Luxembourg (Brussels Morning Newspaper) – The European Union’s second-highest court, the General Court based in Luxembourg, on Wednesday endorsed a new data transfer agreement agreed between the EU and the United States two years ago to replace two earlier deals rejected by a higher tribunal.
This new arrangement, which replaced the previous arrangement that was struck down by higher courts, purports to ensure that the US provides an adequate level of protection for personal data transferred from the EU to the US.
What is the general court’s role in this decision?
“The General Court dismisses an action for annulment of the new framework for the transfer of personal data between the European Union and the United States,”
It said in a ruling.
“In so doing, it confirms that, on the date of adoption of the contested decision, the United States of America ensured an adequate level of protection for personal data transferred from the European Union to organisations in that country,”
The Luxembourg-based General Court added.
The agreement impacts thousands of companies, including banks, tech firms, drugmakers, and automakers, which transfer personal data across the Atlantic for commercial reasons like payroll processing.
What concerns led to the rejection of previous pacts?
Previous frameworks (for example, the EU-US Privacy Shield) received criticism. They were legally challenged because US law permitted government authorities access to transferred data without a reasonable opportunity for judicial redress for EU citizens.
The upper court essentially nullified both of the former EU-US data transfer agreements because of its concerns that the United States didn’t provide at least an adequate level of protection for the personal data of EU citizens transferred to the US.
In rejecting the past agreements, the European Court of Justice showcased its underlying concerns over the US government surveilling the personal data of Europeans and that there were no adequate protections to require that they follow EU Data Practice standards (to follow European & GDPR requirements).
What are some other examples of data transfer agreements between the US and EU?
Throughout the history of data transfer, there have been key agreements, among others, between the EU and the US.
For insurance, the Safe Harbour Agreement was the first major data transfer agreement that allowed US companies to self-certify sufficient data protection to move EU personal data to the US. In 2015, the Court of Justice of the EU (CJEU) struck down Safe Harbour after Edward Snowden revealed the extent of surveillance conducted by US intelligence agencies.
