Solicitor Simon McGarr
The European Court of Justice yesterday ruled that Privacy Shield, the EU-US data protection agreement, is invalid.
The case was referred by the Irish High Court after a 2015 complaint to the Data Protection Commissioner made by Austrian privacy activist Max Schrems.
Solicitor Simon McGarr, who represented Digital Rights Ireland in the early parts of Schrems case, writes:
The case resulted in a decision on two different legal mechanisms for sending personal data from the EU to the US – the EU-US Privacy Shield and the general-usage Standard Contractual Clauses.
Privacy Shield was always basically farcical and it’s an embarrassment that it was allowed to linger as long as it did.
But the Standard Contractual Clauses element of the case is where the long-term consequences are going to come into play.
Basically, now you can’t just sign a contract and have both sides promise to be good. Now, you have to look at the legal systems the parties live under to see if that contract can really be held to.
This is particularly significant for transfers of personal data to the US, which hasn’t followed the EU and a good chunk of the world in accepting that data protection is a human right, and whose hunger for mass-surveillance data from its tech companies was revealed by the Snowden revelations.
As the Irish DPC said after the ruling, utilising much of the nation’s store of understatement as they spoke, “it is clear that, in practice, the application of the SCCs transfer mechanism to transfers of personal data to the United States is now questionable.”
All of the bromides and reassurance statements coming from the US and the EU Commission during the day was the sound of losers, who had lost, not wanting to admit just how bad their loss was. [more at link below]