The transatlantic data transfer between the European Union (EU) and the United States (US) has been caught between economic interests and the protection of personal data for years. A key instrument in this context was the "Privacy Shield" agreement, which has, however, been scrutinised several times.
Development of the Privacy Shield
Following the revocation of the Safe Harbour Agreement by the European Court of Justice (ECJ) in 2015, the EU-US Privacy Shield was introduced in 2016 to facilitate data transfer while guaranteeing data protection. This agreement should ensure that the personal data of EU citizens in the USA is adequately protected.
Influence of the Trump administration
Donald Trump's presidency brings considerable uncertainty for the Privacy Shield. In January 2017, President Trump signed an Executive Order on "Improving Public Safety" that limited the protection of personal data for non-US citizens. This led to concerns that EU citizens were no longer adequately protected from US surveillance measures. Data protection experts saw this as a potential threat to the Privacy Shield agreement. Now Trump will be president again.
Criticism and legal challenges
In July 2020, the ECJ declared the Privacy Shield invalid as it did not meet the EU's data protection standards. This led to considerable challenges for companies that rely on transatlantic data transfers. In response, the EU and the US agreed on the "EU-US Data Privacy Framework", which was adopted by the European Commission in July 2023. This new agreement is intended to ensure an adequate level of protection for personal data.
Current developments and outlook
Despite these efforts, data protection concerns remain. The civil rights organisation NOYB has announced that it will challenge the new agreement before the ECJ, as it believes that it does not sufficiently protect the data protection rights of EU citizens.
In a guest article for the Tagesspiegel in July 2024, IT security expert and law professor Dennis-Kenji Kipker warned of a possible end to the agreement. He emphasised that the previous adequacy decision was only based on a presidential decree by Joe Biden, "which could be withdrawn by a successor in office in line with an 'America First' policy just as quickly as it was issued". Kipker went on to say that the USA "has long ceased to be a reliable partner in terms of data protection"and there is a not inconsiderable likelihood that it will be even less so in the future.
The future of transatlantic data transfer therefore remains uncertain. It is crucial that both the EU and the US work together continuously to ensure a high level of data protection while allowing the free flow of data for commercial purposes.
Hosting and development exclusively in Germany
EGOTEC AG has always developed and hosted its solutions exclusively in Germany. Thanks to this consistent focus on German data centres and the highest data protection standards, EGOTEC has not only been able to meet all GDPR requirements in the past, but has also strengthened the trust of its customers. This commitment ensures that we have not had and will not have any problems with transatlantic data transfer regulations. In addition, we actively support companies in realising their hosting strategies in Germany - be it for content management systems (CMS), AI-supported applications or Software-as-a-Service (SaaS) solutions. With our focus on security, performance and compliance, we offer customised solutions for legally compliant and efficient operation in the digital world.