TeamDrive: On 16 July the EU-US Privacy Shield Could Topple

Detlef Schmuck: “The EU Commission is preparing for the end of the transatlantic data exchange agreement. The companies should do the same. Hurry up!”

Hamburg, 6 July 2020 – The European Commission is preparing for the failure of the EU-US Privacy Shield. Companies based in the EU should also urgently start preparations, advises Detlef Schmuck, Managing Director of the Hamburg-based data security company TeamDrive. If the transatlantic data protection agreement were to be declared invalid by the European Court of Justice (ECJ) on 16 July, as expected by many sides, millions of European companies using US data services would be in the rain, the security expert warns. “If the EU Commission is already seriously preparing for the end of the EU-US Privacy Shield, then it is high time for the companies,” warns Detlef Schmuck in a hurry: “German companies should immediately break away from US-based cloud providers and switch to a German provider.

Data security expert Detlef Schmuck, who has been warning against the EU-US Privacy Shield since 2018, speaks of a “failure with an announcement” and refers to the letter “EN E-001120/2020” from the EU Commissioner for Justice and Consumer Protection Didier Reynders dated May 2020:

“The Commission is a party in the two cases pending before the European Court of Justice relevant to the Privacy Shield (T-738-16, La Quadrature du Net and C-311/18, Schrems II) While the Commission cannot predict the outcome of the litigation, it is looking at possible scenarios. In this context, the Commission is in contact with the parties concerned, including the US authorities. In parallel, the Commission is continuing its work on alternative instruments for the international exchange of personal data, including the review of existing standard contractual clauses”.

Detlef Schmuck points out that already in December 2019, the EU Advocate-General expressed serious doubts about the validity of the agreement in an assessment which is not legally binding. “It is obvious that some of the largest US digital companies pay little attention to the basic data protection regulation,” says the data security expert, and says: “The EU-US Privacy Shield was a farce from the beginning to conceal the disaster of the previous Safe Harbor Agreement.

In 2013, the Austrian lawyer Max Schrems had filed a lawsuit in the light of the Snowden revelations, which ended with the ECJ declaring the Safe Harbor Privacy Agreement between the EU and the USA, which had been in use until then, invalid in 2015. The EU’s EU-U.S. Privacy Shield follow-up regulation was approved by the EU Commission in July 2016 to ensure the protection of personal data transferred from a member state of the European Union to the United States. Already in March 2017, the EU Justice Commissioner Věra Jourová had threatened to suspend the arrangements in view of the “unpredictability” of the Trump government in the USA. According to widespread legal opinion, the “Schrems II” proceedings will also bring down this arrangement in 2020.

TeamDrive Managing Director Detlef Schmuck warns against a “data protection disaster” for companies that use US cloud services for their data storage. He explains: “The end of the EU-US Privacy Shield makes all EU companies that work with US providers into millions of data protection breaches with unforeseeable consequences.