• Keine Ergebnisse gefunden

ECJ declares EU-US Privacy Shield

N/A
N/A
Info
Herunterladen
Protected

Academic year: 2022

Aktie "ECJ declares EU-US Privacy Shield"

Copied!
2
0
0

Wird geladen.... (Jetzt Volltext ansehen)

Jetzt herunterladen ( 2 Seite )

Volltext

(1)

TECH, DATA, TELECOMS & MEDIA - SWITZERLAND

ECJ declares EU-US Privacy Shield

Framework invalid – impact on Switzerland

07 August 2020 | Contributed by Walder Wyss

Introduction ECJ judgment Swiss context

Introduction

On 16 July 2020 the European Court of Justice (ECJ) declared that the European Commission's decision of 12 July 2016, which had found that the United States ensured an adequate level of protection of personal data transferred under the EU-US Privacy Shield Framework, was invalid (Judgment C-311/18).

Under the EU General Data Protection Regulation (GDPR), data controllers and data processors may transfer personal data outside the European Union only in certain limited circumstances. In particular, the transfer of personal data to countries that the European Commission deems not to provide an adequate level of data protection requires (in most cases) specific safeguards. On the other hand, where the European Commission decides that the destination country offers an adequate level of data protection, there is no mandatory requirement for specific safeguards.

In this respect, the European Commission considered that personal data transfers from the European Union to the United States benefitted from an adequate level of protection, provided that the US-based data recipient was certified under the EU-US Privacy Shield Framework. Prior to its invalidation, this framework allowed US- based entities to certify under the EU-US Privacy Shield Framework, thereby offering an equivalent level of data protection to that afforded under the GDPR.

This article examines the effect that the ECJ's decision will have on the Swiss-US Privacy Shield Framework.

ECJ judgment

In Judgment C-311/18, the ECJ found that the protection of personal data under the EU-US Privacy Shield Framework does not meet the standards required under EU law. This was primarily the result of the ECJ's findings that EU residents (non-US nationals) have insufficient legal remedies in cases where US authorities access under US national security programmes personal data pertaining to EU residents processed by US recipients certified under the EU-US Privacy Shield Framework.

On the other hand, the ECJ ruled that so-called 'standard contractual causes' (SCCs), which are safeguards under the GDPR for personal data transfers to jurisdictions that do not offer an adequate level of data protection, remain valid. However, and more importantly, the ECJ considered that data exporting parties would be responsible for verifying beforehand whether:

the level of protection required by the GDPR has been met in the third country with respect to the personal data transferred using the SCCs; and

the use of SCCs offers sufficiently strong protection.

This means that while SCCs provide a viable alternative to continue data transfers, they are not necessarily sufficient and require a case-by-case assessment; they may even require additional contractual guarantees in order to offer sufficient data protection.

Swiss context

The situation in Switzerland is uncertain at the time of writing. The Swiss-US Privacy Shield Framework remains formally valid and in effect. However, the Federal Data Protection and Information Commissioner (FDPIC) is reviewing the situation in light of the ECJ's judgment and it is likely that the Swiss-US Privacy

AUTHORS

Jürg Schneider

Lena Götzinger

(2)

Shield Framework will also fall in the near future. Swiss businesses are therefore strongly advised to identify any categories of personal data which they transfer from Switzerland to US-based entities that rely solely on such US-based entities' Swiss-US Privacy Shield Framework certification.

For such transfers, specific safeguards such as the SCCs (the EU's SCCs, possibly adapted to Swiss law) must be implemented, unless an exception applies. That said, in light of the ECJ's decision, Swiss businesses switching to SCCs or already using SCCs for transfers of personal data to jurisdictions not offering an adequate level of data protection for the personal data being transferred should in any case reassess the use of the SCCs and, if necessary, supplement them with additional contractual guarantees. Moreover, businesses should closely monitor new developments, in particular the outcome of the FDPIC's assessment.

For further information on this topic please contact Jürg Schneider or Lena Götzinger at Walder Wyss by telephone (+41 58 658 58 58) or email (juerg.schneider@walderwyss.com or

lena.goetzinger@walderwyss.com). The Walder Wyss website can be accessed at www.walderwyss.com.

The materials contained on this website are for general information purposes only and are subject to the disclaimer.

Referenzen

Jetzt herunterladen ( PDF - 2 Seite - 129.89 KB )

ÄHNLICHE DOKUMENTE

Religiosity in the European Union: Results from the 5th wave of the European Values Study

Frequency of people who currently belong to a religious denomination On average, 64.9% of adult EU citizens belong to a religious denomination.. Own calculation

Top Level Negotiations in the European Union: The European Council

This institutionalisation of the epitome of intergovernmentalism was needed for three reasons: the international economic crises had forced the member states to refocus

The Policy Consequences of the European Project : From Politics to Policies in the EU and the Member States

Just like the multilevel system of governance that is at the heart of the three papers, the papers themselves consider the different levels: the first paper focuses on the direct

The European Data Protection Commissioners welcome this project strongly

In this sense the European Data Protection Conference calls on the European Union to strongly advocate a high level of data protection and, by means of the agreement, to effectively

in the European Union

The aim of the paper is to summarise the progress, evaluate main achievements and identify main economic challenges emerging from Croatia’s accession to the

EUROPEAN UNION RESPONSES TO EXTRA-TERRITORIAL CLAIMS BY THE UNITED STATES: LESSONS FROM TRADE CONTROL CASES

The United States has adopted several laws and regulations to regulate the movement of sensitive goods that contain provisions related to extraterritoriality: the Export

The European Union

The trail- blazers for developing innovative European- Russia relations should be the EU member states that are tied to Russia through common interests and values: Germany,

W How to withdraw from the European Union?

It is reasonable to expect that EU law would cease to apply to a departing country on the date of exit and would have to be replaced by a new legal regime provided for by