European Court cancels EU-US “Privacy Shield”

[German]It is a bang – the data protection agreement "Privacy Shield" concluded between the USA and the EU has just been overturned by the European Court of Justice (ECJ). This now affects all cloud services hosted in the USA.


This is what the Privacy Shield is all about

Since February 1, 2016, the data protection agreement known as the Safe Harbor at that time, under which user data could be transferred to the USA, was no longer permissible. Companies that ignore this are threatened with draconian penalties. The basis is the ECJ ruling of 2015, which defined a transitional arrangement that expired at the beginning of the month (see also my German blog post Safe Harbor: EuGH erklärt Abkommen für ungültig).

The EU and the USA then agreed on a new data protection agreement "EU-US Privacy Shield" in 2016 to replace the Safe Harbor data protection agreement. I had discussed it in the blog post EU und USA einigen sich auf neuen Safe Harbor-Deal "EU-US-Privacy Shield".

However, the whole thing was quite a bit of a knock-on, because the new agreement in no way provides protection against access by US authorities to data of EU citizens. There are "appeal possibilities", but numerous exceptions make it more or less impossible to take legal action. A comment from German online magazine Zeit Online put it in a nutshell at the time: "A sieve as a protective shield: Privacy Shield is based on the written promises of a liar to limit NSA surveillance".

EuGH stops EU-US Privacy Shield

The data protection activist Max Schrems from Austria had filed a complaint against this data protection agreement in Ireland. The case concerned data that Facebook transfers from the EU to the USA. The Irish judges had referred the question of the admissibility of the EU-US Privacy Shield Agreement to the EuGH (Court of Justice of the European Union – CJEU).

Today, the European Court of Justice (ECJ) ruled on the admissibility of the EU-US Privacy Shield agreement and rejected it as inadmissible. I became aware of the issue via the following tweet of the RDN.


The article states that user data of EU citizens will continue to be transferred to the USA and other countries on the basis of so-called standard contractual clauses. This was decided by the Luxembourg judges on Thursday.

Cookies helps to fund this blog: Cookie settings

This entry was posted in Security and tagged , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *