Ladies and Gentlemen!
On 10. July 2023, the European Commission adopted its adequacy decision for the EU-US Data Privacy Framework. Based on this decision, personal data can flow freely from the EU to companies in the United States that participate in the Data Privacy Framework. Are European data sufficiently protected this time?
BSA District Club Favoriten would like to invite you to a discussion with Mag. Marek Gerhalter from “The Austrian Data Protection Authority” (DSB) about the issue. The BSA district club Favoriten strives to bring important social, political and economic issues of our time closer to the locals and all Viennese audience.
Time: 6.30pm on 14. September
Venue: BSA District Club Favoriten, Main Hall, Jagdgasse 1b, 1100 Vienna
About the Keynote Speaker: Mag. Marek Gerhalter, LL.M. is a consultant at the data protection authority in Austria. He previously worked for several years as a company lawyer in an Austrian logistics and a German technology group. His area of work includes the implementation of national and cross-border complaints and approval procedures, ex officio examination procedures, as well as legal assessments. Other areas of activity are located at the level of the European Data Protection Board in Brussels with a focus on international data traffic.
More on the background for the discussion: After Safe Harbor and the Privacy Shield, the “EU-U.S. Data Privacy Framework” serves as a new data protection agreement between the EU and the US. It forms the basis for a decision taken by the European Commission in July 2023, in which the level of data protection for certified companies in the USA is declared to be appropriate (“adequacy decision”). For all EU companies that use US services and thereby transfer personal data to the USA, the EU-US Data Privacy Framework and the corresponding adequacy decision offer a seemingly significant relief.
However, data protectionists doubt that the rights of European citizens to their data will be effectively protected by the new agreement. After all, complaints about the US companies in EU concerning data security have been piling up in the past years with much ado about nothing. While some countries are tightening up the related regulations to certain effects, the opposite decision by the same government is an open “why”. Early this year, for example, the Data Protection Commission in Ireland (DPC) announced the conclusion of an inquiry into the processing carried out by WhatsApp Ireland Limited in connection with the delivery of its WhatsApp service, in which it has fined WhatsApp Ireland €5.5 million (for breaches of the GDPR relating to its service). But cases with Meta or Google are brusquely rejected by DPC.
A discussion on the topic is thus meaningful and rewarding. Save the date!