburg Commissioner for Data Security Johannes Gaspar recently told Spiegel that there has been a “lack of enforcement” so far. It will now have to switch through cross-border models, the questionnaires will be integrated.
To address privacy concerns, Microsoft launched a long-term product attack this week. Customers in the EU will be able to store their data in the EU exclusively by Microsoft in the future. The world’s largest software company announced on Thursday that the technological changes should be completed by the end of next year.
Along with Amazon and Google, the US team is one of the world’s three largest cloud service providers and operates data centers in 13 European countries, including Germany, Ireland, France and Sweden. “We do not need to transfer any data from these customers from the EU,” Microsoft chairman Brad Smith said in a blog post.
The new Microsoft offer of “EU data range” is targeted at companies and customers in the public sector, not private users. This responsibility applies to all central Microsoft cloud services, including Azure, Microsoft 365 (including Microsoft Office and Teams) and Dynamics 365.
Privacy lawyer praises Microsoft
“We have already launched technology products so that our central cloud services can store and process all the personal data of our corporate customers and public sector customers, and only in the EU if they want to,” says Smith’s blog entry.
Hamburg data protection lawyer Caspar praised the software company’s progress. Caspar told Handelsplot that Microsoft “sets standards that competitors can confidently follow” by providing “EU data range”.
However, the ECJ’s ruling on the “privacy shield” companies does not appear to have eliminated the issue as the head of authority is acting without adequate legal basis. Caspar said the transfer of personal services to the EU would not “solve the common problem of incompatibility of the two legal regimes.”
On the other hand, if customers effectively protect their cloud data, access to data from US secret services may be technically compromised. Microsoft President Smith points this out. “Many of our services place control of data encryption in the hands of customers.” It uses keys that Microsoft does not manage, but is used by customers. “We protect our customers’ data from every unauthorized access by the government in the world.”
Data protection lawyer Caspar sees this as “the solution to ultimately handing over US providers to personal data”. “If the provider’s encryption can be bypassed, the data can be stored globally based on standard contract terms,” he said.
However, providers should be aware that encrypted data may be removed from their data centers at any time without looking at the stored content, thus affecting availability. “Such a scenario is not technically ruled out by Microsoft’s current efforts.”
Further: The union has called for a ban on data security breaches