Since the Court of Justice of the European Union ruled two years ago against the sealed agreement for the transfer of data of European citizens to the United States negotiated by the European Commission with Washington in 2016, known as Privacy Shield, concluding that it does not guarantee the level of data protection required by European Union rules, we have found ourselves in a situation of uncertainty, or legal insecurity, that is just beginning to erupt in some European countries. And if this happens, we may soon find ourselves in similar situations in Spain.
The latest, and very recent, cases are in Ireland and Denmark. The origin of everything is that the United States and Europe proclaimed to the four winds in March that they already had an agreement to be able to transfer personal data with guarantees for privacy, but also that the agreement was general lines that still had to be translated into a legal text. Months have passed, the new “Privacy Shield” has not yet been finalized and some national data protection authorities have moved the table. The consequence? The big American technologies are once again in doubt and seeing their presence on the old continent at risk.
The Irish Data Protection Commission has already made a drastic decision, which does not yet seem definitive: to block and prohibit the transfer of personal data of European users to the United States. This would comply with the ruling of the Court of Justice of the European Union from two years ago. In practice, the disqualification to operate in Europe, as it does now and as it does not want to give up on doing so, Meta. That is, Facebook, Instagram and WhatsApp. In Ireland they want to put their batteries in the EU. Either that agreement is effectively implemented or the current lack of definition must end and, therefore, the European regulations, the General Regulation, must be complied with. Obviously, Meta or Google are also in favor of the task of specifying this new framework of collaboration as soon as possible, but it is clear to everyone that it is with very different expectations and proposals. However, beyond companies, the one who is at the last rung of the impediments is the US government itself, which has not yet made it clear that, not even for security reasons, it will stop requesting data from a specific citizen at some hypothetical time.
There is another way, unthinkable not so long ago. And that is that several congressmen have proposed a draft of a North American Privacy and Data Protection Act that contemplates rights similar to those provided for in the GDPR. It could be the way to balance rights and duties on both sides of the ocean.
