72ed2d643fb9427a5b4c35259d6d592d

【US Tax】CJEU rules EU-US Privacy Shield arrangement is invalid

The Court of Justice of the European Union (CJEU) has declared that the EU-US Privacy Shield arrangement, which has until now permitted parties in the EU to transfer personal data legally to counterparts in Canada and the US, is invalid.

The agreement, drafted in 2016 by the European Commission (EC), provided a mechanism by which US firms could self-certify that personal data they received from EU sources would be protected according to EU data protection legislation including, since May 2018, the General Data Protection Regulation (GDPR). These standard contractual clauses (SCCs) avoided the need for companies to sign special agreements covering the myriad personal data items transferred across the Atlantic every day. The arrangement was a necessary compromise, given the importance of EU/US data flows.

However, the Privacy Shield was challenged by Austrian privacy campaigner Max Schrems, who centred his objections on Facebook's routine transmission of data from its Irish operation to its US parent. He argued that the US' legal system does not offer sufficient protection for personal data, given inherent weaknesses in the SCCs and the Privacy Shield framework. Public authorities in the US, he pointed out, have access to that personal data once it has been transferred there, given the wide powers that Washington has given to its national security and law enforcement agencies; allowing interception and access to communications under surveillance programmes that extend to non-US citizens. Moreover, said Schrems, the US' privacy laws provide only weak redress for data subjects, especially foreigners, who were unhappy with how their personal data has been processed.

The CJEU has now upheld Schrems’ complaints, rejecting the EC’s arguments that the US' privacy protections for citizens are adequate.

The ruling puts a stop to all transfers that rely for their legality on the Privacy Shield. However, the CJEU decided that SCCs are still valid in principle to authorise transfers of date to the US and to other third countries outside the EU. The invalidation of SCCs themselves would have been a much more serious obstacle to international data transfers generally, according to law firm Farrer.

Despite the escape clause, experts have said that the decision still throws doubt on the propriety of intergovernmental data sharing agreements under the US Foreign Account Tax Compliance Act (FATCA) and the OECD Common Reporting Standard (CRS). In principle, EU Member States' national data protection authorities must now intervene to stop transfers made under standard contractual clauses to third countries that do not have equivalent data protection laws. Parties entering into SCCs must make that assessment for themselves before making transfers and keep the position under review. If the legal position changes in the recipient’s country then the transfers must stop and any data already transferred must be destroyed or returned.

Farrer considers that this aspect of the judgment creates a major problem for data transfers from Europe to the US, if organisations now seek to rely on SCCs. 'It will be difficult for the parties to those transfers and European data protection regulators to conclude that the SCCs will be complied with by the transferee, when the underlying US laws have already been found to be fundamentally incompatible with the EU legal regime', says Farrer. 'Similar assessments will also have to be made in relation to other third countries, so wider global data flows could also be affected by the CJEU’s decision.'

EU organisations currently relying on Privacy Shield will soon need to find an alternative transfer mechanism, said law firm Charles Russell Speechlys, though noting that a short moratorium on regulatory action can be expected while alternative mechanisms are found.

'This judgment has direct repercussions on FATCA, [which is] a system of transfer of data between EU Member States, as well as other countries, and the USA', Filippo Noseda TEP of Mishcon De Reya commented to STEP. 'It is likely to be a game-changer for FATCA, but also the CRS, at least in relation to exchanges with non-EU countries, because the issues are the same as with the US.'


News Source:【STEP 2020/07/20】

  • INTERNATIONAL TAXATION: US calls for halt in profit-shifting reform negotiations

  • US: Investors excluded from immigration ban

International Tax| related

  • 【US Tax】US: Investors excluded from immigration ban

  • 【US Tax】How the $1,200 stimulus checks in the HEALS Act could differ from the first payments

  • 【US Tax】Economic Injury Disaster Loans & Emergency Economic Injury Grants

  • 【US Tax】Ninety day coronavirus extension for individual and corporate taxpayers.

  • 【US Tax】Paycheck Protection Program Loan

Info wall

Monthly Hots