In theory, this could result in fines from the data protection authorities
Posted: Tue Jan 28, 2025 5:36 am
The ECJ has struck again: Just last October, it decided that consent must be obtained for all cookies that are not technically essential - as a result of which many website operators had to make complex adjustments to their websites. Now, less than 9 months later, the ECJ has declared the "Privacy Shield" agreement, which has been in force since 2016 and which regulated the transfer of data from the EU to the USA, invalid.
If you are wondering "How does this affect me?", then it may affect a lot. Many online services, including Google, have previously relied on this agreement. For example, anyone who uses Google Analytics or Google AdSense on their website is currently using these services more or less without a valid legal basis.
It remains to be seen how lenient they will be in handling the situation. The most recent ECJ ruling was made in the context of proceedings brought by Austrian lawyer Max Schrems against Facebook. A few years ago, one of his proceedings overturned the previous agreement, Safe Harbor.
As was the case back then, the reason for this is rcs data russia concerns that data transferred to the USA could also be used by the secret services there. A possible alternative solution to the overturned agreement is the so-called "standard contractual clauses", which Facebook already relies on. The court has declared these to be valid if certain conditions are met.
The ruling therefore has a lesser impact on Schrems' actual opponent, Facebook, while it hits large parts of the economy with full force. It can be assumed that Google and other companies will quickly rely on another legal basis, such as the aforementioned standard contractual clauses - after all, they don't want to scare away their customers.
It might also be sufficient to obtain the user's consent and to point out that the data processing is not carried out to European protection standards. Nevertheless, it is unacceptable that traders, SMEs and large companies rely in good faith on a legal basis and then have it overturned overnight, exposing them to the risk of high fines.
Data protection is important, there is no question about that. We also need to talk to each other if there are any concerns. But to suddenly burden the economy, which is already battered by the corona crisis, with these additional difficulties is insensitive and almost absurd. The ECJ should have taken this into account and set a deadline for new regulations.
Data protection is not an end in itself; rather, this is a transatlantic policy of sideswipes at the expense of our own economy.Developing a good data protection concept costs time and money. Having to fundamentally adapt it every few months not only results in costs and considerable planning uncertainty; it also prevents companies from being able to concentrate on their main business.
The fact that the Federal
If you are wondering "How does this affect me?", then it may affect a lot. Many online services, including Google, have previously relied on this agreement. For example, anyone who uses Google Analytics or Google AdSense on their website is currently using these services more or less without a valid legal basis.
It remains to be seen how lenient they will be in handling the situation. The most recent ECJ ruling was made in the context of proceedings brought by Austrian lawyer Max Schrems against Facebook. A few years ago, one of his proceedings overturned the previous agreement, Safe Harbor.
As was the case back then, the reason for this is rcs data russia concerns that data transferred to the USA could also be used by the secret services there. A possible alternative solution to the overturned agreement is the so-called "standard contractual clauses", which Facebook already relies on. The court has declared these to be valid if certain conditions are met.
The ruling therefore has a lesser impact on Schrems' actual opponent, Facebook, while it hits large parts of the economy with full force. It can be assumed that Google and other companies will quickly rely on another legal basis, such as the aforementioned standard contractual clauses - after all, they don't want to scare away their customers.
It might also be sufficient to obtain the user's consent and to point out that the data processing is not carried out to European protection standards. Nevertheless, it is unacceptable that traders, SMEs and large companies rely in good faith on a legal basis and then have it overturned overnight, exposing them to the risk of high fines.
Data protection is important, there is no question about that. We also need to talk to each other if there are any concerns. But to suddenly burden the economy, which is already battered by the corona crisis, with these additional difficulties is insensitive and almost absurd. The ECJ should have taken this into account and set a deadline for new regulations.
Data protection is not an end in itself; rather, this is a transatlantic policy of sideswipes at the expense of our own economy.Developing a good data protection concept costs time and money. Having to fundamentally adapt it every few months not only results in costs and considerable planning uncertainty; it also prevents companies from being able to concentrate on their main business.
The fact that the Federal