„Egal ob Sie einen externen Datenschutzbeauftragten oder Beratung zu Datenschutz oder mehr IT Sicherheit benötigen. Durch meine langjährige Erfahrung als Datenschutzbeauftragter oder Berater im Betrieb hochsicherer Rechenzentren + IT Infrastrukturen mit den erforderlichen Schutzmaßnahmen auch in hochsensiblen Bereichen, stehe ich Ihnen mit meinem KnowHow und meiner umfassenden Erfahrung in Datenschutz und IT Security zur Verfügung. Dabei liegt mir immer Ihre Zufriedenheit am Herzen. Sprechen Sie mich an – gemeinsam finden wir die ideale Lösung.“
The European Court of Justice has declared the data protection agreement “Privacy Shield” to be invalid. The judges of the ECJ decided that the transfer of user data from EU citizens abroad is only al
The European Court of Justice (ECJ) has overturned the EU-US data protection agreement “Privacy Shield”. A data transfer to other countries on the basis of so-called standard contractual clauses is still permitted, according to the ECJ. The prerequisite for this is an equivalent level of data protection in the USA. And that is exactly what the ECJ does not see in its judgment.
The topic began years ago with a complaint from the Austrian lawyer Max Schrems. The activist had complained to the Irish data protection authority that Facebook Ireland transmitted its data to the parent company in the USA. The legal basis at that time was the so-called “Safe Harbor” agreement, which, from Schrems’ point of view, did not offer sufficient guarantees. He justified his complaint by stating that Facebook in the USA was obliged to make the data accessible to US authorities such as the NSA and the FBI – without those affected being able to take action. At that time, the agreement was also overturned before the ECJ and replaced by the “Privacy Shield”. At that time, critics already described the Privacy Shield as “old wine in new bottles”, since it does not protect the rights of EU citizens either. It was already set out then that the Privacy Shield was only of limited use as the new legal basis for data transmission and could be overturned if the European Court of Justice were to review it again.
The judges of the ECJ have now declared the “Privacy Shield” to be invalid. With a view to the access options of the US authorities, the requirements for data protection are not guaranteed. On the other hand, they did not object to the “EU standard contractual clauses” (also European Standard Contractual Clauses or EU-SCC’s) used as an alternative legal basis. Essentially, these are intended to offer guarantees that the data of EU citizens are adequately protected even when they are transferred from the EU to other countries, in particular to any insecure third country. The “Privacy Shield” is another channel that is only available for data transfer to the USA.