Europe has just realized that it has capitulated before US data harvesters
The European Commission and the United States must reach new agreements on transfers from the European Union to the US. The political agreement was recently announced. But European privacy regulators are putting the European Commission on edge over transatlantic data deal: are you sure Europeans can really defend themselves against the data hunger of US security services?
When reading the statement of the umbrella body of all European privacy regulators – the EDPB – about the transatlantic data deal announced by Joe Biden and Ursula von der Leyen, I immediately got the feeling of “everything before the but, sucks”.
The European Commission can therefore wet its chest, because I predict to you: the ‘American transit battle’ is far from over.
Immediately after the announcement of the deal, privacy activist Max Schrems himself was already there like the chickens. Among other things, he predicts a trajectory of months before there is a final legal agreement. He, too, has already announced that he will go for a Schrems III ruling by the European Court of Justice. And you know: he won the first two rounds at the European Court of justice with flying colors.
The EDPB is now adding to this in its statement. First of all, the EDPB points out to the commission that it must first ask for the EDPB’s prior opinion on the legal agreement. Second, the EDPB warns that it will then examine “in detail “whether the new agreement ensures that data collection for national security purposes in the U.S. is limited to what is” strictly necessary “and”proportionate.”
Next, the EDPB comes to the core that the European Court of Justice expressed in the Schrems II ruling. I take the liberty to quote that core First from the official, English message of the EDPB itself:
..the EDPB will also examine to what extent the announced independent redress mechanism respects the EEA individuals’ right to an effective remedy and to a fair trial. In particular, the EDPB will look at whether any new authority part of this mechanism has access to relevant information, including personal data, when exercising its mission and can adopt decisions binding on the intelligence services. The EDPB will also consider whether there is a judicial remedy against this authority’s decisions or inaction.
In short, the EDPB will focus on whether EU citizens now actually get rights that they can enforce in the courts against the US government services. Because the European Court of Justice established in the Schrems II judgment that this was by no means the case under Privacy Shield (for the enthusiast: see recital 181 of the judgment).
Finally, I noticed something in the AP press release about the EDPB statement. After all, we are still eagerly awaiting the Google Analytics decision of the watchdog, which is also faced with this transmission problem. And we have already seen that the EU watchdogs who have already decided on this take the position that additional measures by Google do not eliminate the problem of US legislation. And thus have banned Google Analytics.
But the AP’s press release seems to open the door here anyway. Read along:
Currently, US laws do not adequately protect the personal data of Europeans.( … ) Since the disappearance of the Privacy Shield, it is only possible for organizations to export personal data from the EU to the USA if they If that fails (…), the transfer of personal data to the USA is not permitted.
I really read in this that the AP believes that with the right, additional measures, a transfer to America is indeed possible. I wonder if more people are reading this.
But one conclusion is now clear. “Never a dull moment “and ”the saga continues.” So I will definitely come back to AG Connect again.