The Privacy Shield has been much criticized by privacy advocates and groups for lacking sufficient protection against the collection and use of personal data for national security purposes and from surveillance in the U.S., a concern that has been heightened since whistleblower Edward Snowden’s revelations about the extent of the collection and use of personal information by the NSA. As of this morning, the EU-U.S. Privacy Shield is no longer a legal basis to transfer data. The European Court of Justice struck down the data transfer mechanism in the case Data Protection Commissioner v. Facebook Ireland and Maximillian Schrems (“Schrems II”). The case stems from Max Schrems, a renowned Austrian data privacy advocate, and his long campaign against Facebook for its significant privacy violations against its users. The court stated, “The limitations on the protection of personal data arising from the domestic law of the United States on the access and use by U.S. public authorities...are not circumscribed in a way that satisfies requirements that are essentially equivalent to those required under EU law.”
Organizations in the U.S. that previously relied on the Privacy Shield will now need to turn to other data transfer mechanisms to be in compliance with GDPR, such as standard contractual clauses issued by the European Commission. Based on what we know now, there is no grace period to make this transition.
No comments :
Post a Comment