No change in US law, no data transfer deals – German state DPA

Look for non-US alternatives, say Schleswig-Holstein officials


The data protection authority at the German federal state of Schleswig Holstein has declared that any and all data protection workarounds for the transfer of data to the US after the European Court of Justice's Schrems v Facebook judgment are going to be illegal.

In its first declaration on the post-Schrems legal landscape, the influential DPA says in a written opinion (in German) that only a change in US law can make US companies compliant with European legislation and has advised companies to adjust their business relationships accordingly.

It has warned businesses and governmental bodies that they may be fined up to €300,000 for the transfer of personal data to the US "without a legal basis".

A historic decision in favour of Austrian privacy advocate Max Schrems last week invalidated the “Safe Harbor” agreements that allow US companies to export European personal data. It shifted power away from the European Commission to the national (and in Germany’s case, federal) data protection authorities. Schleswig Holstein has historically been a leader in data protection and privacy, and helped shape EU law. The state went after Facebook – hard – four years ago.

Following the ECJ's Schrems decision, US companies have invoked “model clauses” , or template contracts, in the hope of legitimising the transfer of personal data to countries regarded as unsafe… such as the US. Microsoft and Salesforce have invoked the clauses.

But the ULD (Schleswig-Holstein DPA) says these are no cover - at least not in the northern German state.

“A decision of the Commission on the adequacy of the level of data protection in the United States requires a comprehensive change in US law as well as the conclusion of an international agreement. Because neither changes are currently [under way], both options are eliminated in the short - or medium term,” the DPA reckons.

Last week, open source CEO Rafael Laguna explained that no business using US infrastructure is now safe from being sued by its European customers.

"When a customer sues me, I go to court and find that agreement isn’t worth a dime. Google cannot guarantee what they’re guaranteeing," OpenXchange's Laguna told us.

You can read more here, while Heise has a roundup here (both in German). ®

Similar topics


Other stories you might like

  • Euro-telcos call on big tech to help pay for their network builds

    Aka 'rebalancing global technology giants and the European digital ecosystem'

    The European Telecommunications Network Operators' Association (ETNO) has published a letter signed by ten telco CEOs that calls for, among other things, Big Tech to pay for their network builds.

    The letter, signed by the CEOs of the Vodafone Group, BT Group, Deutsche Telekom, Telefónica, Orange Group and five more telco leaders, calls for a "renewed effort to rebalance the relationship between global technology giants and the European digital ecosystem".

    "A large and increasing part of network traffic is generated and monetized by Big Tech platforms, but it requires continuous, intensive network investment and planning by the telecommunications sector," the letter states, adding "This model – which enables EU citizens to enjoy the fruits of the digital transformation – can only be sustainable if such platforms also contribute fairly to network costs."

    Continue reading
  • AI-enhanced frog stem cells start to replicate in entirely new ways

    Xenobots scoop up loose cells to make more of themselves. We welcome our new overlords

    In January of 2020, scientists from the University of Vermont announced they had built the first living robots; this week they have published reports that those robots, made from frog cells and called Xenobots, can reproduce and have found a new way to do so.

    The millimetre-sized xenobots are essentially a computer-designed collection of around 3,000 cells. They were created by taking stem cells from frog embryos, scraping them, leaving them to incubate, then cutting them open and sculpting them into specific shapes. After all that action, the cells began to work on their own – auto-repairing when sliced and moving about inside petri dishes.

    With a little design tweak, the creatures could do even more. "With the right design, they will spontaneously self-replicate," said University of Vermont researcher Joshua Bongard, Ph.D. in a canned statement.

    Continue reading
  • Panasonic admits intruders were inside its servers for months

    Spotted the crack after it ended – still not sure what was lost

    Japanese industrial giant Panasonic has admitted it's been popped, and badly.

    A November 26 statement [PDF] from the company admits that its network "was illegally accessed by a third party on November 11, 2021". That date has since been revised – the company now says it became aware of the intrusion on the 11th, but that unknown entities had access to its systems from late June to early November.

    "After detecting the unauthorized access, the company immediately reported the incident to the relevant authorities and implemented security countermeasures, including steps to prevent external access to the network," the statement adds.

    Continue reading

Biting the hand that feeds IT © 1998–2021