Follow Us

Follow us on Twitter  Follow us on LinkedIn
 

14 May 2021

CRE: German insurers and business seek flexibility on international data transfer


The German insurance association (GDV) has stepped up its call for flexibility from regulators on the hot topic of international data transfer standards, while politicians in Europe and the US are working on a pragmatic solution for a huge headache for German businesses created by the European Court of Justice’s Schrems II judgment made in July 2020.

In response to a case brought by Max Schrems against Facebook Ireland, the Court of Justice of the European Union declared the European Commission’s Privacy Shield Decision invalid on account of invasive US surveillance programmes.

This made transfers of personal data on the basis of the Privacy Shield Decision illegal. Furthermore, the court stipulated stricter requirements for the transfer of personal data based on standard contract clauses (SCCs).

As a result of this ruling, there is now no reliable legal basis on which to transfer business-related data between the EU and the US.

The ruling effectively places the onus on the companies themselves to determine whether the SCCs are adequate to ensure data privacy on a par with the GDPR.

This affects large corporations as well as SMEs and startups from all sectors of the economy. It also causes massive competitive disadvantages for German and European companies, leading to less development and innovation in certain sectors, noted the GDV.

In response to the ruling, Insurance Europe announced that it had sent a letter, alongside other financial organisations, to the European Commission and the European Data Protection Board (EDPB), expressing the financial sector’s concern about the impact of Schrems II.

Insurance Europe and the other organisations called on the Commission to continue its work on an adequacy framework allowing lawful data transfers to the US that respect EU citizens’ privacy.

It also asked for data protection authorities to refrain from imposing sanctions until the publication of the EDPB’s guidance on the supplementary measures to be used alongside SCCs.

US secretary of commerce Wilbur Ross and US secretary of state Mike Pompeo were deeply disappointed by the ruling and suggested possible adverse effects on the transatlantic economic relationship.

Both stressed the importance of data flows for economic growth as well as for the post-Covid-19 recovery, reported the European Parliamentary Research Service.

So, there appears to be agreement on both sides of the Atlantic regarding the gravity of the current situation. At the same time, a rapid resolution does not appear to be forthcoming.

Although talks between the EU and US on an enhanced Privacy Shield framework have resumed, interim guidance from the regulator is needed in the meantime, argued the GDV.

In its latest public letter on the issue, the GDV, along with other leading German business associations including the Federation of German Industries, emphasised the urgency of pragmatic data transfer solutions until the legal framework can be defined at a political level.

It also called for the European Commission and supervisory authorities to take the lead as opposed to leaving it up to the companies to decide on an acceptable level of data privacy.

The German business community has been clear on its position regarding the Schrems II ruling since it was passed last summer. It is now up to the European Commission and data protection authorities to respond.

CRE



© Commercial Risk Europe


< Next Previous >
Key
 Hover over the blue highlighted text to view the acronym meaning
Hover over these icons for more information



Add new comment