EC wants within three months new agreement with US on data export




The European Commission will within three months, reaching a new agreement with the USA on the export of personal data. While a new agreement is reached, the responsibility lies with companies and regulators.

“We have in the course of the next three months an agreement with our partners in the United States,” states the Vice President of the European Commission Andrus Ansip. What happens in the meantime with our data, according to a publication of the European Commission. It describes the legal arrangements that qualify for sending personal data to countries outside the EU. Until recently, these data transfers were still based on the Safe Harbour decision. The ruling of the European Court of Justice in a case filed by Max Schrems has come to this arrangement expire. The publication identifies a number of alternatives.

The data protection directive provides next adequacy Decisions, including the Safe Harbour Decision, also other ways to send personal data. The Commission in its publication on Standard Contractual clauses and binding corporate rules. The standard rules are rules established by the European Commission. Companies can use these rules to contractually require data transfers. The Commission will evaluate the use of these contracts very strict. There is therefore virtually no room to deviate from the guarantees provided for therein.

Binding corporate rules are binding rules that apply to large multinationals. Such a company may establish these rules based on European standards. Then allowed to enter the multinational personal data of EU citizens to be shared outside the EU. For Facebook and Google, this solution is obvious; small and medium enterprises without subsidiaries abroad can not use here, however. Finally, the Commission discusses a number of additional requirements for data transfers, including the consent of the citizen and necessity of the transfer for the execution of a contract.

Two important conditions are mentioned when sending data to the aforementioned ways. First, the personal data in the EU should be collected and processed in accordance with the rules of the data protection directive. Secondly, data exporters risk estimate itself when sending the data and if necessary, take action. National regulators then have a case to examine whether the exporters comply with the rules. In the Netherlands, the Dutch Data Protection Authority.

The European Commission indicates that the development of a new framework for EU exports of personal data to the US ‘top priority’ has. Since 2013 there are negotiations underway. Schrems after the ruling, these “intensively continued. So it comes down to is that, until a new agreement, the responsibility for data transfers to companies and regulators. In October, called the regulators of the EU Member States and institutions yet to begin negotiations quickly.


In: A Technology & Gadgets Asked By: [21378 Red Star Level]

Answer this Question

You must be Logged In to post an Answer.

Not a member yet? Sign Up Now »