Skip to main navigation menu Skip to main content Skip to site footer
EPPiSM Baner

No. nr 1–2 (2023)

Artykuły

Transfer of Personal Data from the European Union to the United States. Impact of the Schrems II Decision

DOI: https://doi.org/10.52097/eppism.8657  [Google Scholar]
Published: 2024-05-15

Abstract

The subject of this article is cross-border data flows between the European Union and the United States following the annulment of the EU–US Privacy Shield by the Court of Justice of the European Union. Restrictions on data transfers outside the European Union introduced by the General Data Protection Regulation (GDPR) and the lack of full EU-recognised adequate data protection in the United States are addressed. The article analyses the landmark judgment of the Court of Justice of the European Union in the Schrems II case and the newly emerging US legislation: the Regulation on Strengthening the Safeguards for US Signals Intelligence Activities interms of ensuring compliance with personal data laws and in the broader context of transatlantic relations and the digital economy. The analysis of the above issues was made in order to assess the available options for the transfer of personal data
between the European Union and the United States and to identify the implications of the current situation for companies operating in the area of cross-border data flows.

References

  1. Karwala D., Komercyjne transfery danych osobowych do państw trzecich, Warszawa 2018. [Google Scholar]
  2. Lubasz D., Europejska reforma ochrony danych osobowych z perspektywy pełnomocnika przedsiębiorcy [w:] Media elektroniczne. Współczesne problemy prawne, K. Flaga-Gieruszyńska, J. Gołaczyński, D. Szostek (red.), Warszawa 2016. [Google Scholar]
  3. Michałowicz A., Nowe zasady transferu danych osobowych z Unii Europejskiej do Stanów Zjednoczonych w ramach Tarczy prywatności, „Monitor Prawniczy”, 2016, 23. [Google Scholar]
  4. Sakowska-Baryła M. (red.), Ogólne rozporządzenie o ochronie danych osobowych. Komentarz, Legalis 2020. [Google Scholar]
  5. Schulz T.J., Schrems v. Data Protection Commissioner (C.J.E.U.), „International Legal Materials”, Vol. 56, No. 2, Cambridge University Press, Apr. 2017, Cambridge University Press, doi:10.1017/ilm.2017.8. [Google Scholar]
  6. Advocate General’s Opinion in Case C-311/18 Data Protection Commissioner v Facebook Ireland Limited, Maximillian Schrems, Court of Justice of the European Union PRESS RELEASE No 165/19 Luxembourg, 19 December 2019, https://curia.europa.eu/jcms/upload/docs/application/pdf/2019-12/cp190165en.pdf [dostęp: 5 grudnia 2022]. [Google Scholar]
  7. Binding Corporate Rules (BCR), Corporate rules for data transfers within multinational companies, https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/binding-corporate-rules-bcr_pl [dostęp: 5 grudnia 2022]. [Google Scholar]
  8. Castro D., Mcquinn A., Cross-Border Data Flows Enable Growth in All Industries, INFO. TECH INNOVATION FOUND (Feb. 2015), https://www2.itif.org/2015-cross-border-data-flows.pdf [dostęp: 5 grudnia 2022]. [Google Scholar]
  9. Digital Economy Report 2021 Cross Border data flows and development: For whom the data flow United Nations Conference on Trade and Development.2021, United Nations, https://unctad.org/system/files/official-document/der2021_en.pdf [dostęp: 5 grudnia 2022]. [Google Scholar]
  10. EU–U.S. Data Privacy Framework, https://ec.europa.eu/commission/presscorner/detail/en/qanda_22_6045 [dostęp: 5 grudnia 2022]. [Google Scholar]
  11. Executive Order 14086 Enhancing Safeguards for United States Signals Intelligence Activities https://www.presidency.ucsb.edu/documents/executive-order-14086-en-hancing-safeguards-for-united-states-signals-intelligence [dostęp: 11 czerwca 2022]. [Google Scholar]
  12. FAQs How was the position of the Inspector General of the IC created? https://www.dni.gov/index.php/who-we-are/organizations/icig/icig-about-us/icig-faqs [dostęp: 5 grudnia 2022]. [Google Scholar]
  13. Information on U.S. Privacy Safeguards Relevant to SCCs and Other EU Legal Bases for EU–U.S. Data Transfers after Schrems II. White Paper September 2020, [Google Scholar]
  14. https://www.commerce.gov/sites/default/files/2020-09/SCCsWhitePaperFORMAT- TEDFINAL508COMPLIANT.PDF [dostęp: 15 czerwca 2023]. [Google Scholar]
  15. Intelligence Community Directive 126 – Implementation Procedures for the Signals Intelligence Redress Mechanism under Executive Order 14086, [Google Scholar]
  16. https://www.dni.gov/index.php/who-we-are/organizations/197-about/organization/office-of-civil-liberties-privacy-and-transparency [dostęp: 5 grudnia 2022]. [Google Scholar]
  17. Intensifying Negotiations on Trans-Atlantic Data Privacy Flows: A Joint Press Statement by U.S. Secretary of Commerce Gina Raimondo and European Commissioner for Justice Didier Reynders, https://www.commerce.gov/news/press-releases/2021/03/intensifying-negotiations-trans-atlantic-data-privacy-flows-joint-press [dostęp: 5 grudnia 2022]. [Google Scholar]
  18. Komunikat prasowy, Departament Handlu, Sekretarz Handlu USA Wilbur Ross Statement on Schrems II Ruling and the Importance of EU-U.S. Data Flows 16 lipca 2020, https://useu.usmission.gov/u-s-secretary-of-commerce-wilbur-ross-statement-on-schrems-ii-ruling-and-the-importance-of-eu-u-s-data-flows [dostęp: 5 grudnia 2022]. [Google Scholar]
  19. Mass surveillance September 2022 ECHR, https://www.echr.coe.int/documents/fs_mass_surveillance_eng.pdf [dostęp: 5 grudnia 2022]. [Google Scholar]
  20. NYOB Data transfer, https://noyb.eu/pl/projekt%20/przekazuj%C4%85cy%20eeu-us-transfery [dostęp: 5 grudnia 2022]. [Google Scholar]
  21. Opinia EROD ws. projektu decyzji dotyczącej ram ochrony danych UE-USA, https://uodo.gov.pl/pl/138/2644 [dostęp: 15 czerwca 2023]. [Google Scholar]
  22. Post-Schrems II: „The European Union Provides Guidance on Data Transfers”, JD Supra, https://www.jdsupra.com/legalnews/post-schrems-ii-the-european-union-23981 [dostęp: 5 grudnia 2022]. [Google Scholar]
  23. Recommendations 01/2020 on measures that supplement transfer tools to ensure compliance with the EU level of protection of personal data, 10 November 2020 [Google Scholar]
  24. Adoption of the Recommendations for public consulation / Adoption of the Recommendations after public consultation, 18 June 2021. [Google Scholar]
  25. https://edpb.europa.eu/system/files/202106/edpb_recommendations_202001vo.2.0_supplementarymeasurestransferstools_en.pdf [dostęp: 5 grudnia 2022]. [Google Scholar]
  26. Reinsch W.A., Transatlantic Data Flows: Permanently Broken or Temporarily Fractured? https://www.csis.org/analysis/transatlantic-data-flows-permanently-broken-or-temporarily-fractured [dostęp: 5 grudnia 2022]. [Google Scholar]
  27. RODO cz. IX Przekazywanie danych do USA – nadal pod znakiem zapytania. https://www.ochrona-danych-osobowych.pl/artykuly/rodo-cz-ix-przekazywanie-danych-do-usa-nadal-pod-znakiem-zapytania [dostęp: 11 czerwca 2023]. [Google Scholar]
  28. Schrems II landmark ruling: „A detailed analysis.” Norton Rose Fulbright, czerwiec 2020, https://www.nortonrosefulbright.com/en-gb/knowledge/publications/ad-5f304c/schrems-ii-landmark-ruling-a-detailed-analysis [dostęp: 14 czerwca 2023]. [Google Scholar]
  29. Schwab K., World Economic Forum 2016, The Fourth_Industrial Revolution, https://www.weforum.org/about/the-fourth-industrial-revolution-by-klaus-schwab [dostęp: 15 czerwca 2023]. [Google Scholar]
  30. Secret CIA Bulk Surveillance Program Includes Some Americans’ Records, Senators Say. WSJ, Feb. 10, 2022. [Google Scholar]
  31. https://www.wsj.com/articles/secret-cia-bulk-surveillance-program-includes-some-americans-records-senators-say-11644549582 [dostęp: 5 grudnia 2022]. [Google Scholar]
  32. Standard contractual clauses for data transfers between EU and non-EU countries, https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en [dostęp: 5 grudnia 2022]. [Google Scholar]
  33. The Congressional Research Service (CRS) June 2, 2022, U.S.–EU Trans-Atlantic Data Privacy Framework, https://crsreports.congress.gov/product/pdf/IF/IF11613 [dostęp: 5 grudnia 2022]. [Google Scholar]
  34. The redress mechanism in the Privacy Shield successor: On the independence and effective powers of the DPRC, https://iapp.org/news/a/the-redress-mechanism-in-the-privacy-shield-successor-on-the-independence-and-effective-powers-of-the-dprc/ [dostęp: 13 czerwca 2023]. [Google Scholar]
  35. Upping the Ante on Bulk Surveillance An International Compendium of Good Legal Safeguards and Oversight Innovations Edited by the Heinrich Böll Foundation.Thorsten Wetzling,Kilian Vieth. Berlin, November 2018, https://www.ohchr.org/sites/default/files/Documents/Issues/Privacy/SR_Privacy/2019_HRC_Annex5_CompendiumBulkSurveillance.pdf [dostęp: 5 grudnia 2022]. [Google Scholar]
  36. U.S.–EU Privacy Shield and Transatlantic Data Flows, https://ec.europa.eu/commission/presscorner/detail/en/qanda_22_6045 [dostęp: 5 grudnia 2022]. [Google Scholar]