Approaches to data protection in the legal orders of EU and US are significantly different from each other. EU has established one of the most protective legal data protection systems in the world where right to data protection is considered to be a fundamental right whereas in the US data protection is still barely even regulated. However, its economies are, especially with increased use of internet services, connected to the point where transatlantic data transfers represent an everyday necessity. Therefore there are many mechanisms established, such as adequacy decisions, standard contract clauses and binding corporate rules, that seeks to enable an adequate level of data protection in the US. Until recently, the largest amount of data had been transferred on the basis of Safe Harbour framework, established by adequacy decision in 2000, which was 15 years later declared invalid by European Court of Justice in the case Maximillian Schrems v Data Protection Commissioner. The judgment was a response to the Edward Snowden’s revelation regarding mass surveillance programs, used by American intelligence services. The latter had an unlimited access to EU data, transferred to and stored in companies, located within the US territory. Therefore Safe Harbour framework was replaced by new agreement called EU-US Privacy Shield. On one hand, this agreement reflects a massive progress towards more effective data protection. On the other hand however, under certain limitations American intelligence services are still able to access the EU data. The effectiveness of the EU-US Privacy Shield in practice can be determined only by time. First challenges will undoubtedly be judicial review by one of the EU courts and the compliance with the legislation of EU data protection reform.
|
