GDPR Privacy Privacy Shield

Schrems: Organizations violate GDPR when exchanging data with the US

There is still no new agreement for the exchange of data between organizations in the European Union and the United States, as a result of which organziations continue to violate the GDPR, according to privacy activist Max Schrems. After the European Court of Justice declared the Privacy Shield treaty invalid in 2020, new agreements are needed for the exchange of personal data between the EU and the US. The Court ruled that the protection of personal data in the US is seriously deficient. According to the law, American intelligence agencies can demand access to data stored on American servers. They can also intercept data flowing from the EU to the US via submarine cables. In addition, it is also difficult for Europeans to take legal action against this before an independent regulator or judge. The EU and US have been negotiating for some time to reach a new “adequacy decision” whereby the EU recognizes that personal data is just as well protected in a country outside the EU as in the EU. The US authorities say they want to take “unprecedented” measures to protect the personal data of European citizens sent to the US. An “agreement in principle” was announced earlier this year, but six months later there are still no concrete agreements. As a result, European and American companies continue to break the law, according to the privacy activist.