Mid July, the European Court of Justice struck down the Privacy Shield agreement between the EU and the US. The court ruled US law incompatible with EU privacy regulations, as US government agencies have access to data of EU citizens managed or stored by US firms. This violates the Charter of Fundamental Rights of the European Union and the GDPR.
In essence the ruling means that US companies can not handle data in compliance with the GDPR. European data centers or Standard Contractual Clauses (SCCs) are no solution, as access to data already defines a data transfer and US law supersedes contract law. The only legal solution to regain compliance with EU law is to immediately stop data transfers to the US businesses and repatriate data currently residing with them (source)
The European Court of Justice ruled that the US government infringes on the data protection rights of EU citizens and thus invalidated Privacy Shield, the agreement covering data transfers between the EU and the US. Either the US will have to change its laws (FISA and Executive order 12333 in particular) and keep its security agencies and courts from snooping in data of EU citizens, or the EU will have to change its laws and reduce it’s legal security and privacy guarantees.
As US firms can no longer comply with the GDPR, businesses in Europe have to immediately stop giving US businesses access to personal data of EU citizens. Cloud services like Google services, Dropbox or Microsoft365 can no longer be used for personal data. On premises solutions from US firms can still be used, as can purely EU hosted and managed cloud platforms.
To ensure compliance with EU privacy laws, European firms should stop data transfers to the US and thus move to on-premises or EU hosted alternatives. For example, Mirosoft Office Online Server can still be used, as can alternatives like Collabora Online or ONLYOFFICE. For full online productivity, solutions like IONOS’ Nextcloud offering can easily guarantee GDPR compliance by using Europe’s largest hosting provider with worlds’ most deployed on-premises collaboration platform.
To learn more about the ruling, we recommend the FAQ of the European Data Protection Board.
Nextcloud Enterprise Day is soon here and we have an amazing lineup of speakers providing insightful talks! One of those speakers is George Imrie from Nextcloud customer T-Systems – Deutsche Telekom’s business-customer IT affiliate. T-Systems is a digital transformation specialist, with operations in 20 countries worldwide.In preparation for their talk at the Nextcloud Enteprise Day […]
Read More
Last week, Nextcoud CEO Frank Karlitschek appeared on one of Germany’s biggest public service TV broadcaster’s: ZDF. Watch the news item by ZDF here. Interviewed in Nextcloud’s Berlin office, Frank explains the challenge the company faces up against big tech giants like Google and Microsoft. “That’s all very difficult for us, due to the fact […]
Read More
Nextcloud Enterprise Day is soon here and we have an amazing lineup of speakers providing insightful talks! One of those speakers is Mr. Birkner from the State Institute for School Quality and Teacher Training in Saxony-Anhalt (LISA) in Germany. In preparation for his talk at the Nextcloud Enteprise Day on June 13th, we asked him […]
Read More
