Since the middle of 2020, the exchange of data has been associated with a certain degree of legal uncertainty. The European Court of Justice (ECJ) ruled in July that the Privacy Shield Agreement was invalid. The agreement regulates the transfer of personal data from European companies to the United States and was the successor to the Safe Harbor Agreement, which was replaced in 2016.
Both agreements – Privacy Shield and Safe Harbor – expired after a lawsuit was filed by Austrian data protection activist Max Schrems. The corresponding provisions are therefore referred to as “Schrems I” and “Schrems II”.
Read more about the end of the Privacy Shield framework here.
Transatlantic Data Privacy Framework
In a joint statement, the USA and the EU are now commenting on how to proceed. Future data sharing will be regulated by the Transatlantic Data Privacy Framework (TADPF). The new agreement aims to ensure the free and secure flow of data between the European Union and the United States. In doing so, it will touch upon the ruling of “Shrims 2”, according to the statement, which is very economical with details.
The United States and the United States make an “unprecedented commitment” when it comes to protecting privacy and basic rights from US surveillance. Such monitoring is only possible if it is necessary and proportionate due to national security interests. The Data Protection Review Tribunal acts as a complaints office for Europeans. Due to the requirements regarding the processing of personal data from the European Union, US companies must complete a self-certification.
Read more about it here TADPF in the EU Fact Sheet (PDF).
Lawyer and digital expert Martin Steiger wrote: “Legal implementation of the political agreement appears difficult, because the requirements of the European Court of Justice under the ‘Schrems II’ ruling are high. In any case, it could help the European economy if data export to the US is secured again for a while.
Martin Steiger, attorney, Steiger Legal. (Source: zVg)
Steiger considers in his book Contribute to TADPF Also the situation in Switzerland. The question is whether Switzerland – as with Safe Harbor and Privacy Shield – can join a parallel solution. “If such a parallel solution were not possible,” Steiger wrote, “companies and other responsible persons in Switzerland would be at a disadvantage compared to their European competitors.”
Another open question is whether Schrems is pursuing a trilogy. The Safe Haven and Privacy Shield had already fallen as a result of his complaint. He has also been critical of TADPF.
Sharms wrote: “We already had a purely political agreement in 2015 that had no legal basis. From what we’ve heard, we can now play the same game a third time.”
A data protection activist and lawyer will carefully analyze the final text. “If the agreement is not in line with EU law, it is likely that we or another group will challenge. In the end, the Court of Justice will decide for the third time.” Shrims assumes that this issue will also be heard again before the European Court of Justice in a few months after the final decision.
Max Schrams, data protection activist and lawyer, 2016 (Source: nManfred Werner – Tsui / Wikimedia Commons / CC BY-SA 3.0)
“Tv expert. Hardcore creator. Extreme music fan. Lifelong twitter geek. Certified travel enthusiast. Baconaholic. Pop culture nerd. Reader. Freelance student.”