Illegality of data transfers to the USA (cepStudy)
cepStudy

Single Market & Competition

Illegality of data transfers to the USA (cepStudy)

Dr. Anja Hoffmann, LL.M. Eur.
Dr. Anja Hoffmann, LL.M. Eur.

Numerous companies from the EU are still illegally transferring personal data to the USA. This is the result of a study by the Centre for European Policy (cep), which examines the consequences of the ECJ ruling of July 2020.

cepStudy

The judgement had declared the data transfer on the basis of the so-called Privacy Shield decision, which had been widely used as a legal basis for transfers, to be illegal. The use of standard data protection clauses as a legal basis for transfers remains lawful, in principle. "However, data transfers from companies in the EU to US-based cloud services such as Microsoft, Amazon, Google or Dropbox are illegal if the data recipients in the USA are subject to US surveillance laws and have access to the data in plaintext," says cep lawyer Dr Anja Hoffmann. 

 

According to Hoffmann, in such cases, even supplementary data protection measures cannot effectively prevent access by the US authorities.  This also applies if the companies rely on Binding Corporate Rules.

 

This cepStudy examines the "Schrems II" ruling and its consequences, including its possible implementation, and also takes into account the draft versions of the recommendations of the European Data Protection Board and of the EU Commission’s amended standard data protection clauses.

 

The cepStudy is published in German.

To find the complete german version please follow this link:

cepStudie: Unzulässigkeit der Datenübermittlung in die USA

Download PDF

Illegality of data transfers to the USA (cepStudy - Key Points) (publ. 01.26.2021) PDF 264 KB Download
Illegality of data transfers to the USA (cepStudy - Key Points)