The European court of justice has tipped the privacy policy “Privacy Shield” between the European Union and the United States. In a legal dispute with the Austrian lawyer Max Schrems against Facebook, the Luxembourg judges declared, however, that the user data of EU citizens can continue to be made on the Basis of so-called standard contractual clauses in the United States and other countries.
the Background is a complaint by the privacy activists Schrems. The Austrian lawyer had objected to in the case of the Irish data protection authority, that Facebook Ireland forwards its data to the parent group in North America. He justified his complaint was that Facebook was committed in the United States to make American authorities like the NSA and the FBI, the data available to without Affected could take action against it. An Irish court has asked the ECJ whether the standard contract clauses and the data protection agreement “Privacy Shield” with the European level of data protection to be compatible.
The Luxembourg judges declared the “Privacy Shield” is now null and void. With a view to the access of the us authorities, the data protection requirements are not ensured. In addition, the legal protection for victims is inadequate. The standard contractual clauses should provide in the core guarantees that the data of EU citizens are also protected in the case of a Transfer from the EU to abroad appropriate. The “Privacy Shield” is another channel exclusively for data transfer in the United States.