EU throws out Data Transfer Agreement with the USA
Just before it closed down for the summer recess, the European Court of Justice in Luxembourg threw out the so-called “Privacy Shield” agreement between the EU and US that allowed more than 5,000 companies in the EU and U.S. to move digital information seamlessly between the two regions. The ruling immediately brought to the boil resentments between the two geopolitical powers over the basic question: who controls the data privacy rights of shared users in 2 different regions of the world? The Court ruled that US surveillance makes it impossible to ensure that Europeans’ data can be sufficiently protected once it enters the US, as the US security apparatus inherently collects more data than European law permits and European citizens have no redress if the U.S. government violates their privacy. The Court also said it was unlikely that a US-appointed ombudsperson, as established under Privacy Shield, could force American intelligence agencies to handle Europeans’ data differently or would be sufficiently independent from US government interests. However, the Court concluded that the terms that tech companies sometimes put in contracts dealing with sending data out of Europe were acceptable, meaning companies can still rely on such contractual language to transfer data across the Atlantic, as long as data protection authorities do not reject these. While this does not mean the end of data transfers between the EU and US it will certainly be harder now and reinforces the diverging values around privacy between the US and the EU, which is critical of the U.S. over its surveillance practices and its failure to pass a comprehensive Federal data privacy law.
Become a member
Join the Ecommerce Forum South Africa and benefit from industry insights in South Africa and Africa.
Sign up to newsletter
Sign up to our newsletter and stay informed of the progress we are making at the Ecommerce Forum South Africa with government during Coronavirus.