European "blockade" on the US transfer of personal data agreement
Held invalid by the Court of the EU Decision of the European Commission, according to which the United States guarantee an adequate level of protection for personal data transferred.
The Court issued the decision in the appeal proceedings of an Austrian citizen who citing revelations Entournt Snowden on the activities of the US Information Agency (NSA), complained that the US legislation does not ensure an adequate level of protection of personal data .
Initially, the Austrian had appealed to the Irish court, where the European subsidiary of the Facebook headquarters. However, the Irish Justice rejected the appeal, referring to the contested decision of the European Commission, which in 2000 had found a "safe harbor" the American regime.
In today's judgment the Court finds that the existence of a Commission decision finding that a third country ensures an adequate level of protection to personal data transferred does not eliminate or limit the power with the national supervisory authorities under the Charter of Fundamental Rights of the European Union and the Directive.
So even when a Commission Decision, the national supervisory authorities to which requests are submitted must be able to consider whether the data transfer a person to a third country meets the conditions laid down in the directive.
The Court, without having to consider whether this status ensures a level of protection virtually equivalent to that provided within the Union notes that the scheme applies only to US companies acceding to it, without tying themselves public authorities USA.
Moreover, the requirements related to national security, public interest and compliance with US laws take precedence over the safe harbor regime, leading American companies be required to depart, without limitation, by the protection rules laid down in the scheme when these principles collide with the above requirements.
So the American regime Safe Harbor allows interventions by the US public authorities to the fundamental rights of individuals, since the Decision does not indicate the existence of standards in the US, to reduce any interference nor the existence of effective judicial protection against interventions.
From the Court's survey shows that US authorities may have access to personal data transmitted by the Member - States and treat them in a way incompatible with the purposes for which they were transmitted.
The Commission found that for stakeholders is not possible through administrative or judicial means to access their data, to ensure the modification or deletion.
Regarding the level of protection, the Court considers that the EU law an arrangement is not limited to what is necessary when it allows a general way keeping all personal data of all persons whose rights are transferred from the Union to the United States without any differentiation, restriction or exception in relation to the aim and are not provided Objective criteria for the definition of public authorities access to data and their further use.
The Court adds that setting that allows public authorities access generally, as to the content of electronic communications must be regarded as affecting the substance of the fundamental right to privacy. .
At the same time, it points out that legislation does not provide remedies to the person to have access to personal data concerning him or to obtain the amendment or repeal of such data affects the substance of the fundamental right to effective judicial protection, and the provision of such feature is inextricably linked to the existence of the rule of law.
Finally, it considers that the contested Commission decision deprives the national supervisory authorities of their powers, if a person challenges the ruling agreement with the privacy and fundamental rights and freedoms. The Court considers that the Commission was not competent to limit in this way the powers of national supervisory authorities.
For all these reasons, the Court concludes that the Commission decision is invalid, so the Irish supervisory authority shall be obliged to examine the complaint from the Austrian and determine whether under the directive must suspend the transfer of data of European Facebook users to the United States on the ground that it did not ensure adequate protection of personal data.
Held invalid by the Court of the EU Decision of the European Commission, according to which the United States guarantee an adequate level of protection for personal data transferred.
The Court issued the decision in the appeal proceedings of an Austrian citizen who citing revelations Entournt Snowden on the activities of the US Information Agency (NSA), complained that the US legislation does not ensure an adequate level of protection of personal data .
Initially, the Austrian had appealed to the Irish court, where the European subsidiary of the Facebook headquarters. However, the Irish Justice rejected the appeal, referring to the contested decision of the European Commission, which in 2000 had found a "safe harbor" the American regime.
In today's judgment the Court finds that the existence of a Commission decision finding that a third country ensures an adequate level of protection to personal data transferred does not eliminate or limit the power with the national supervisory authorities under the Charter of Fundamental Rights of the European Union and the Directive.
So even when a Commission Decision, the national supervisory authorities to which requests are submitted must be able to consider whether the data transfer a person to a third country meets the conditions laid down in the directive.
The Court, without having to consider whether this status ensures a level of protection virtually equivalent to that provided within the Union notes that the scheme applies only to US companies acceding to it, without tying themselves public authorities USA.
Moreover, the requirements related to national security, public interest and compliance with US laws take precedence over the safe harbor regime, leading American companies be required to depart, without limitation, by the protection rules laid down in the scheme when these principles collide with the above requirements.
So the American regime Safe Harbor allows interventions by the US public authorities to the fundamental rights of individuals, since the Decision does not indicate the existence of standards in the US, to reduce any interference nor the existence of effective judicial protection against interventions.
From the Court's survey shows that US authorities may have access to personal data transmitted by the Member - States and treat them in a way incompatible with the purposes for which they were transmitted.
The Commission found that for stakeholders is not possible through administrative or judicial means to access their data, to ensure the modification or deletion.
Regarding the level of protection, the Court considers that the EU law an arrangement is not limited to what is necessary when it allows a general way keeping all personal data of all persons whose rights are transferred from the Union to the United States without any differentiation, restriction or exception in relation to the aim and are not provided Objective criteria for the definition of public authorities access to data and their further use.
The Court adds that setting that allows public authorities access generally, as to the content of electronic communications must be regarded as affecting the substance of the fundamental right to privacy. .
At the same time, it points out that legislation does not provide remedies to the person to have access to personal data concerning him or to obtain the amendment or repeal of such data affects the substance of the fundamental right to effective judicial protection, and the provision of such feature is inextricably linked to the existence of the rule of law.
Finally, it considers that the contested Commission decision deprives the national supervisory authorities of their powers, if a person challenges the ruling agreement with the privacy and fundamental rights and freedoms. The Court considers that the Commission was not competent to limit in this way the powers of national supervisory authorities.
For all these reasons, the Court concludes that the Commission decision is invalid, so the Irish supervisory authority shall be obliged to examine the complaint from the Austrian and determine whether under the directive must suspend the transfer of data of European Facebook users to the United States on the ground that it did not ensure adequate protection of personal data.
Δεν υπάρχουν σχόλια:
Δημοσίευση σχολίου