• @DevCat
    link
    English
    11 year ago

    The decision announced today is dubbed an “adequacy” decision, dealing as it does with Article 45(3) of the EU’s General Data Protection Regulation (GDPR), which states that personal information on EU citizens is allowed to flow freely to jurisdictions that ensure an “adequate” level of protection, according the Commission. US companies will have to agree to abide by rules similar to the GDPR, and EU citizens will have the right to seek legal redress if their personal data is misused.

    The EU-US Data Privacy Framework streamlines the process for companies to transfer data from the EU to the US. In the absence of an agreement, companies use so-called standard contractual clauses to confirm that data transfers are done in accordance with the GDPR, but businesses have said that this process is laborious, requiring different contracts for data transfers to different companies, and that it is beyond the resources of small companies.

    The new framework eliminates the need for companies to establish individual data-privacy contracts with every supplier as long as they sign a commitment agreement, certifying that they adhere to the approved guidelines.

    https://noyb.eu/en/european-commission-gives-eu-us-data-transfers-third-round-cjeu

    Finally, the US has refused to reform FISA 702 to give non-US persons reasonable privacy protections. There is agreement on both sides of the Atlantic that FISA 702 and EO 12.333 violate fundamental rights under the 4th Amendment in the US and Articles 7, 8 and 47 CFR in the EU - but the US continues to insist that non-US persons do not have constitutional rights in the US - hence a violation of their right to privacy is not covered by the 4th Amendment.

    I don’t see this as a problem. The US must give non-US persons a contractual right of privacy and a right of redress, or the data sharing is off the table.