Exchanges of Personal Data After the Schrems II Judgment
STUDY
Requested by the LIBE committee
Exchanges of Personal Data After
the Schrems II Judgment
Policy Department for Citizens' Rights and Constitutional Affairs
EN
Directorate-General for Internal Policies
PE 694.678? July 2021
Exchanges of Personal Data After the Schrems II Judgment
Abstract This study, commissioned by the European Parliament's Policy Department for Citizens' Rights and Constitutional Affairs at the request of the LIBE Committee, examines reforms to the legal framework for the exchange of personal and other data between the EU and the USA that would be necessary to ascertainthatthe requirements of EU law are satisfied and that the rights of EU citizens are respected, following the Schrems II judgment of the EU Court of Justice.
This document was requested by the EuropeanParliament's Committee on Civil Liberties (LIBE).
AUTHORS Ian BROWN, Visiting CyberBRICS professor at Funda??o Getulio Vargas (FGV) Law School in Rio de Janeiro, Brazil Douwe KORFF, Emeritus Professor of International Law, London MetropolitanUniversity, UK
ADMINISTRATOR RESPONSIBLE Mariusz MACIEJEWSKI
EDITORIAL ASSISTANT Monika LAZARUK Christina KATSARA
LINGUISTIC VERSIONS Original: EN
ABOUT THE EDITOR Policy departments provide in-house and external expertise to support EP committees and other parliamentary bodies in shaping legislation and exercising democratic scrutiny over EU internal policies.
To contact the Policy Department or to subscribe for updates, please write to: Policy Department for Citizens' Rights and Constitutional Affairs European Parliament B-1047 Brussels Email: poldep-citizens@europarl.europa.eu
Manuscript completed in July 2021 ? European Union, 2021
This document is available on the internet at: (2021)694678_EN.pdf
DISCLAIMER AND COPYRIGHT The opinions expressed in this document are the sole responsibility of the authors and do not necessarily represent the official positionof the European Parliament. Reproduction and translation for non-commercial purposes are authorised, provided the source is acknowledged and the European Parliament is given prior notice and senta copy. ? Cover image used under licence from Adobe
Exchanges of Personal Data After the Schrems II Judgment
CONTENTS
LIST OF ABBREVIATIONS
5
LIST OF TABLES
7
ACKNOWLEDGEMENTS
7
EXECUTIVE SUMMARY
8
1 INTRODUCTION
14
1.1 Background
14
1.2 Scope and objectives of the research and structure of the study
15
2 EUROPEAN DATA PROTECTION STANDARDS
16
2.1 Introduction
16
2.2 Fundamental matters
18
2.2.1 In Europe, data protection is a fundamental right
18
2.2.2 The national security exemption in the EU Treaties
22
2.2.2.1 The "hole " in the EU Treaties
21
2.2.2.2 Limiting the size of the "hole" and "patching" the remainder
21
2.2.2.3 Making the patch stick through EU law
23
2.2.2.4 The national security exemption does not apply to third countries
24
2.3 Implications for data transfers
25
2.3.1 Transfers to "adequate" third countries
26
2.3.1.1 General substantive requirements for adequacy
27
2.3.1.2 General procedural/ enforcement requirments for adequacy
32
2.3.1.3 Requirement relating to access to personal dara by state authorities
33
2.3.2 Transfers to "non-adequate" third countries
56
2.3.2.1 Regular transfers to "non-adequate" third countries on the basis of
"appropriate safeguards"
56
2.3.2.2 Derogations for occasional and ad hoc transfers
66
2.3.3 Stopping transfers
64
3 US PRIVACY AND SURVEILLANCE LAWS
66
3.1 US privacy laws
66
3.1.1 Introduction
66
3.1.2 US common law and constitutional law
67
3.1.3 US federal privacy laws
68
3.1.4 US state privacy laws
79
3.2 US surveillance laws
89
3.2.1 Overview of FISA s.702, E.O. 12333 and PPD-28
89
PE 694.678
3
IPOL | Policy Department for Citizens' Rights and Constitutional Affairs
3.2.2 "Secret law"
91
3.2.3 Assessment by EU standards
92
3.2.4 Proposals for reform
95
4 ANALYSIS AND RECOMMENDATIONS
100
4.1 Introduction
101
4.2 Analysis of US privacy laws
101
4.2.1 Substantive issues to address
101
4.2.2 Procedural and remedial issues to address
103
4.2.3 Proposed institutional, substantive and procedural reforms in relation to general
adequacy
106
4.3 Analysis of US surveillance laws
108
4.3.1 Substantive issues to address
108
4.3.2 Proposed institutional, substantive and procedural reforms in relation to surveillance 108
4.3.3 Long-term intelligence reform by international agreement
110
4.4 Overall conclusions & recommendations
113
4.4.1 Overall conclusions
113
4.4.2 Recommendations
114
REFERENCES
118
4
PE 694.678
Exchanges of Personal Data After the Schrems II Judgment
LIST OF ABBREVIATIONS
ACLU
American Civil Liberties Union
BCRs
Binding CorporateRules for datatransfers
CDT
Center for Democracy and Technology
CFR
(EU) Charter of Fundamental Rights
CJEU
Court of Justice of the European Union
CCPA
California Consumer Privacy Act
CPRA
California Privacy Rights Act
CRS
(US) Congressional Research Service
DMA
Digital Markets Act
DSA
Digital Services Act
ECHR
European Convention on Human Rights and Fundamental Freedoms
ECtHR
European Courtof Human Rights
EDPB
European Data Protection Board
EEGs
European Essential Guarantees for surveillance
E.O. 12333 (US) Executive Order 12333
FISA
(US) Foreign Intelligence Surveillance Act
FISC
(US) Foreign Intelligence Surveillance Court
FTC
(US) Federal Trade Commission
GDPR
(EU) General Data Protection Regulation
ICCPR
(UN) International Covenant on Civil and Political Rights
LIBE
European ParliamentCommittee on Civil Liberties, Justice and Home Affairs
OLC
(US Department of Justice) Office of Legal Counsel
OTI
(US) Open Technology Institute
PE 694.678
5
IPOL | Policy Department for Citizens' Rights and Constitutional Affairs
PCLO PCLOB PPD-28 SCCs TEU UDAP
(US) Privacy and Civil Liberties Officer (US) Privacy and Civil Liberties OversightBoard (US) Presidential Policy Directive 28 Standard Contractual Clauses for Data Transfers Treaty on EuropeanUnion Unfair and Deceptive Acts and Practices
6
PE 694.678
................
................
In order to avoid copyright disputes, this page is only a partial summary.
To fulfill the demand for quickly locating and searching documents.
It is intelligent file search solution for home and business.
Related download
- the leahy law
- epley maneuver for benign positional vertigo
- chernobyl episode 1 1 23 45 written by craig mazin
- e p1 instruction manual
- edukasyon sa pagpapakatao
- savita bhabhi internet archive
- the invisible man cbse
- policy department directorate ge european parliament
- the running man
- màn hình alienware aw3418dw aw3418hw hướng dẫn người sử dụng
Related searches
- best personal loan after bankruptcy
- what happened after the fall of rome
- the importance of personal relationships
- what is the definition of personal values
- calculate the mean of this data set
- calculate the mean of a data set
- the mean of a data set
- personal data protection act singapore 2019
- europe after the fall of rome
- personal data definition
- personal data definition gdpr
- personal data gdpr definition