The Court of Justice of & rsquo; European Union and judgment on 6 October in Case C-362/14 (M. Schrems vs Data Protection Commissioner), determined that the agreements for the management and transfer of personal data between American and European companies may be suspended by the Member States when there is no the guarantees of an adequate level of data protection < / u>.
So ruling, the Court has in fact declared the & rsquo; invalidity of the European Commission’s decision on the cd program & ldquo; Safe Harbour & rdquo; (Safe Harbor) or the & rsquo; agreement between the European Union and the United States allowing US companies, such as Facebook or Google (but not only, since they are in fact 4,500 American companies that have used the Safe Harbor), to be able to store the personal data of European users on both servers in & rsquo; EU that of those located in the US.
In a nutshell, with this ruling states that, from the date of issue, with definitive effect, the safe harbor must instead submit to the jurisdiction of each state of & rsquo; Union, which may suspend, if deemed appropriate, to the transfer of personal data to the American servers.
The decision of the European Court has been issued as a result of & rsquo; proposed action by a user Austrian Facebook, Mr M. Schrems, who, in June 2013, lodged a complaint with the & rsquo; authority of the privacy Irish, where the social has its registered office, stating that, starting from the Snowden case, the laws of the United States did not provide sufficient protection to the data transferred from & rsquo; Europe. L & rsquo; Authority of Ireland rejected the complaint and the Supreme Court of Ireland, to which Mr Schrems turned, at the time of reference, remitted to the European Court of Justice that with the recent ruling upheld instances of & rsquo; activist.
The European Court has ruled that & ldquo; the existence of a Commission decision, according to which a third country ensures an adequate level of protection of personal data, can neither exclude nor reduce the powers of the national competition authorities. Therefore, even if the Commission has adopted its own decision, the National authorities , when receiving a complaint from a citizen, must be able full independence in assessing whether the transfer of data to a third country meets the requirements of the Directive & rdquo ;.
The most important aspect of the decision, however, concerns the fact that the Court has also ruled invalid the Safe Harbour Decision, citing as the main reason, the fact that Safe Harbor program does not prevent the public authorities of the Member States to interfere with the fundamental rights of the people .
In a press release made public in recent days, the Working Group Article 29 Data Protection Working Party (independent advisory body set up pursuant to the & rsquo; Article 29 of Directive 95/46 / EC on the protection of personal data) stressed the & rsquo; & rsquo of urgency, start a negotiation that individuals shared a position of governments on international transfers.
The Working Party concludes hoping that companies are aware of the & ldquo; risks they take in data transfer & rdquo; and take timely legal solutions and techniques designed to mitigate these risks in compliance with the Community rules on the data protection .
Therefore, by the end of January 2016, you will have to reach a conclusion that meets the European authorities: if Europe and the United States fail to reach an agreement, the European guarantors undertake to initiate all necessary and appropriate measures, that provide the possibility of a coordinated action.