Protection of Personal Data, a Power Struggle between the EU and the US: What implications might be facing the transfer of personal data from the EU to the US after the CJEU’s Safe Harbour ruling?
Independent thesis Advanced level (professional degree), 20 credits / 30 HE creditsStudent thesis
Since the US National Security Agency’s former contractor Edward Snowden exposed the Agency’s mass surveillance, the EU has been making a series of attempts toward a more safeguarded and stricter path concerning its data privacy protection. On 8 April 2014, the Court of Justice of the European Union (the CJEU) invalidated the EU Data Retention Directive 2006/24/EC on the basis of incompatibility with the Charter of Fundamental Rights of the European Union (the Charter). After this judgment, the CJEU examined the legality of the Safe Harbour Agreement, which had been the main legal basis for transfers of personal data from the EU to the US under Decision 2000/520/EC. Subsequently, on 6 October 2015, in the case of Schrems v Data Protection Commissioner, the CJEU declared the Safe Harbour Decision invalid. The ground for the Court’s judgment was the fact that the Decision enabled interference, by US public authorities, with the fundamental rights to privacy and personal data protection under Article 7 and 8 of the Charter, when processing the personal data of EU citizens. According to the judgment, this interference has been beyond what is strictly necessary and proportionate to the protection of national security and the persons concerned were not offered any administrative or judicial means of redress enabling the data relating to them to be accessed, rectified or erased. The Court’s analysis of the Safe Harbour was borne out of the EU Commission’s own previous assessments. Consequently, since the transfers of personal data between the EU and the US can no longer be carried out through the Safe Harbour, the EU legislature is left with the task to create a safer option, which will guarantee that the fundamental rights to privacy and protection of personal data of the EU citizens will be respected. However, although the EU is the party dictating the terms for these transatlantic transfers of personal data, the current provisions of the US law are able to provide for derogations from every possible renewed agreement unless they become compatible with the EU data privacy law. Moreover, as much business is at stake and prominent US companies are involved in this battle, the pressure toward the US is not only coming from the EU, but some American companies are also taking the fight for EU citizens’ right to privacy and protection of their personal data.
Place, publisher, year, edition, pages
2016. , 70 p.
EU, EU Law, US Privacy Law, Safe Harbour, Safe Harbor, Data Protection, Personal Data transfer, Facebook, Case C-362/14 Schrems v Data Protection Commissioner, Joined Cases C-293/12 and C-594/12 Digital Rights Ireland and Others, Articles 7, 8 and 47 of the Charter, Article 16(1) of the TFEU, Article 8 ECHR, EDPS, Decision 2000/520/EC, Directive 95/46/EC, Personal Integrity, Right to Privacy, Right to Private Life, Data Retention, Surveillance, IT Law, Article 29 Working Party, EU-rätt, EU-stadgan, datalagring, datalagringsdirektivet, personlig integritet, dataskydd, grundläggande rättigheter, proportionalitetsprincipen, terrorism, National Security, rikets säkerhet, övervakning, rätt till respekt för sitt privat- och familjeliv, DPA, FTC, Data Integrity, Convention 108, FISA, FISC, GDPR, EU General Data Protection Regulation, National Security Agency, NSA, National Security Letters, NSL, WP29, US Department of Commerce, DPA, Mänskliga Rättigheter, Human Rights
IdentifiersURN: urn:nbn:se:uu:diva-294790OAI: oai:DiVA.org:uu-294790DiVA: diva2:931350
Cameron, Iain, Professor
Bergström, Maria, Docent