Provisional opinion on the agreement between the United States of America and the European Union on the protection of personal data in the context of the prevention, investigation, detection and prosecution of criminal offences The agreement between the EU and the United States, known as the “Umbrella Agreement”, is a framework for the transatlantic transfer of data between the United States and the EU. The proposed objective of the agreement is to provide guarantees of protection of personal data transmitted between the EU and the United States. The full text of the US-EU Agreement on the Protection of Personal Data in the Context of The Prevention, Investigation, Detection and Prosecution of Criminal Offences (Umbrella Agreement) was first published by Statewatch. On 14 September 2015, the European Parliament published the unofficial version of the agreement. EPIC follows the publication of the document by U.S. and European agencies. 51.It is important to note that the transfer of personal data outside the EU can be done without an appropriate decision being taken, but requires appropriate alternative legal safeguards. B, such as legally binding agreements between public bodies, standard contractual clauses, binding business rules, codes of conduct or approved certification mechanisms. The data protection shield has been the subject of a legal challenge by data protection groups. [18] [19] At first, it was not clear whether the cases would be deemed admissible.

[20] [21] However, until February 2017, the future of the data protection shield was in dispute. One consultant, Matt Allison, predicted that “the EU model, regulated by citizens, will quickly come into conflict with market forces in the US and the United Kingdom.” [22] Allison has summarized a new document in which the European Commission sets out its plans for adequacy decision and overall strategy. [23] On 8 September 2015, EU and US officials announced that they had reached a data protection agreement for transatlantic criminal investigations. The EUROPEAN Commissioner for Justice said: “Once this agreement is in force, it will guarantee a high level of protection for all personal data if it is transferred between law enforcement agencies across the Atlantic.” Despite the announcements, neither U.S. officials nor their European counterparts have made the text of the agreement public. A final ECJ decision was published on 16 July 2020 in Schrems II. [25] [26] The EU-US data protection shield for data exchange was rejected by the European Court of Justice on the grounds that it did not provide adequate protection for EU citizens from state espionage. [4] The European Data Protection Committee (EDPD), an EU organisation whose decisions are binding on national data protection authorities, said that “transfers on the basis of this legal framework are illegal.” [27] In accordance with applicable law, agencies ensure that their data protection policies exclude individuals who are not U.S. citizens or legitimate permanent residents from privacy with respect to personal data. [11] A stumbling block on the way to the agreement was the delay of U.S. senators in approving the legislation after its approval by the House of Representatives.

In October 2015, the European Court of Justice struck down the current framework, the International Safe Harbor Privacy Principles, in a ruling later known as “Schrems I.” [3] Shortly after this decision, the European Commission and the US government began discussions on a new framework and reached a political agreement on 2 February 2016. [1] The European Commission has published a draft “adequacy decision” in which it stated that the principles are equivalent to the protection of EU law. [5] 58.In May 2016, the Council adopted a decision authorizing the EU to sign an international agreement with the United States on the transfer of data for law enforcement purposes (the “Umbrella Agreement”).