US still nor a “safe harbour” for EU citizens’ data

For a number of years now, the European Union (EU) and the United States (US) have been negotiating an agreement on the protection of European citizens’ personal data in the US.

The “Privacy Shield” agreement has been in force since 2016. This is the successor to the “Safe Harbour” agreement, which was considered by European judges to be insufficiently secure for EU citizens.

The “new” agreement aims to ensure that personal data of EU citizens is sufficiently protected if it is stored in the US. The agreement sets out how US companies must deal with EU citizens’ personal data. It is not permissible, for example, to simply hand over EU data to American investigation services. EU citizens will also have the right to complain if they feel that their personal data is not sufficiently protected.

There are signs that the US is not complying with the agreement, or not fully. For example, the US Department of Commerce should have appointed an ombudsman to deal with complaints from EU citizens, but it has still not done so two years after the agreement came into force.

The EU therefore recently decided to suspend the Privacy Shield agreement with the US if the US does not meet its data protection requirements by 1 October 2018. In the worst-case scenario, the agreement with the US will be terminated. The EU considers that the recent data abuse scandals demonstrate a lack of protection for personal data in the US. In this context, for example, there was the Facebook-Cambridge Analytics scandal, in which the data of almost 87 million Facebook users was misused, including the data of approximately 2.7 million EU citizens. According to the European Parliament, American companies need to intervene more rigorously and more quickly if data is not processed correctly.

Evaluation of the Privacy Shield will take place shortly. It therefore remains to be seen whether the US will meet the conditions set by the EU. If not, and if the agreement is terminated, it will undoubtedly lead to a chaotic situation, for which no ready-to-use solution is yet available.

If you have any questions or need general advice about how to handle personal data and/or advice about the GDPR in the light of this article, please don’t hesitate to contact Kim Deckers or Monica Leenders. They will be only too happy to assist.

4343 
How may I be of service to you

Most read
  • “Best of the test” not permitted if...
  • 7th Edition of the German-Dutch Trade Day
  • A simplified preservation of bank accounts in Europe
  • AP issues cease and desist order to Wi-Fi tracker
  • Average speed checks do not infringe on road users’

Wij gebruiken cookies om u de beste online ervaring te bieden. Door akkoord te gaan, accepteert u het gebruik van cookies in overeenstemming met ons cookiebeleid.

Privacy Settings saved!
Privacy-instellingen

Wanneer u een website bezoekt, kan het informatie in uw browser opslaan of ophalen, meestal in de vorm van cookies. Beheer hier uw persoonlijke Cookie Services.

Deze cookies zijn nodig om de website te laten functioneren en kunnen niet worden uitgeschakeld in onze systemen.

In order to use this website we use the following technically required cookies
  • wordpress_test_cookie
  • wordpress_logged_in_
  • wordpress_sec

Omwille van de prestaties gebruiken we Cloudflare als een CDN-netwerk. Hiermee wordt een cookie "__cfduid" opgeslagen om beveiligingsinstellingen per client toe te passen. Deze cookie is strikt noodzakelijk voor de beveiligingsfuncties van Cloudflare en kan niet worden uitgeschakeld.
  • __cfduid

Decline all Services
Accept all Services