Berlin As negotiations for a new EU-US data protection agreement have not progressed, German companies are seeking an interim solution from the EU Commission to Atlantic data transmission.
“What companies in the EU and on both sides of the Atlantic need now is a legitimate commitment to data exchange and a clear political signal of support,” a joint statement said. SAP, Tysen-Group And the SPD Economic Forum to the EU Commission. “Until a new data protection agreement is agreed between the United States and the European Union, a change strategy is needed.” A similar letter arrived in March to the German government.
The signatures of the letter to the Commission’s Vice – Chairmen Valdis Dombrovsky and Margaret Westerger and EU Justice Commissioner Didier Reinders are in response to the European Court of Justice (ECJ)’s ruling on the transfer of data between the United States and the United States from July 2020. The letter is available at Handelsplot.
At the time, the judges rescinded the “Privacy Shield” agreement, saying the United States did not have a level of data protection comparable to that of the EU, and therefore the data was not adequately protected against access to US secret services. Many US cloud services violate the European Public Data Protection Regulation (GDPR). Companies using the services anyway will be fined up to 20 million euros.
Great jobs of the day
Find the best jobs now and then
Notified by email.
It said in a letter to the Commission that “there is no secure legal basis for companies to transfer data to the United States.” Uncertainty in the economy is correspondingly large. The situation is “a very serious obstacle to further decisions on investment and economic activity.” The signatories of the letter therefore call on Brussels to “take concerted action at the European level to ensure legally compliant changes in data transfer.”
The time for a solution is essential
An interim solution is outlined in a level paper attached to the letter. Other German companies were involved in the production of this paper, including Siemens And the Alliance and American technology companies Microsoft, Amazon, Google And Facebook.
The various security measures compliant with the European General Data Protection Regulation (GDPR) are described as standard agreement terms for data transfer between EU countries and third countries. Or technical precautions such as “encryption of stored data using client keys”.
With standard contract terms, according to the ECJ, victims have the option of verifying the legitimacy by competent data protection authorities in a particular case. Stephen Pring, data protection officer for Baden-W்டrttemberg, said it was illegal to use such clauses without the necessary additional guarantees.
As SPD digital politician Jens Zimmerman once called it, the “bad, secret meeting” fiza courts in the United States are also considered complex. Phisa is the “Foreign Intelligence Surveillance Act” – a US law that allows secret services such as the NSA, security agencies such as the FBI and others to search the data of foreign users without a court order.
The time for a solution is essential. This is because data protectors in Germany want to focus nationwide on the use of US cloud services. Hamburg Commissioner for Data Security Johannes Gaspar recently told Spiegel that there has been a “lack of enforcement” so far. It should now switch through cross-border models, the questionnaires will be integrated.
To address privacy concerns, Microsoft launched a long-term product attack this week. Customers in the EU will be able to store their data in the EU exclusively by Microsoft in the future. The world’s largest software company announced on Thursday that the technological changes should be completed by the end of next year.
Along with Amazon and Google, the US team is one of the world’s three largest cloud service providers and operates data centers in 13 European countries, including Germany, Ireland, France and Sweden. “We do not need to transfer any data from these customers from the EU,” Microsoft chairman Brad Smith said in a blog post.
The new Microsoft offer of “EU data range” is targeted at companies and customers in the public sector, not private users. This responsibility applies to all central Microsoft cloud services, including Azure, Microsoft 365 (including Microsoft Office and Teams) and Dynamics 365.
Privacy lawyer praises Microsoft
“We have already launched technology products so that our central cloud services can store and process all the personal data of our corporate customers and public sector customers, and only in the EU if they want to,” says Smith’s blog entry.
Hamburg data protection lawyer Caspar praised the software company’s progress. Caspar told Handelsplot that Microsoft “sets standards that competitors can confidently follow” by providing “EU data range”.
However, the ECJ’s ruling on “privacy shield” companies does not appear to have eliminated the issue as the head of authority is acting without adequate legal basis. Caspar said the transfer of personal services to the EU “does not solve the” common problem of incompatibility of the two legal regimes “.
On the other hand, if customers effectively protect their cloud data, access to data from US secret services may be technically undermined. Microsoft President Smith points this out. “Many of our services place control of data encryption in the hands of customers.” It uses keys that Microsoft does not manage, but is used by customers. “The government in the world protects our customers’ data from every unauthorized access.”
Data protection lawyer Caspar sees this as “the solution to ultimately handing over US providers to personal data”. “If the provider’s encryption can be discarded, the data can be stored globally based on standard contract terms,” he said.
However, providers should be aware that encrypted data can be removed from their data centers at any time without looking at the stored content, thus affecting availability. “Such a scenario is not technically ruled out by Microsoft’s current efforts.”
Further: The union has called for a ban on data security breaches