The German insurance association (GDV) has stepped up its call for flexibility from regulators on the hot topic of international data transfer standards, while politicians in Europe and the US are working on a pragmatic solution for a huge headache for German businesses created by the European Court of Justice’s Schrems II judgment made in July 2020.
In response to a case brought
by Max Schrems against Facebook Ireland, the Court of Justice of the European
Union declared the European Commission’s Privacy Shield Decision invalid on
account of invasive US surveillance programmes.
This made transfers of personal
data on the basis of the Privacy Shield Decision illegal. Furthermore, the
court stipulated stricter requirements for the transfer of personal data based
on standard contract clauses (SCCs).
As a result of this ruling,
there is now no reliable legal basis on which to transfer business-related data
between the EU and the US.
The ruling effectively places
the onus on the companies themselves to determine whether the SCCs are adequate
to ensure data privacy on a par with the GDPR.
This affects large corporations
as well as SMEs and startups from all sectors of the economy. It also causes
massive competitive disadvantages for German and European companies, leading to
less development and innovation in certain sectors, noted the GDV.
In response to the ruling,
Insurance Europe announced that it had sent a letter, alongside other financial
organisations, to the European Commission and the European Data Protection
Board (EDPB), expressing the financial sector’s concern about the impact of
Schrems II.
Insurance Europe and the other
organisations called on the Commission to continue its work on an adequacy
framework allowing lawful data transfers to the US that respect EU citizens’
privacy.
It also asked for data
protection authorities to refrain from imposing sanctions until the publication
of the EDPB’s guidance on the supplementary measures to be used alongside SCCs.
US secretary of commerce Wilbur
Ross and US secretary of state Mike Pompeo were deeply disappointed by the
ruling and suggested possible adverse effects on the transatlantic economic relationship.
Both stressed the importance of
data flows for economic growth as well as for the post-Covid-19 recovery,
reported the European Parliamentary Research Service.
So, there appears to be
agreement on both sides of the Atlantic regarding the gravity of the current
situation. At the same time, a rapid resolution does not appear to be
forthcoming.
Although talks between the EU
and US on an enhanced Privacy Shield framework have resumed, interim guidance
from the regulator is needed in the meantime, argued the GDV.
In its latest public letter on
the issue, the GDV, along with other leading German business associations
including the Federation of German Industries, emphasised the urgency of
pragmatic data transfer solutions until the legal framework can be defined at a
political level.
It also called for the European
Commission and supervisory authorities to take the lead as opposed to leaving
it up to the companies to decide on an acceptable level of data privacy.
The
German business community has been clear on its position regarding the Schrems
II ruling since it was passed last summer. It is now up to the European
Commission and data protection authorities to respond.
CRE
© Commercial Risk Europe
Key
Hover over the blue highlighted
text to view the acronym meaning
Hover
over these icons for more information
Comments:
No Comments for this Article