Skip to content Skip to footer

Data protection law in relation to the United States

In 2020, the European Court of Justice (ECJ) issued numerous landmark decisions on data protection within the EU.

Still relevant and with many consequences, in July 2020 the ECJ invalidated the “Privacy Shield”, which secured the regulated flow of data between the EU and the USA, on the grounds that an adequate level of data protection as under the GDPR cannot be guaranteed for personal data transferred to and stored in the USA. A short time later, the Swiss Federal Data Protection and Information Commissioner (FDPIC) expressed a similar view after an evaluation of the Swiss-US Privacy Shield, which guarantees data transfers between Switzerland and the U.S., calling the transfer regime inadequate.

The European Data Protection Board (EDPB) has since issued recommendations for data transfers to countries outside the EU in a step-by-step guide for companies and organizations. It is supplemented by the EDPB document “Recommendations 02/2020 on the European Essential Guarantees for surveillance measures” to support website operators. With these safeguards and detailed checks in place, data transfer to the U.S. may once again be possible.

Meanwhile, the areas of application are wide. From today’s videoconferencing systems to standard solutions in the office sector, to cloud solutions from US providers, the practical relevance could not be more pertinent. Ad Fontes also provides support in setting up alternative processes, so that the topic of data protection and security should not only be a mandatory program, but also a competitive advantage.