Privacy Shield Agreement

European Union Court of Justice Invalidates US-EU Privacy Shield Agreement

The BBC has reported that a major agreement governing the transfer of EU citizens’ data to the United States – Privacy Shield Agreement –  has been struck down by the European Court of Justice (ECJ) on the grounds that the US legal system doesn’t provide adequate protection to personal data, especially when it comes to state surveillance..

According to the BBC, “The EU-US Privacy Shield let companies sign up to higher privacy standards, before transferring data to the US. But a privacy advocate challenged the agreement, arguing that US national security laws did not protect EU citizens from government snooping.”

Max Schrems, the Austrian lawyer and activist who is behind the case, called it a win for privacy. “It is clear that the US will have to seriously change their surveillance laws, if US companies want to continue to play a role in the EU market,” he said.

US Secretary of Commerce Wilbur Ross said his department was “deeply disappointed” by the decision. He said he hoped to “limit the negative consequences” to transatlantic trade worth $7.1 trillion (£5.6tn).

The EU-US Privacy Shield Agreement “underpins transatlantic digital trade” for more than 5,300 companies. About 65% of them are small-medium enterprises (SMEs) or start-ups, according to University College London’s European Institute.

Affected companies will now have to sign “standard contractual clauses”: non-negotiable legal contracts drawn up by Europe, which are used in other countries besides the US.

They are already used by many big players. Microsoft, for example, has issued a statement saying it already uses them and is unaffected.

According to the BBC, Mr Schrems’ case was “partly prompted by leaks from ex-CIA contractor Edward Snowden which revealed the extent of US surveillance. European data protection law says data can only be transferred out of the EU – to the United States or elsewhere – if appropriate safeguards are in place.”

But the ECJ said US “surveillance programmes… are not limited to what is strictly necessary”.

“The requirements of US national security, public interest and law enforcement have primacy, thus condoning interference with the fundamental rights of persons whose data are transferred,” it said.

“The limitations on the protection of personal data arising from the domestic law of the United States… are not circumscribed in a way that satisfies requirements.”

“This is a bold move by Europe,” Jonathan Kewley, co-head of technology at law firm Clifford Chance, said.”What we are seeing here looks suspiciously like a privacy trade war, where Europe is saying their data standards can be trusted but those in the US cannot.”

He also warned that standard contractual clauses (SCCs) will be much more closely scrutinised from now on.

Data protection expert Tim Turner agreed, saying the ECJ’s warning over the standard clauses could spell further trouble for US companies.

“If the law in the relevant country – let’s say the USA – could override what the contract says, they don’t work,” he said.

“I don’t know how much appetite they have to do this, but it’s hard to imagine that any European regulator would say that SCCs work for the US, and the pressure will pile on for them to make the assessment. I don’t think SCCs escaped the court’s judgement – for some key countries, it’s probably just a stay of execution.” is Ireland’s new online jobs board for tech and IT jobs. Our tools and services give IT & Tech professionals the best possible opportunity to find the ideal job.

Simply click, search & apply directly to employers recruiting right now. Take the plunge and find your perfect tech job on

Leave a Reply

Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>