By Michelle Price
UCBJ Managing Editor
Ross issues statement on Schrems II Ruling and the Importance of EU-U.S. Data Flows
WASHINGTON – A pact that allows thousands of companies, including financial and tech companies, such as Facebook, to transfer data between countries was ruled invalid by the European Court of Justice, Europe’s highest court, today because it allows the American government to snoop on people’s data.
The ruling could require regulators to vet any data transferred from the E.U. to the U.S. to ensure that the data of Europeans is afforded the same privacy protections in the U.S. as it is in the E.U.
U.S. Secretary of Commerce Wilbur Ross issued the following statement on the July 16 ruling by the Court of Justice of the European Union in the Schrems II case.
“While the Department of Commerce is deeply disappointed that the court appears to have invalidated the European Commission’s adequacy decision underlying the EU-U.S. Privacy Shield, we are still studying the decision to fully understand its practical impacts,” said Secretary Wilbur Ross. “We have been and will remain in close contact with the European Commission and European Data Protection Board on this matter and hope to be able to limit the negative consequences to the $7.1 trillion transatlantic economic relationship that is so vital to our respective citizens, companies and governments. Data flows are essential not just to tech companies—but to businesses of all sizes in every sector. As our economies continue their post-COVID-19 recovery, it is critical that companies—including the 5,300+ current Privacy Shield participants—be able to transfer data without interruption, consistent with the strong protections offered by Privacy Shield.”
The United States participated actively in the case with the aim of providing the court with a full understanding of U.S. national security data access laws and practices and how such measures meet, and in most cases exceed, the rules governing such access in foreign jurisdictions, including in Europe.
The Department of Commerce will continue to administer the Privacy Shield program, including processing submissions for self-certification and re-certification to the Privacy Shield Frameworks and maintaining the Privacy Shield List. Today’s decision does not relieve participating organizations of their Privacy Shield obligations.