Urban Forum and SINOPRESS proudly announce the upcoming online forum on “Data Transfer Decision between EU and US”. An open, insightful, and rewarding discussion with expertise on the topic is guaranteed. Save the date!
Time: 7pm-8.30pm (CET), 07, November 2023
Venue: ZOOM Conference (Meeting ID: 868 3301 7086, Passcode: 074595)
Moderator: Marie Grüner, Communication Advisor
On 10. July 2023, the European Commission adopted its adequacy decision for the EU-US Data Privacy Framework. Based on this decision, personal data can flow freely from the EU to companies in the United States that participate in the Data Privacy Framework. The adequacy decision followed the adoption of Executive Order on ‘Enhancing Safeguards for United States Signals Intelligence Activities’. These instruments introduced new binding safeguards to address the points raised by Court of Justice of the European Union in its Schrems II decision of July 2020, ensuring that data can be accessed by U.S. intelligence agencies only to the extent necessary and proportionate.
The decision intends to serve as a new data protection agreement between the EU and the US. For all EU companies that use US services and thereby transfer personal data to the USA, the EU-US Data Privacy Framework and the corresponding adequacy decision offer a seemingly significant relief. However, are European data sufficiently protected this time?
Although the new agreement is offering an independent and impartial redress mechanism to handle and resolve complaints from Europeans concerning the collection of their data for national security purposes, data protectionists doubt that the rights of European citizens to their personal data will be effectively protected. Complaints about the US companies in the EU countries concerning data security have been continuously piling up with much ado about nothing. While some countries are tightening up the related regulations to certain effects, the opposite decision by the same government is an open “why”.
Early this year, for example, the Data Protection Commission in Ireland (DPC) announced the conclusion of an inquiry into the processing carried out by WhatsApp Ireland Limited in connection with the delivery of its WhatsApp service, in which it has fined WhatsApp Ireland €5.5 million (for breaches of the GDPR relating to its service). Cases with Meta or Google, though, are brusquely rejected by DPC.
As is well known, a small number of companies hold the world’s majority of data. The July decision might be a step forward in setting up a governance device to place an independent fiduciary intermediary between Big Tech and human data subjects. Yet a final data trust solution for the EU has probably still a long way to go.
- Ludwig S. Sahesch-Pur, IT Expert, Pur Consulting
- Regina Roos, IT Expert, Typhoon HIL
- David Kainrath, Energy Policy Expert, Austrian Paper Industry
- Günther Sidl, Member of European Parliament