Berlin As negotiations on a new EU-US data protection agreement have not progressed, German companies are seeking an interim solution to Atlantic data traffic from the EU Commission.
“Companies across the European Union and on both sides of the Atlantic Ocean now need a legal guarantee of data transfer and a clear political signal of support,” the letter said. SAP, Thyssen-Krup SPD Economic Forum European Union Commission. “Until a new data protection agreement is approved between the USA and the European Union, a transition strategy is needed.” A similar letter was received by the German government in March.
The European Court of Justice (ECJ) has been responding to the ruling since July 2020 in a letter to the Commission’s Vice Presidents Valdis Dombrowskis, Margaret Westerger and EU Justice Commissioner Didier Reinders. Europe. The letter is available to Handlesblot.
At the time, the judges rescinded the “Privacy Shield” agreement, stating that the USA did not have data protection comparable to that of the European Union and therefore did not adequately protect data against access to US secret services. Many US cloud services violate the European General Data Protection Regulation (GDPR). Companies that use the Services in any way can be fined up to 20 20 million.
The best jobs of the day
Find the best jobs right now
Notify via email.
“Companies have no secure legal basis for the transfer of data to the USA,” it said in a letter to the commission. The uncertainty in the economy is huge accordingly. This situation represents even a “very serious impediment to further decisions about investment and economic activity”. The signatories of the letter therefore call on Brussels to “take concerted action at the European level to ensure legally compatible regulation of data transfer”.
The time for a solution is the essence
An interim solution is provided on a position paper attached to the letter. Participated in paper preparation, including other German corporations Siemens And Allianz and US tech companies Microsoft, Amazon, Google And Facebook.
Describes the various protection measures under compliance with the European General Data Protection Regulation (GDPR), including the so-called standard agreement provisions for data transfer between EU countries and third countries. Or technical precautions such as “encryption of data stored with client keys”.
Using standard contractual clauses, according to the ECJ, victims have the option of having legitimacy verified by competent data protection authorities in a particular case. Stefan Brink, Baden-W ഡാrttemberg’s data protection officer, said it was illegal to use such clauses without the necessary additional guarantees.
As the SPD digital politician Jens Zimmerman once called it, the “infamous, secret meeting” fiza courts in the USA are also considered a problem. FISA stands for “Foreign Intelligence Surveillance Act” – US law allows security services such as the NSA and security agencies such as the FBI to search the data of foreign users without a court order.
The time for a solution is the essence. Data protectionists in Germany want to focus nationwide on the use of US cloud services. Hamburg Commissioner for Data Protection Johannes Caspar recently told Spiegel that there has been an “enforcement deficit” so far. It should now move through the cross-border samples and coordinate the questionnaire.
To address privacy concerns, Microsoft launched a far-reaching product attack this week. EU customers will be able to process their data in the future and Microsoft will be able to store it only in the EU. The world’s largest software company announced on Thursday that the technical adjustments should be completed by the end of next year.
Along with Amazon and Google, the US Group, one of the world’s three largest cloud service providers, operates data centers in 13 European countries, including Germany, Ireland, France and Sweden. “We do not transfer any data from these customers to the European Union,” Microsoft President Brad Smith said in a blog post.
Microsoft’s new offer on “EU Data Border” is aimed at companies and public sector consumers, not private users. Liability applies to all central Microsoft cloud services – Azure, Microsoft 365 (including Microsoft Office and Teams), Dynamics 365.
Privacy advocate praises Microsoft
“We have already begun technical preparations so that our central cloud services can protect and process all personal data of our corporate customers and public sector customers as quickly as possible, and only in the European Union if they wish,” says Smith’s blog entry.
Hamburg data protection lawyer Kaspers praised the software company’s progress. By offering “EU data limits,” Microsoft is setting “standards that rivals expect,” Caspar told Handlesblatt.
However, the head of the authority does not see that the ECJ ruling on “privacy shield” companies has eliminated the problem of operating without adequate legal basis. Transferring personal services to the European Union does not solve the “common problem of the incompatibility of the two legal systems”, Caspar said. The need for legally secure and fundamental rights data transfer is still enormous if Atlantic maritime cooperation in the economy is to continue smoothly in the future.
On the other hand, access to data from US secret services can be technically compromised if users themselves effectively protect their cloud data. Microsoft President Smith points this out. “Many of our services place control of data encryption in the hands of our customers.” It will use keys that Microsoft does not handle, but users will. “The government of the world protects our customers’ data from unauthorized access.”
Casper, a data protection lawyer, sees this as “ultimately a solution to entrust US providers with personal data.” “If the provider’s decryption can be rejected, data can be stored worldwide based on standard contract terms,” he said.
However, this affects availability as providers can remove encrypted data from their data centers at any time without viewing the stored content. “Such a situation does not technically negate Microsoft’s current efforts.”
More: The union is demanding sanctions for data protection violations