• Refine Query
  • Source
  • Publication year
  • to
  • Language
  • 1
  • Tagged with
  • 1
  • 1
  • 1
  • 1
  • 1
  • 1
  • 1
  • 1
  • 1
  • 1
  • 1
  • 1
  • 1
  • 1
  • 1
  • About
  • The Global ETD Search service is a free service for researchers to find electronic theses and dissertations. This service is provided by the Networked Digital Library of Theses and Dissertations.
    Our metadata is collected from universities around the world. If you manage a university/consortium/country archive and want to be added, details can be found on the NDLTD website.
1

Tredje gången gillt? : En analys av EU-US Data Privacy Framework / Third time’s the charm? : An analysis of the EU-US Data Privacy Framework

Bjerselius, Nathalie January 2023 (has links)
Through the GDPR, the member states of the EU and the EEA countries ensure equivalent protection for personal data which is why personal data within this area can be transferred freely. Transfers of personal data to a country outside the EU/EEA area, such as the U.S., are only permitted under the General Data Protection Regulation (GDPR) under cer­tain conditions, including if the EU Commission has decided that the country in ques­tion en­sures an adequate level of protection. The EU Commission has previously adopted two such decisions for the U.S., based on Safe Harbour and Privacy Shield. Those decisions were, how­ever, struck down by the Court of Justice of the European Union (CJEU) in Schrems I and II since the CJEU did not consider that the U.S. could ensure an adequate level of protection for per­sonal data that was transferred from the EU to the U.S. In July 2023, the EU Commission announced that it had once again adopted an adequacy decision for the U.S. meaning that personal data can now flow freely from the EU to companies and organ­izations in the U.S. certified under the EU-US Data Protection Framework (EU-US DPF). The adequacy decision followed a presidential order signed by U.S. President Biden in October 2022, which introduced new security measures intended to remedy the problems iden­tified by the CJEU in Schrems I and II. On the one hand, the US intelli­gence agencies’ access to personal data is limited to what is proportionate. On the other hand, a data protection court is established.  The purpose of this essay is to examine whether the changes that the presidential order has given rise to has changed the legal situation after Schrems II in such a way that the U.S. can now be considered to ensure an adequate level of protection for personal data that is being transferred from the EU to the U.S. By analyzing the EU-US DPF against the background of the jurisprudence of the CJEU and the European Court of Justice, I find that this is not the case. The U.S. intelligence agencies’ use of and access to EU citizens’ personal data is still not lim­ited to what is proportionate and EU citizens whose personal data is processed still do not have access to an effective remedy to challenge surveillance measures. Thus, the new adequacy decision for the U.S. is likely to be struck down by the CJEU in the coming years. The conse­quences of such an invalidation are examined to some extent in this essay, particularly in rela­tion to other transfer mechanisms in Chapter V of the GDPR, namely standard contractual clauses and binding corporate rules.

Page generated in 0.0172 seconds