European Court of Justice overturned the EU-US Data Protection Shield

The European Court of Justice in Luxembourg on Thursday, July 16, lifted the priority of the Private Shield program, which provided adequate protection for the transfer of personal data from EU countries to the United States. The judges ruled that although the agreements required the United States to comply with EU privacy legislation, they “did not give Europeans the right to take legal action against US authorities”.

About 5,000 U.S. companies adhered to the regulations of Private Shield. According to news agencies, it was one of the most important agreements with Washington in the digital sphere. Thus, if there were discrepancies between the rules of privacy policy of a particular company and the principles of the program “Privacy Shield”, the latter was given priority.

However, the court ruled that data transfers between the EU and the United States could continue to be carried out under “standard contract clauses” that provide companies with an alternative basis for such transfers of information.

Austrian Schrems’ Facebook lawsuit

The opinion of the European Court of Justice in Luxembourg was issued in response to an appeal by the Supreme Court of Ireland, which was hearing a lawsuit filed by Austrian lawyer Max Schrems against the European branch of Facebook, alleging that the company had violated legislation guaranteeing the privacy of EU citizens. Schrems also filed complaints against Internet companies and platforms such as Google, WhatsApp and Instagram with the supervisory authorities.

In his opinion, the concerns are forcing users to accept the data protection conditions, which is a “clear violation”. According to the lawyer, there was a clear conflict between the U.S. laws allowing its intelligence agencies to collect data when transferring it to the country and EU laws requiring the protection of such information. The Supreme Court of Ireland froze the hearing of the Shrems lawsuit and appealed to the European Court of Justice, considering that it was about the rules relating to the EU as a whole.

The Privacy Shield has been in force since 2016.

In 2018, after a two-year transition period, new unified data protection rules came into force in Europe. According to these rules, all 28 EU member states apply the General Data Protection Regulation (GDPR). Thus, the distribution of personal data received by business companies, companies and agencies is more strictly regulated than before.

The Private Shield program was introduced in 2016. It replaced the previous Safe Harbor contract, which was rejected by the European Court in October 2015.