As have reported in our previous studies, the problem of the legitimacy of the transfer of personal data of European Union citizens to the United States is still open and far from being solved.
In order not to underestimate the problem, we stress that this possibility is not remote: it’s enough that the cloud storage company uses server farms located in the United States, or that at the end of the profiling you use cookies from a company that stores its data in the United States, to have problems and exceptions coming from your customers, with the additional risk of possible penalties.
As it stands, many of these problems have been solved with special agreements approved by the EU data protection guarantor, yet it’s still important to carefully check the contractual arrangements.
Back to the topic, we said that the problem is still open, despite the fact that last October, after intense negotiations, the US President issued Executive Order 14086.
The EU Commission had then approved its adequacy decision and then started the approval process by the other EU bodies, primarily the European Parliament, which gave its negative opinion on 14.02.23. This negative opinion was followed by the negative opinion of the. EDPS.
Suffice it to say that the main concern is the protection of the European citizens’ data should it be accessed by the US intelligence services.
We again recommend caution when using third party cookies and random checks when using US cloud services.
(Avv. Niccolò Pino) (Avv. Giampiero Pino)
