On 2 February 2016, the European Commission announced with some delay an agreement with the United States on a new framework for transatlantic data flows called the EU-US Privacy Shield. The new regime is based on: (a) strong obligations for companies handling Europeans` personal data and firm application; (b) clear guarantees and transparency obligations for U.S. government access; (c) effective protection of the rights of EU citizens, with several options for redress (including a mediator). 6 October 2015: The European Court of Justice (ECJ) released the much-anticipated ruling in the Schrems case (C-362/14) and found that legislation allowing public authorities to access the content of electronic communications on a general basis, b) that a secure port system allows disruption, U.S. authorities with fundamental rights of persons, and (c) that the existence of a Commission decision cannot remove or even reduce the powers of national supervisory authorities, and (d) that supervisory authorities are effectively required to review relevant complaints with the necessary diligence, but (e) that the ECJ alone is entitled to declare: that an act of the Union, such as . B a decision of the Commission, is invalid. Safe Harbor Decision between the European Commission and the United States Many companies are losing the legal basis they have chosen so far for the transfer of personal data to service providers and businesses in the United States. In particular, European and Us subsidiaries will no longer be able to transfer personal data on the basis of a “safe port” between them. Safe Harbor is the name of an agreement between the U.S. Department of Commerce and the European Union that regulated how U.S. companies could export and manage the personal data of European citizens. In this context, the ECJ cancelled the Safe Harbor Agreement, that is, the European Commission`s Decision 2000/520/EC, removing the legal basis for the transfer of personal data to the United States under the Safe Harbor certification. Such a level of data protection generally does not exist in the United States.
However, in order to facilitate the flow of data with the United States, the European Commission and the United States agreed in 2000 to an agreement known as a “safe harbor” agreement (Commission Decision 2000/520/EC). U.S. companies can sign an agreement to comply with the Safe Harbor Principles for Data Processing and be certified by the U.S. Department of Commerce. While this data has so far been transmitted solely on the basis of the safe harbor decision, other legal options are now needed. However, if these other options do not offer the level of data protection that exists in the EU, they may also be invalidated. In essence, the European Court of Justice held that, although the Safe Harbor Agreement applies to U.S. companies that have signed it, it is appropriate to continue to take into account, when finding an appropriate level of data protection in the United States, the fact that national security and public interest requirements, as well as the application of U.S. law, still prevail over the principles of the safe harbor. U.S. companies were therefore required not to apply safe harbor principles when they were in conflict with such provisions or U.S.
law. The Safe Harbour regime provides no basis for preventing the US authorities from encroaching on the fundamental rights of those concerned, which the EU considers unjustified.