Tag: safe habor

An open letter to the CJEU from L

by

23 July 2020

09:56

1 Comment on An open letter to the CJEU from L

Canada, European Union, U.K., U.S.

, , ,

Read a view of the Schrems’ decisions from the other side of the great pond, in the U.S. I found this to be an informative, serious but fun read through the spectacles of Lydia F de la Torre, EU & US Counsel (Spain/California) and a lecturer of Privacy Law at Santa Clara University School of Law. Grab a coffee, it is long and its climax is an open letter to the CJEU which I’ve copied below 🙂

Everyone knows the story of the Privacy Shield. Or at least they think they do. But, I’ll let you in on a little secret. Nobody knows the real story, because nobody has ever heard my version of it. I am a lecturer at Santa Clara Law. You can call me L.

The blogpost by Lydia covers the Schrems I and II saga. From reading this I gained some insight which I hadn’t really bothered to dig into earlier, but I am not alone in this. One example is Schrems I resulted in the fall of Safe Habor, we all know this, but what is not common knowledge, is that it seems that even Max himself was unaware that Facebook were using SCCs, if he’d known earlier there would have been no Schrems II because it would have been taken at the beginning.

You really should read the complete Post from Lydia, it is actually entertaining 😉

To: The Court of Justice of the European Union (Grand Chamber)

In regards: Overdue homework

Dear Grand Chamber:

I have been waiting for years for you to give us a hint as to what is the essence of the european right to data protection.

I know you know the right to a private life and the right to data protection are two different rights, but I am starting to suspect you can’t tell them apart as you keep citing to them as if they were twins.

And that is a scary proposition, since the ECtHR is not going to steal your thunder because the European Convention of Human Rights (that the ECtHR has the authority to adjudicate on) does not recognize a right to data protection.

Perhaps reading member state caselaw on the right to data protection could get your creative juices flowing? Jurisprudence under Article 35 of the Portuguese Constitution or Article 18(4) of the Spanish Constitution? How about the German classics on Recht auf informationelle Selbstbestimmung?

And yes, I know you are not bound to follow preceding from the Constitutional Courts of Member States.

But let’s be honest.

You can’t claim copyright over the EU Charter of Fundamental Rights either. We all know the Charter it is just a compilation of the rights granted on Europeans, initially, by Member State law.

So please, do your homework next time you rule on a GDPR case and hand down something that tells us what the core of the European right to data protection exactly is. Is data localization absent essential equivalence for a cross-border transfer part of it? If Privacy Shield had passed muster from a privacy perspective, would a violation of Article 47 of the Charter (since the Ombudsperson did not equate to a tribunal within the meaning) trigger a violation of the fundamental right to data protection under Article 8.3of the Charter?

Looking forward hearing from you soon.

Sincerely,

L

Safe Habor, so what now?

by

11 October 2015

16:45

Leave a comment on Safe Habor, so what now?

U.S.

I’ve been asked this question more than once, funnily enough. The fact is that even the Safe Habor experts don’t have concrete answers 😉

Noh-MasksBasically it’s business as usual until some way forward is found. For those companies that are following Safe Habor practices today and tomorrow, they will not going to be penalized for this. It’s not their fault that what was considered legal last week is not this week!

There is a revised Safe Habor that has been worked on for a couple of years now which includes the restriction on U.S. government (intelligence) access to personal data of non-Americans, but it has not been finalized yet. From what I understand, it is not agreed precisely because the U.S. want this exact point removed, which is exactly the motivation of the ruling on Safe Habor! I guess the EU and U.S. must fix this now.
I can imagine that Binding Corporate Rules (BCRs) will gain a new momentum from hereon. However this is significant work for any company working across legal jurisdictions, and today it is only some of the really large global corporations who have BCRs in place and working.

Safe Habor

by

8 October 2015

10:39

Leave a comment on Safe Habor

European Union

2518864-8236474736-tombsWithout adding to the excitement and dismay rippling across the EU and the US concerning this verdict I thought I’d post a few articles written by privacy experts on IAPP on what they think. They are easy reading and informative. Have fun, the opinions are mixed as you will find out!

https://iapp.org/news/a/schrems-v-data-protection-commissioner-just-got-a-lot-more-interesting/

https://iapp.org/news/a/how-max-schrems-scored-an-own-goal-by-toppling-safe-harbor/

https://iapp.org/news/a/with-safe-harbor-invalid-whats-next-for-privacy-pros/

https://iapp.org/news/a/finding-a-safe-harbor-for-safe-harbor/

https://iapp.org/news/a/bcrs-looking-attractive-after-ag-opinion-on-safe-harbor-heres-some-help/