BRUSSELS—In response to today’s decision of the European Court of Justice in the Schrems II case that ruled companies moving personal user data from the European Union to other jurisdictions need to provide the same protections offered inside the bloc, invalidating the adequacy protection of the EU-U.S. Privacy Shield, Eline Chivot, senior policy analyst at ITIF's Center for Data Innovation, issued the following statement:
Today’s decision is nothing short of irresponsible. In the midst of a global pandemic during which global data flows are more vital than ever, it puts all global data transfers from the EU at risk and wreaks havoc on the digital economy.
First, the decision delivers a severe blow to the operations of over 5,000 European and American comapnies who use the EU-U.S. Privacy Shield as the legal basis for transatlantic data transfers. It will immediately upend, and in many cases even halt, data transfers between the EU and the United States, leaving many businesses with no suitable alternative. EU and U.S. officials have worked tirelessly to establish the Privacy Shield after the 2015 decision invalidating the Safe Harbor agreement. Today’s ruling turns back the clock on a well-crafted agreement that has achieved widespread support from EU and U.S. policymakers, businesses, and advocacy groups.
Second, the ruling also puts data transfers from the EU to many other countries at risk. U.S. laws regarding lawful government access to data are not unique, and unless the EU plans to treat the United States with a double standard, data transfers to other countries will also need to stop. This will undercut the competitiveness of the EU digital economy.
For more information on the topic see:
- Nigel Cory, “Cross-Border Data Flows: Where Are the Barriers, and What Do They Cost? (ITIF, May 2017)
- Nigel Cory, Robert D. Atkinson, Daniel Castro, “Principles and Policies for ‘Data Free Flow With Trust’” (ITIF, May 2019)