Privacy Shield suspended and new complaints targeting EU-US data transfers

In July, the Court of Justice of the European Union (CJEU) considered that Privacy Shield did not offer enough protection for EU data from the US snooping. This decision followed a new complaint from Max Schems. US and EU authorities are already negotiating a new framework to replace the annulled agreement.

In the same decision, the CJEU upheld the legality of instruments used to export EU data outside the continent: (Standards Contractual Clauses (SCCs). SCCs force the EU privacy authorities to suspend data transfers to non-EU countries which are not respecting the standards.

On Tuesday (18/08) Schemes filed 101 complaints addressed to EU data regulators against websites that rely on services such as “Google Analytics” or “Facebook Connect”. The targeted websites include French online supermarkets, Belgium Post, Online newsletter… (see the list). The controversial tools transmit European user data to US firms that are subject to U.S. snooping laws.  

These fresh complaints against EU-US data transfers coincide with political discussions about EU Digital Sovereignty. The European Commission has launched a public consultation on eIDAS. The option of opening the eID framework to private actors and platform is assessed: eID solution could be deployed and notified by non-EU actors under conditions (see the consultation). The question of EU-US data transfers is also raised through the Digital Service Act. (see the consultation).