European Union High Court strikes down Transatlantic Data Transfer Pact

The European Union (EU) has made a bold stance on the CJEU judgment C-311/18 (Schrems II) ruling on the side of data protection recently against the social media giant Facebook of Ireland, and it affects United States (US) data requests with its less than stringent privacy laws than the EU’s GDPR provides on privacy protection. Reading the judgment from the EU CJEU court above, this essentially gives power to EU corporations to deny data requests or even terminate data transfer contract obligations with US-based companies since the Privacy practices are not to the EU GDPR standards. This is interesting and probably the only immediate international leverage the EU could take action on, given their stringent stance on data privacy. This latest ruling will have deep implications for US-based companies engaged with data-transfers of any kind with European based entities of any kind.

This is directly related to General Data Protection Rule (GDPR) from the EU since it has strict data privacy guidance, but in the US, I am not aware of any legal enforcement of GDPR or legal teeth it has since it hasn’t been tested in the US court system yet along with the US Sovereignty and authority that EU would have over US companies and the reason why this probably turned out the way it did.  I am not a legal expert, so I can’t give advice on the impact or legal implications this has on business.

European Union (EU) – Cour De Justice De L’Union Européenne

So it looks like the EU is taking preventative steps to allow EU companies to deny or terminate data-transfers requests depending on its transfer path and origins if they don’t rise to the GDPR standards of EU data protection.   This is why it is important to ensure your organization is implementing GDPR to play nice with any business relations in Europe.  Within the US, data privacy laws are becoming more recently updated, California Consumer Protection Act (CCPA) from California (went into effective Jan 1, 2020, enforcement starts July 1, 2020) and with CCPA 2.0 on the horizon, also known as California Protection Rules Act (CPRA) quickly being proposed as a ballot initiative this year (2020), along with many other states in the legislative process to pass similar data protection laws.

Currently, similar data privacy protection legislation is in the process at various legislative stages in the following states: New York, Nevada, Nebraska, Florida, and Maryland and this is only the beginning for what is on the horizon for Data and Privacy protections. There currently are limited and dated federal-level privacy laws in place and no real talk of any federal action being taken as of this article, but I am sure sooner or later with this EU ruling the US federal government will have to respond to the growing concern for data protection and privacy matters at the federal level to increase its privacy protections and federal standards to ensure every state must adhere to a federal level statute to ensure everyone plays nice.

With the TRUMP Administration, there is one thing that has been noticeable, that the social media (SM) conglomerates are in their cross-hairs and have an oncoming bi-partisan storm that will eventually have drastic changes forced on them that seem to be a battleground mix of data privacy concerns, free-speech protections, anti-discrimination protections, hate-speech prevention/prosecution, promoting violence on the social platforms for its users and limitations on the publicly-traded company and its level of governing policy. The US hasn’t been the only government fighting with the SM giants, in fact, this Transatlantic data transfer pact ruling was initiated with concerns around Facebook data out of Ireland and seems to put a stop to data transfers to the US from its European Based entity and data collection on EU users and advertisers.

With the COVID-19 pandemic facing the world in major disruption for all businesses and everyday lives, privacy is a major concern and has come full force, front and center on the world stage as data is being collected for testing and for contact-tracing efforts all over the world. Various world governments are advocating that a public health crisis is a concern but how can you balance healthcare information or identifying data with people and privacy to achieve public protection. It is a great heated topic among privacy advocates, cybersecurity practitioners, healthcare professionals, and governments that have laws on privacy and healthcare measures on the books, but there seems to be always a way around it that companies like google and apple and other app companies that have created contact-tracing capabilities out there, especially when you sign-up for the app and you voluntarily give information that is normally protected, it is open game for using that information in a non-privacy way to take the information and use it in a responsible way. The only State to enact any kind of emergency legislation on COVID-19 contact tracing is the State of Kansas, they passed the COVID-19 Contact Tracing Privacy Act, which is part of Kansas State House Legislation Bill – HB 2016.

Why you need a good consulting company on your team

With the constant changes in today’s world of cybersecurity and privacy laws, there are so many pivot points for businesses to navigate. Does it seem your company can’t keep up and the people you do have on your team, just aren’t able to maintain the competitive advantage you need to stay ahead of your competition or maintain compliance in your business?

About Dyzana Consulting |

Dyzana Consulting (www.dyzanaconsulting.com) is a Phoenix-based consulting firm that works with corporations, entrepreneurs, and venture capital groups on business solutions in healthcare, cybersecurity, humanitarian, other projects.

We strategically align with clients by taking on the responsibility of managing their project, shaping their vision while building their products to ensure quality while controlling their costs resulting in a scalable and sustainable business value; thus reducing their investment risk.

We have established strategic partnerships with top talent in the industry to address challenges through a 360-degree approach as a comprehensive solution services team. Our primary focus is on healthcare, cybersecurity, and humanitarian business technology consulting for corporations, startups, and organizations in various industries.

Scroll to top