The European Commission is to face a lawsuit over allegations it is violating its own data protection rules when transferring citizens’ personal data from one of its websites to the United States.
International data transfers across the pond were ruled illegal by the EU Court of Justice two years ago in the landmark Schrems II ruling, thus defining the interpretation of the EU’s General Data Protection Regulation.
The American jurisdiction was deemed to have inadequate data protection, as US intelligence services could access the personal data of EU residents disproportionally and with no judicial remedy.
The GDPR does not directly apply to the EU institutions, which are bound by a similar regulation, but the lawsuit is expected to extend the effect of the Schrems II ruling to them as well.
The suit was initiated by a German citizen who not only states the EU executive is illegally transferring data but claims it fails to disclose sufficient information on its data processing practices.
“The lawsuit against the European Commission is a signal for data protection in Europe,” says Thomas Bindl, founder of Europäische Gesellschaft für Datenschutz, the organisation supporting the plaintiff in the case.
“Even if a ruling by the General Court would not provide any direct guidelines for the jurisprudence in Germany, Spain or other countries, we see great significance in it. It would be a clear sign that everyone must adhere to the data protection requirements,” he added.
The litigation regards the website of the Conference of the Future of Europe, a conference meant to engage EU citizens in deciding the future of the bloc and its member states.
Amazon Web Services host the website, hence when registering for the event, personal data such as the IP address is transferred to the United States.
I’m just hoping some lawyer will bring about a case using gdpr to invalidate facta in Europe
I like data protection, but it’s nearly impossible not to violate the data protection rules in the EU.
If someone walks into my shop, asks me if I could call then when an item arrives and leaves his number, I’d technically have to print out several pages of stuff for him to sign, because I’m now collecting customer data.
It’s 2022 – haven’t we realized those who pass laws rarely follow them?
4 comments
1
The European Commission is to face a lawsuit over allegations it is violating its own data protection rules when transferring citizens’ personal data from one of its websites to the United States.
International data transfers across the pond were ruled illegal by the EU Court of Justice two years ago in the landmark Schrems II ruling, thus defining the interpretation of the EU’s General Data Protection Regulation.
The American jurisdiction was deemed to have inadequate data protection, as US intelligence services could access the personal data of EU residents disproportionally and with no judicial remedy.
The GDPR does not directly apply to the EU institutions, which are bound by a similar regulation, but the lawsuit is expected to extend the effect of the Schrems II ruling to them as well.
The suit was initiated by a German citizen who not only states the EU executive is illegally transferring data but claims it fails to disclose sufficient information on its data processing practices.
“The lawsuit against the European Commission is a signal for data protection in Europe,” says Thomas Bindl, founder of Europäische Gesellschaft für Datenschutz, the organisation supporting the plaintiff in the case.
“Even if a ruling by the General Court would not provide any direct guidelines for the jurisprudence in Germany, Spain or other countries, we see great significance in it. It would be a clear sign that everyone must adhere to the data protection requirements,” he added.
The litigation regards the website of the Conference of the Future of Europe, a conference meant to engage EU citizens in deciding the future of the bloc and its member states.
Amazon Web Services host the website, hence when registering for the event, personal data such as the IP address is transferred to the United States.
I’m just hoping some lawyer will bring about a case using gdpr to invalidate facta in Europe
I like data protection, but it’s nearly impossible not to violate the data protection rules in the EU.
If someone walks into my shop, asks me if I could call then when an item arrives and leaves his number, I’d technically have to print out several pages of stuff for him to sign, because I’m now collecting customer data.
It’s 2022 – haven’t we realized those who pass laws rarely follow them?