ECJ overturns privacy shield: Legally compliant procurement with Onventis
July 17th, 2020 | News
The basic data protection regulation (DSGVO) stipulates that personal data may only be transferred to third countries such as the USA if an adequate level of protection is maintained. The Privacy Shield and the standard contractual clauses are therefore only legally permissible for data transfers to the USA if an effective level of data protection is guaranteed.
In its ruling announced yesterday, the Court of Justice declared the so-called Privacy Shield Decision 2016/1250 invalid. The ECJ thus annulled the existing data protection agreement between the EU and the USA. The background was an ongoing lawsuit by the Austrian data protection activist Max Schrems to ban the transfer of personal data from the Union to the United States.
Schrems referred, inter alia, to Section 702 of the Foreign Intelligence Surveillance Act (FISA 702). The paragraph allows the National Security Authority to access data on non-US citizens in electronic communications services even without a court order. After the decision of the ECJ, the conditions of the privacy shield are no longer fulfilled. On the contrary, the EU Commission is violating the fundamental rights of EU citizens to privacy, data protection and effective protection against data transfers to the USA.
It is important that the personal data of European citizens are not disclosed in a massive and uncontrolled way.
BITMi President Dr. Oliver Grün
For globally networked companies, the ECJ ruling and the associated legal uncertainty pose a major risk. In practice, most US service providers must therefore not be used. Alexander Rabe of the Internet industry association Eco says: “The EU/US data protection agreement is a good example of how the EU and US can work together. Privacy Shields between the EU and the US or the so-called standard contractual clauses form an indispensable legal basis for the international transfer of personal data. Without them, there are few alternatives to legally transferring such data from the European Union or the United Kingdom”. Digital service providers such as Google or Facebook are now faced with a problem if they want to process data of EU citizens in the USA.
With Onventis your data remains in Germany
As a German procurement platform, Onventis protects the data of organisations with the best possible data protection measure: Cloud Software Hosted in Germany. Over 1,000 organisations worldwide from the areas of purchasing and finance rely on the multiple certified German cloud platform from Onventis.
Maximum data protection for the purchase through
- Smart e-procurement from the German cloud since 2000
- ISO-certified cloud data center in Frankfurt am Main
- Maximum SSL standards
- Single Sign-On Connector
- End-to-end encryption
- 7 x 24 Realtime Monitoring
- DSGVO-compliant software use
- Georedundant data mirror in Stuttgart
- Onventis Support in Germany
See the full ECJ judgment here.