Der Europäische Gerichtshof hat vor wenigen Tagen mit einem Urteil für Aufsehen gesorgt. Das multilaterale „Privacy Shield“-Abkommen zwischen der EU und den USA ist gekippt.
Angeregt durch die Klagen des österreichischen Juristen Max Schrems hat der Europäische Gerichtshof entschieden, dass das EU-US Data Protection Shield die Daten von Europäern nicht ausreichend vor Zugriff durch US-Behörden schütze. Das Abkommen hatte infolge der DSGVO den Transfer von Daten in die USA geregelt.
Es muss nun also eine neue Lösung für die europäischen Übertragung von Daten in die USA gefunden werden. So lange ist der Transfer von Daten nur durch die Standard Contractual Clauses geregelt, sprich den Nutzungsbedingungen des jeweiligen Unternehmens. Microsoft hat nun ein Statement veröffentlicht, das momentan auch vielen Windows 10 Nutzern angezeigt wird. Darin betont man erneut das eigene Engagement für den Datenschutz und die eigene Rolle darin, gesetzliche Normen im Interesse der eigenen Kunden durchzusetzen.
Microsoft erwähnte darin, dass Daten in einen anderen Kontinent nur beim Senden von Daten an Nutzer auf diesem Kontinent erfolgen. Der Konzern teilte in dem Statement außerdem mit, dass man weiter mit Gesetzgebern zusammenarbeiten will, um die vom Europäischen Gerichtshof kritisierten Mängel zu beseitigen. Von Microsoft heißt es, man habe sich immer um die Verbesserung des Datenschutzes für eigene Kunden bemüht. Man sei das erste Cloud Unternehmen gewesen, das eng mit europäischen Behörden zusammengearbeitet hätte und man habe die Regeln der DSGVO nicht nur in Europa mehr als erfüllt, sondern die Datenschutz-Verbesserungen für seine Nutzer weltweit ausgerollt.
Den Originaltext haben wir im Folgenden für euch eingefügt:
oday the Court of Justice of the European Union has issued a judgment relating to a case examining data transfers from the EU.
We want to clarify the impact of this decision for our customers.
We confirm that all our customers can continue to use Microsoft services, in full compliance with European law. The court ruling does not change the ability to transfer data between the EU and the United States using the Microsoft cloud.
For years, Microsoft has provided customers with high levels of protection for both the Standard Contractual Clauses (SCC) and the Privacy Shield for all data transfers. Although today’s ruling invalidated the use of the Privacy Shield, the SCCs remain valid. Our customers are already protected by SCCs for using the Microsoft cloud and related data transfers.
Furthermore, today’s ruling does not change the data flows of our services to Consumers. We transfer data between users, for example, when a person sends email or other online content to another person. We will continue to do so in accordance with today’s decision and with future and further guidelines from the EU data protection authorities and the European Data Protection Board.
In addition to supporting customers who transfer data between the EU and the United States, we will continue to work proactively with the European Commission and the United States government to address the issues raised by the ruling. The Court raised some important arguments that Governments must consider when establishing a data transfer policy between countries. We will continue to do our part by committing ourselves to work with European and American governments and regulators to address these issues. We are confident that the European Commission and the United States government will also work to address these issues and we are grateful that they are actively involved in finding solutions.
We have always worked to improve the level of protection for our customers. We were the first cloud company to work with European data protection authorities for Model Clauses approval in Europe and the first company to adopt new technical standards for the Privacy of Cloud services. We have accepted the Privacy Shield as a successor to Safe Harbor after the cancellation of this model and we have extended the GDPR key rights to our Customers all over the world.
Finally, we will continue to take measures to defend the rights of our customers. We filed a lawsuit to challenge orders that required access to people’s data or to protect our ability to inform users of pending requests, bringing the case to the United States Supreme Court . Thanks to our actions, we have guaranteed greater transparency for our customers, through an agreement that has allowed us to disclose reports on the number of orders required by the United States national security. In addition to establishing new policies within the United States government that limit the use of secrecy orders.
Privacy is a continuous journey, and today’s sentence is not the last word. Our customers can be confident that we will strive to ensure that their data can continue to move through our services. They can also count on the fact that we will continue our work to provide them with greater protection based on the issues raised in today’s ruling and that we will collaborate with governments and those responsible for privacy policies, following the evolution of future decisions.
