Browsing by Author "Salo, Asta"

The need for data protection emerged during the development of information technology in the 1960's when the automatic gathering of personal data became a possibility. Since then, the possibilities to collect and store data has grown exponentially. The international community recognized the need for a unified data protection regime when cross border data transfers became more commonly used in the economic sphere. During the past decades, since the emergence of cross-border data protection, the world has changed drastically, creating numerous new fields of use for personal data. The globalisation of the world economy has increased due to drastic advancements in new technologies. The EU has, ever since the revolution of the internet, tried to unify the rules on data protection within its Member States. The responsibility the EU has of protecting its citizens' right to privacy does not however end at the borders of the union. The EU needs to ensure that the same adequate level of protection is upheld when data is transferred across the borders of the EU. The ruling in the Schrems case underlined the responsibility of the EU to ensure adequate protection even outside its jurisdiction. The main question of this thesis is to analyse the validity of the current transfer mechanism, the Privacy Shield, when transferring personal data from the EU or the EEA to the USA. The aim of this thesis is to analyse how the current framework has created a stronger protection of personal data of data subjects within the EU, with the ruling of the CJEU on the Safe Harbour in mind. Furthermore, the aim also to evaluate whether the current framework will hold up against the level of adequacy set by the General Data Protection Regulation (GDPR) as the Privacy Shield was originally drafted with the level of adequacy laid down by the Directive 95/46/EC as a benchmark. The main findings of this thesis are, that while the emergence Privacy Shield has helped to promote the importance the protection of personal data when it is transferred outside the territorial scope of the EU, it has failed to provide adequate safeguards in certain aspects. The main aspects where the Privacy Shield has failed to provide adequate safeguards are the access to personal data by U.S. authorities and to provide effective legal remedies. The Privacy Shield could become the function framework it was set out to be, but without a common goal and a common understanding of what lies at the bottom of the issues, the EU and the USA will continue to struggle in creating a binding and enforceable framework that works. The underlying issue seems to be as much of a political nature than of a regulatory one.