EU-US data flows and GDPR enforcement
Go back

EU-US data flows and GDPR enforcement

on 11 June 2021

​In the year 2016, the then European Commission and the Obama Administration had released a proposal on EU-US Privacy Shield. It was aimed to protect and keep secure any form of data flow between the two continents.

There has been a recent development in the EU-US data flows. The European Parliament has issued a vote to back a call to the Commission. It states an urge to start an infringement proceeding against Ireland’s Data Protection Commission (DPC) for not “properly enforcing” the regulation. The lawmakers in the European Union are facing the pressure to step in and bring about a change in the bloc's flagship data protection regime.

The recent spotlight has been on the Irish Data Protection Commissioner issuing orders to stop Facebook from sharing data of EU users to the United States. This came after it was found that the Privacy Shield agreements were violated as the personal data of users were being transferred. The General Data Protection Regulation directly came under the radar due to this incident and sparked off a debate on the security of data flow.

General Data Protection Regulation (GDPR)

The Commission highlighted a significant shortcoming in the uniformly vigorous enforcement of the General Data Protection Regulation in their review last year.

The E.U.'s executive has time and again faced criticism and review on their regulations. The DPC has been suffering from significant criticism due to its outsized role in the regulations. There has been immense flak over the failure of the DPC to adhere to their primary work. The complaints of breaching the resolution have kept piling up since the day it became effective on May 25, 2018. Complaints against big companies like Facebook and Google have been left unresolved by the DPC, leading to the criticism they have faced all these years. The only case they are known to have appeared to make a final decision is the one cross-border GDPR case against Twitter.

The Irish regulator has also been instrumental in ordering Facebook to suspend its data transfers. It resulted in the tech giant filing a review against DPC and their processes. Recently, the judicial review by the Irish High Court turned down the petition. This has led to the DPC restarting their investigation in the case against Facebook as the data flow complaints have not yet ceased.

Concluding Thoughts

The DPC, over the years, has faced a lot of criticism and analytical feedback on where they have faltered as an organisation. With the recent spotlight on the Facebook issue again, DPC is expected to decide so that the EU DPA's can review and bring about essential changes.

The data flow between the two continents has been the centre point of trans-Atlantic digital commerce. After the problems which arose due to the Privacy Shield, the effects and hurdles can be majorly felt. The companies are no longer protected from liabilities over the data transfers. There has been a void in the mechanism which highlights the loss of trust between the two policy regimes. The protection of data flow across both continents is a point of major concern and debate.

Share this article