Berlin What the European Commission recently announced reads as though the economy can actually breathe a sigh of relief. The Brussels authority said the way was clear for an urgently needed legal framework for the transfer of data from Europeans to the United States.
However, experts are by no means convinced of this assessment. Stefan Brink, data protection officer in Baden-Württemberg, was surprised at the EU Commission’s progress in light of the many unanswered questions. Brink told the Handelsblatt newspaper that he therefore “has doubts whether equivalent protection for personal data can be achieved”.
Prominent Austrian lawyer Max Schrems voiced his clear criticism of the announcement from Brussels. “This is a deliberate violation of the rule of law and disregard for the European Court of Justice,” Schrems told the Handelsblatt newspaper.
Schrems, the head of international data protection organization Noyb, has twice filed lawsuits that collapsed the basis for data traffic and will likely try again. “I assume 95 percent that we will sue the new decision as well,” he said.
Six out of ten companies in Germany use international data transfers
Having a legally secure basis for transferring data to the United States will be critical for companies. In July 2020, the European Court of Justice (ECJ) annulled the previous agreement (“Privacy Shield”) between the USA and the EU due to deficiencies in data protection. Above all, the justices criticized the far reaching capabilities of the US intelligence services.
>> Also read: Dax bosses ‘deeply concerned’ about US cloud risk – traffic light parties want secure legal basis
Privacy Shield came into being in 2016 – after the European Court of Justice also struck down the earlier Safe Harbor regulation.
As a result of the decision of the European Court of Justice, important cloud service providers in the United States such as AmazonAnd the Microsoft And the The Google In Europe a legal basis for their services. You are thus violating the European General Data Protection Regulation (GDPR). Fines of up to 20 million euros can be imposed on companies that use the services.
Many people accept the risk – inevitably. Because data transfers are “an essential part of the entire economy and also of science,” explains Susan DeMille of the Bitkom Information Technology Association. “An obstruction or even a prevention of data transmission is at least as dangerous for German and European companies as supply chain disruptions.”
According to a current Bitkom study, six out of ten companies in Germany (60 percent) will transfer personal data to countries outside the European Union.
In order to pave the way out of the legal dilemma, the EU Commission proposed in mid-December that data protection in the United States should be recognized as equivalent to that in Europe. We are talking about an “appropriate resolution”. Many agencies have not confirmed this yet.
Before US President Joe Biden has ordered that US intelligence services limit their access to European data to what is necessary and proportionate to protect national security. A complaints office has also been set up to act as a court. European Union Commission He talks about “significant improvements” over Privacy Shield.
Schrems accuses the EU Commission of “attempts to embellish”.
The Austrian lawyer Schrems cannot confirm this after his analysis. “So far, we haven’t found anything in the US decisions or in the EU Commission proposal that would legally secure data flows between the EU and the USA,” he told Handelsblatt. “This is nothing more than an attempt at beauty.”
The Austrian lawyer has already won numerous data protection cases before Europe’s highest court.
(photo: AP)
Privacy advocate Brink sees it similarly. And he does not assume that the regulation (“executive order”) introduced by Biden will adhere to the strict requirements of the European Court of Justice. It is questionable to what extent the executive order can be an effective tool for implementing the requirements of the GDPR. “It represents an internal instruction of the government and subordinate powers and is not a law passed by Parliament and is therefore final.” Complying with an executive order is not legally enforceable, especially for EU nationals.
In addition, it is not clear how the executive order relates to other existing US laws such as the “cloud law.” US companies are required by law to transfer stored customer data to US law enforcement authorities – for example if terrorism is suspected. Brink said the restrictions on data processing that Biden has now promised in certain cases are not very convincing.
Because the interpretations of what is proportional in this regard and what is not different in Europe and the United States. It therefore remains unclear when, from the perspective of the United States of America, access to data for national security purposes will still be permitted.
>> Also read: German companies in a data protection trap – Authorities are stepping up investigations into US cloud use
One of the main innovations that Biden offers Europeans is the creation of an independent tribunal that EU citizens who feel their civil rights have been violated by the US intelligence services can turn to. This court, the Data Protection Review Tribunal, is designed to issue binding rulings and force intelligence agencies to stop certain spying activities. This should give the Europeans the opportunity to sue in the United States.
Data Protection Officer Brink: The system demanded by the European Court of Justice is not changed
Here too, Brink expressed doubts. “This Data Protection Review Tribunal will be established within his department in accordance with the Minister of Justice’s decree,” said the data protection officer. It is likely that he will be entrusted with the executive power, which contradicts his independence ».
The European Court of Justice demanded not only legal remedies against state espionage, but also an end to surveillance without cause. “But that can’t be assumed at the moment,” Brink says. Thus, the “change of regime” demanded by the European Court of Justice will not take place.
>> Also read: This is the biggest data protection inconvenience for businesses
Schrems warns the European Union of another failure. The European Court of Justice has already overturned the legal basis for data transfer twice. “Now the commission is making the same decision again,” he said. This is legally and politically problematic: “The EU Commission condemns the constitutional shortcomings of Hungary and Poland, but turns a blind eye to the United States.”
The EU Commission does not want to comment directly on the criticism. However, a spokesperson said he was confident that the points the European Court of Justice contested had now been resolved. There are now strict security precautions and restrictions on the access of US intelligence services.
Thus, the affected US internet companies are pressing for a new EU-US agreement as soon as possible. said Alexander Rohr of the CCIA association, which represents the interests of companies such as Amazon, Google and other cloud service providers from the USA. The US government has taken historic steps.
more: Tougher limits for US intelligence agencies: Biden paves the way for a new transatlantic data agreement
“Tv expert. Hardcore creator. Extreme music fan. Lifelong twitter geek. Certified travel enthusiast. Baconaholic. Pop culture nerd. Reader. Freelance student.”
More Stories
D-AIXT: This is what Lufthansa's first Airbus A350 with the Allegris cabin looks like
USA: It is clear that the economy is losing momentum at the beginning of the year
Chocolate storm in Türkiye – the Swiss are confused