News Item
EU-US Privacy Shield underlines lack of data sovereignty
The European Court of Justice (ECJ) has invalidated the EU-US Privacy Shield, a major agreement governing the transfer of EU citizens’ data to the United States. This yet again underlines the fact that people and businesses in the EU do not have control over their data.
The EU-US Privacy Shield is a multilateral agreement under which companies have to comply with higher privacy standards before transferring EU citizens’ data to the US. The ECJ has now ruled that the Privacy Shield does not provide enough protection against US surveillance laws such as the Patriot Act, FISA and Cloud Act. If a US company falls under any of these surveillance laws, the flow of data must be stopped immediately.
The EU-US Privacy Shield system was applicable for practically all IT companies, and it supported transatlantic digital trade for more than 5,300 companies. According to University College London's European Institute, approximately 65% of them are small to medium-sized enterprises (SMEs) or start-ups.
Companies are no longer allowed to outsource their data if they may be subject to US surveillance. Instead, they will now have to sign bilateral agreements according to European provisions.
In our view, last week’s news about the European Court ruling and the developments around the Privacy Shield are another sign of lack of data sovereignty. It illustrates the inability to get things right for data control, and for privacy protection as an important part of that. People and business do not have control over their data. They have little to no transparency about how their data is used and dealt with, whether there is a Privacy Shield or not.
We believe that the European Commission should take this opportunity to extend its legislation towards ‘functional’ data sovereignty. This can be achieved through the creation, governance and enforcement of the use of a generic ‘soft infrastructure’ based on common technical, legal, operational and functional standards. In a world of functional data sovereignty, data holders and processors will be obliged to provide much more transparency about the use of both personal and business-related data. Moreover, citizens and businesses will be not only legally but also functionally able to provide and withdraw their consent to that usage at all times, as well have the possibility to easily re-share and transact with their data.
For further reading see the following:
Related publications
Publication
|
Blog
“We don’t talk about legal entities today, only about natural persons,” stated o...
read more
Publication
|
Article
In June 2024, INNOPAY conducted a comprehensive study to assess the market impact of the Electronic Identification, Authentication and Trust Services (eIDAS) revision on trust services in the Netherlands. eIDAS defines trust services as electronic services that enhance trust in a digital environment. Commissioned by the Dutch Ministry of ...
read more
Publication
|
Blog
June 2024 marks a watershed change in crypto regulation, with the Markets in Crypto-Assets Regulation (MiCAR) going into effect across the European Union (EU). MiCAR is the first framework of its kind to regulate crypto assets, related activities, and services.MiCAR aims to establish more certainty within the often-volatile crypto market ...
read more
Publication
|
News
INNOPAY has proudly announced the delivery of a comprehensive report commissione...
read more
Publication
|
Article
Last week, in the picturesque town of Bled, Slovenia, a transformative vision fo...
read more
Publication
|
Interview
José van Dijck has been a Distinguished University Professor of Media and Digita...
read more
Let's get in touch