Privacy Shield

The US Does Not Provide Adequate Protection for Data From the EU.
What Does This Mean for Companies, and What Solutions Are Available?

At present the US does not provide an adequate level of protection for data from the EU.
In this article, we analyze the legal situation and evaluate possible solutions.


European Court of Justice Rules “Privacy Shield” Agreement Invalid

The change in case legislation is the result of a ruling by the European Court of Justice (ECJ) in July, deeming the “Privacy Shield” agreement between the EU and the United States to be invalid.

The reasoning was rather clear: American surveillance practice are not limited to the stricly necessary measures. Additionally, those affected cannot enforce their rights in court.

Standard Contract Clauses Fail To Safeguard

According to the ECJ, the standard contractual clauses are still lawful, but only if exporters and recipients of the data can guarantee a level of data protection as high as in the EU. The problem: data that ends up at suppliers in the USA are subject to the surveillance laws there.

The transfer of data to US companies under the standard contractual clauses can therefore de facto not function in accordance with the ECJ decision because US data protection laws are much more lax than European ones.

For this reason, Max Schrems’ NGO is currently suing 101 companies in the EU that continue to transfer data to the USA.

Possible Solutions

A) Encryption

According to the current legal situation, one solution seems to be an end-to-end encryption of sensitive data with a strong algorithm. This would ensure effective protection of the data even when it is transferred to the USA.

Of course, this requires increased technological competence on the part of the companies exporting data. And: it is only a matter of time until every encryption will be broken by more powerful computers.

B) Local Hosting

The safest way is to transfer as little data as possible to the USA. This is why you should regularly check where services you use store their data.

For our tools at DesignDiversowe host all data exclusively on dedicated servers in Germany / EU (your choice).

P.S. If you enjoyed this, you might like our newsletter. We share insights from our journey as a bootstrapped open startup, marketing best practices, and DesignDiverso surprises!