Security News > 2020 > July > Privacy Shield binned after EU court rules transatlantic data protection arrangements 'inadequate'

The EU Court of Justice has struck down the so-called Privacy Shield data protection arrangements between the political bloc and the US, triggering a fresh wave of legal confusion over the transfer of EU subjects' data to America.

Austrian privacy activist Max Schrems brought the latest edition of the long-running case in 2015, complaining that Ireland's data protection agency wasn't preventing Facebook Ireland Ltd from beaming his data to the US. Once his data was in the US, Schrems argued, no EU-style data privacy controls were legally enforceable by him or anyone else in that situation.

Today the EU Court of Justice ruled that the now-dead Privacy Shield arrangement - itself a replacement of Safe Harbor - "Does not grant data subjects actionable rights before the courts against the US authorities," meaning EU citizens could not challenge a breach of the arrangement by a company in the US handling EU personal data.

The court ruled against the EU Commission, which only last year said Privacy Shield was working OK. In effect, the EU court said American spies had too much free rein to harvest EU citizens' data from US companies.

Promises to appoint an ombudsman to oversee EU-compliant data protection rules in the States were no good for the EU, ruled its judges, because the ombudsman would have been appointed directly by the US foreign secretary - and had no power to order his country's spies to stop handling EU citizens' data.

News URL

https://go.theregister.com/feed/www.theregister.com/2020/07/16/privacy_shield_struck_down/