The EU-US Privacy Shield agreement between the European Union and the United States has now been thrown out by the top EU court. The agreement was set in place to help facilitate transatlantic e-commerce and data transfers. In particular, it was arranged to ensure privacy and data protection for those transfers. The transfers themselves range in association from banking to social media.
The basis for the decision, as announced and subsequently reported, is privacy. Summarily, the EU Court of Justice determined that the laws of the US limit the agreement's effectiveness. The domestic law of the US, the court indicates, doesn't satisfy requirements essential to ensuring protection as described by EU law. Comparatively, US laws tend to favor surveillance over privacy.
The EU-US Privacy Shield ruling takes everything back to square one
US commerce secretary Wilbur Ross has already released a statement on the ruling. Mr. Ross notes that he has been in close contact with the European Commission and European Data Protection Board. But he also indicates that the US will continue to "administer" the Privacy Shield agreement on its end, despite the "disappointing" decision.
Ultimately, its goal is to a better handle on its practical implications, at least for now. In the interim Mr. Ross says that the department will work negate or limit any "negative consequences to the $7.1 trillion transatlantic economic relationship."
Are any services unaffected by this decision?
This decision by the EU courts will likely have a dramatic impact on many tech companies doing business between the US and Europe. The companies could potentially be forced to set up dedicated European data centers. Or, conversely, pull out of the region if further negotiations don't bear fruit. But that doesn't mean everybody should panic just yet. Data transfers deemed necessary won't be impacted at all.
That means that users can continue sending emails, visiting travel sites, and reading articles from across the web. There won't be any impact on that front for the overwhelming majority of users.
#ECJ: the Decision on the adequacy of the protection provided by the EU-US Data Protection Shield is invalidated, but @EU_Commission Decision on standard contractual clauses for the transfer of personal data to processors established in third countries is valid #Facebook#Schremspic.twitter.com/BgxGAvuq3T