Evaluating the legal admissibility of data transfers from the EU to the USA

Alessandra Silveira (Editor) and João Marques (Lawyer, former member of Portuguese Data Protection Supervisory Authority)

1. The feud between Maximillian Schrems and the Irish Data Protection Supervisory Authority (Data Protection Commission – DPC), with Facebook always lingering in, has been detrimental to frame the legality of data flows from the European Union (EU) to the United States of America (USA), but also to any third country that replicates the shortcomings relating to the inexistence of a “level of protection essentially equivalent to that guaranteed within the European Union (…), read in the light of the Charter of Fundamental Rights of the European Union” [in the words of the Court of Justice of the European Union (CJEU)].[1]

2. The sole action of one man has brought down two different and sequential “transfer tools”, created in tandem by both the European Commission (EC) and the United States’ Government. In case C-362/14 the CJEU declared the Safe Harbour decision (Commission Decision 2000/520/EC of 26 July 2000) invalid, as the Court found that the USA’s legislation did not offer an essentially equivalent level of protection to that of the EU, also reminding all Data Protection Supervisory Authorities that their work is never done and that it is, in fact, upon their shoulders the task and the responsibility to constantly monitor if any given third country complies and remains compliant with the need to offer such an equivalency.

Continue reading “Evaluating the legal admissibility of data transfers from the EU to the USA”