No quick fix for transatlantic data transfers, says EC – TechCrunch

Europe’s justice commissioner has conceded there will be “no quick fix” for EU-US data transfers in the wake of the decision by the region’s top court in July that struck down a flagship data transfer agreement which was being used by thousands of Despite the &#8…

Curated via Twitter from TechCrunch’s twitter account….

Reynders told the committee the Commission is continuing its work on modernizing SCCs to bring them into line with the EU’s General Data Protection Regulation (GDPR) framework — saying it will produce a draft version this month and is aiming to complete the process before the end of the year. “Now that the judgement has been assured we will of course preserve the elements of the existing SCCs that have led to the court to find them valid.

Jelinek said the EDPB has just set up a taskforce to work on around 100 strategic complaints filed last month by Schrems’ digital rights group, noyb, that target EU-based entities across the region which are using SCCs for data transfers for Google Analytics and/or Facebook Connect integrations. noyb argues there’s no legal basis for those transfers and that DPAs should step in and suspend them. “We are going to work not only close together but closer together than we’ve ever done [with EU data protection authorities] to solve this issue,” said Jelinek. “We will analyze the matter and ensure that we will go together in the same direction.

Justice commissioner, Didier Reynders, said today that talks on an ‘enhanced framework’ are continuing but he admitted there’s no fast track fix for the schism between Europeans’ fundamental rights and US surveillance law. “There is a common willingness to fully comply with the judgement of the court — on both sides we want to find ways in which to address the issues raised by the court,” said Didier Reynders. “We will intensify our engagement with the US in the coming weeks but we also have to recognize that the judgement raises complex issues related to the sensitive area of national security.

He went on to suggest that changes to US law may be needed for any Privacy Shield 2 to be possible — giving the example of the lack of a redress mechanism for EU citizens as an area where legislation may be needed — before emphasizing that any such legislative change would clearly take time (he noted, for example, that the US election is looming — which bakes natural delay into any such timeline). “We are working with the US counterparts to evaluate the possibility of a strengthened framework — and of course it’s possible to build on existing elements but of course it’s maybe also a necessity to have legislative changes,” he said. “That’s the real question that we have with the US authorities.

Reynders said the same the issues around data transfers will arise with the UK, post Brexit — as it seeks an adequacy agreement and the Commission will have to assess its domestic laws, including infamously draconian surveillance laws — and with other third countries like China where there’s no adequacy agreement in place (nor any prospect of a finding of privacy protections that are essentially equivalent to those in the EU). “We want to stay open to those that apply the rules,” he added.

And I think there needs to be some kind of highlight cases where the industry feels there’s a feeling where they actually have to comply with all of this. “I also want to throw in real short that we got a letter this week that I cannot disclose yet from the Irish data protection regulator informing us that, defacto, they will probably not pursue this case that is ongoing for seven years for the next, I would assume one or two years… We’re very sorry to see that the regulator in Ireland, despite being under a court order that they have to enforce this judgement is apparently choosing not to do so.

The prospect of any enforcement of Schrems’ original SCC complaint to the Irish DPC — filed some seven years ago at this point — is still a distant one, according to what he told the committee. “Enforcement is going to be a matter of credibility,” he said. “So far the understanding is that there will be no enforcement — or no serious enforcement — that’s also the reason we have filed a couple of complaints already to make sure that there’s some movement.

You have also seen that the reaction of US authorities were constructive; they want to explore where to address the issues raised by the judgement but again sometimes, on the base of actual elements, there is maybe some legislative changes [required]. “What we need are sustainable solutions that deliver legal certainty in full compliance with the judgement of the court,” he added. “That is also the message I have clearly passed to my EU counterparts and on which I will keep insisting.

The chair of the European Data Protection Board (EDPB), Andrea Jelinek, had also been invited to speak, alongside Max Schrems himself, the European privacy campaigner who now has two successful strikes against EU-US data transfer mechanisms — after the CJEU invalidated Safe Harbor in 2015 and the EU-US Privacy Shield this July following his complaints.

Link to original article….

Leave a Reply

Leave a comment
%d bloggers like this:
scroll to top