German and Czech governments seek to join Privacy Shield case

Digital Rights Ireland is claiming before EU court that Privacy Shield does not sufficiently protect personal data of EU citizens

Privacy Shield was signed off by the European Commission and the US department of commerce in July after lengthy negotiations. It replaces the Safe Harbour arrangement struck down by the European Court of Justice in October 2015
Privacy Shield was signed off by the European Commission and the US department of commerce in July after lengthy negotiations. It replaces the Safe Harbour arrangement struck down by the European Court of Justice in October 2015

The German and Czech governments have asked to be joined to a case in which an Irish privacy lobby group is challenging the Privacy Shield data-transfer pact between the EU and the US.

Digital Rights Ireland (DRI) lodged its challenge with the General Court of the European Union in October, and Monday, December 19th, is the deadline for parties to seek involvement. DRI is claiming Privacy Shield, which underpins billions of data transfers in transatlantic trade, does not sufficiently protect the personal data of EU citizens.

The German federal government lodged papers late last week seeking to be joined on the side of the European Commission, it is understood. Documents have also been lodged by the Czech government.

Privacy Shield was signed off by the European Commission and the US department of commerce in July after lengthy negotiations. It replaces the Safe Harbour arrangement struck down by the European Court of Justice in October 2015 in the Schrems case.

READ MORE

Over 500 companies have so far self-certified their adherence to the Privacy Shield framework.

Personal data

The mechanism was designed to provide companies on both sides of the Atlantic with a mechanism to comply with EU data-protection requirements when transferring personal data from the EU to the

United States

in support of transatlantic commerce.

The European Commission made a so-called “finding of adequacy” in relation to Privacy Shield, effectively certifying that firms signing up to it provide an equivalent level of protection for personal data to that provided in the EU.

DRI's proceedings lodged with the General Court of the European Union – the lower court of the Court of Justice – are an application under article 263 of the Lisbon Treaty for an annulment of that decision.

The privacy lobby group is seeking a declaration from the court that the commission’s implementing decision of July 12th, 2016, “is a manifest error of assessment by the commission insofar as it finds an adequate level of protection in the US for personal data” concordant with the existing data-protection directive.

It also seeks a declaration that the commission’s decision on Privacy Shield is “null and void” and an order for costs against the European Commission.