In a non-binding preliminary opinion last month, the Court`s General Counsel, Yves Bot, went far beyond the court issue and said that data protection authorities should investigate not only complaints, but also the fact that the Safe Harbor Agreement was not valid because it offered insufficient protection. The Safe Harbour agreement, which many companies rely on for the transatlantic transfer of personal data, is not valid, the European Court of Justice has ruled. On 8 September 2015, the European Commission publishes a brochure on frequently asked questions about the Umbrella Agreement, which aims to establish a high-level data protection framework for EU-US law enforcement cooperation. The agreement includes all personal data exchanged between the EU and the US and the necessary security measures for the prevention, detection, investigation and prosecution of criminal offences, including terrorism. EU law requires companies that export citizens` personal data to do so only in countries with a similar level of legal protection for such data. In the case of the United States, the exchange of personal data is covered by the Safe Harbor Privacy Principles, which the European Commission described as adequate protection in July 2000. Companies that refer to the Safe Harbor Agreement to transfer personal data from the EU to the US could now engage in illegal activities. On 28 January 2016, an amendment to the Judicial Redress Act (JRA) was added, which could lead to further disruption in negotiations between the US and the EU to replace the Safe Harbour framework. The added language refers to the transmission of personal data for commercial purposes between certified countries and the United States, and adds requirements that the U.S. Secretary of Justice certifies that the foreign country “policy regarding the transfer of personal data for commercial purposes … The national security interests of the United States are not of great importance. So far, national security and surveillance issues have led to fundamental differences in the Safe Harbor negotiations, and the last amendment relates directly to this division.
Safe Harbor is the name of an agreement between the U.S. Department of Commerce and the European Union that regulated how U.S. companies could export and manage the personal data of European citizens. German MEP Jan Philipp Albrecht and activist Max Schrems criticised the new ruling, as they said the Commission could take a “tour of Luxembourg” (where the European Court of Justice is located). [27] Vera Jourova, a Member of the European Commission responsible for consumer protection, said she was convinced that an agreement could be reached by the end of February. [28] Many Europeans have called for a mechanism for individual European citizens to file complaints about the use of their data, as well as a transparency system to ensure that the data of European citizens does not fall into the hands of the US secret services. [29] The Article 29 group acted on this request and stated that it would not be a further delay, until March 2016, to decide on the consequences of the Commission`s new proposal. [30] The European Commission`s Director of Fundamental Rights, Paul Nemitz, explained at a conference in Brussels in January how the Commission would decide on the adequacy of data protection. [31] The Economist predicts that it will be more difficult for the Court of Justice to make it more risky once the Commission has adopted a strengthened “adequacy decision”. [32] Data protection advocate Joe McNamee summed up the situation by pointing out that the Commission had announced agreements prematurely and had thus lost its right to negotiate.
[33] At the same time, the first legal disputes began in Germany: in February 2016, the