GDPR & the EU-U.S. Data Privacy Framework

The adequacy decisions for the transfer of data between the EU and the USA are largely a copy of earlier regulations such as the failed Privacy Shield:

• The USA’s anti-terror legislation, which allows US authorities to access the data of EU citizens, remains untouched. No substantial changes were made to US law. This means that mass surveillance and the possibility for authorities to access EU citizens’ data will remain largely unchanged.
• FISA 702 provides for the collection and storage of personal data of non-US citizens. EU citizens cannot take legal action against the storage of their data in the USA and cannot obtain information about what data is stored about them.
• The legitimization of data transfers to the USA represents a major risk for European companies, authorities, institutions and individuals: With the transfer of data, there is also a potential transfer of knowledge when using US systems. Trade secrets and European know-how are transferred to the United States under the adequacy decisions which, in turn, are subject to anti-terrorism legislation with extensive access options for US authorities.

alfaview does not rely on the adequacy decisions because the Trans-Atlantic Data Privacy Framework does not provide a sufficient legal basis for a data transfer to the US under European data protection law.

Will Schrems III be coming soon?

Detailed information on the EU-U.S. Data Privacy Framework can be found on the website of noyb, the organization for law and data protection by Max Schrems, in the article “European Commission gives EU-US data transfers 3rd round at ECJ”.