On 2 February 2016, the European Commission and the Ministry of Commerce announced that they had reached a political agreement on the data protection shield framework. Despite the announcement, they did not publish the text of the agreement until 29 February 2016. The Court of Justice clarified that the validity of the European Commission`s 2010/87/EC decision was not called into question by the fact that the standard data protection clauses contained in it were contractual in nature and were therefore not legally binding on the authorities of the third country to which the data was transmitted. The ECJ believes that the 2010/87/EC decision has put in place effective mechanisms to ensure the protection of personal data between the EU and the US. However, Beverley-Smith added, “the same fundamental problems as the limited remedies against U.S. government access to personal data will also apply to CSC in practice.” The Ruling in July by the European Court of Justice, the Bloc`s highest court, was the second time it rejected the US-Europe data protection agreements because it found that it did not adequately protect European citizens from inappropriate spying by the US government, underscores the gap between long-standing data protection allies. Schrems asked whether access to such data by US security authorities meant that such agreements were illegal under EU law. The ECJ`s response was that CSC survived as a result of previous expertise, but the data protection shield could and was not valid. EPIC President Marc Rotenberg described in a statement to the European Parliament`s LIBE committee several shortcomings in the proposed EU-US data transfer agreement, including the weak data protection framework, lack of enforcement and cumbersome redress mechanism.
In the short term, Rotenberg recommended that the EU condition be followed by the acceptance of the data protection shield at the end of the “702 programme”, which allows mass surveillance of Europeans by the United States. Along with other NGOs, EPIC has asked the European Commission to rewrite the data protection shield by stating that it does not protect human rights and does not reflect changes in US law, as required by the Schrems decision. In particular, both sides need to reorganize a data protection agreement that no longer exists and is crucial to the operation of global businesses, from Google to General Electric. The previous pact, the US “data protection shield,” was overturned in July by Europe`s highest court, which ruled that US data protection standards do not adequately protect EU data, from social media search history to corporate wage information.