6 October 2015: The European Court of Justice (ECJ) released the much-anticipated ruling in the Schrems case (C-362/14) and found that legislation allowing public authorities to access the content of electronic communications on a general basis, b) that a secure port system allows disruption, U.S. authorities with fundamental rights of persons, and (c) that the existence of a Commission decision cannot remove or even reduce the powers of national supervisory authorities, and (d) that supervisory authorities are effectively required to review relevant complaints with the necessary diligence, but (e) that the ECJ alone is entitled to declare: that an act of the Union, such as . B a decision of the Commission, is invalid. Under the EU`s Data Protection Directive 95/46/EC, personal data can only be transferred to other states if the information is properly protected. This depends essentially on a level of data protection equivalent to that of the European Union that exists in the state where personal data is transferred. The European Commission is examining whether other states are able to guarantee this level of data protection. In this context, the European Commission stated in 2000, in its safe harbor decision, that the United States was a state with the same level of data protection. Following Edward Snowden`s revelations on 24 July 2013, the German Data Protection Commissioner called on the German Federal Government and the European Commission to review the Safe Harbour system and announce that they are still not exporting data to the United States under the Safe Harbor regime.  In this context, the ECJ cancelled the Safe Harbor Agreement, that is, the European Commission`s Decision 2000/520/EC, thereby removing the legal basis for the transfer of personal data to the United States through the Safe Harbor certification. However, in its judgment of 6 October 2015 (C-362/14), the European Court of Justice (ECJ) found that personal data is not sufficiently protected in the United States, even though the U.S.
company is a certified safe harbor company. The dispute led to a complaint by an Austrian who objected to the European subsidiary of the social network Facebook, based in Dublin, Ireland, transferring and processing the personal data of Facebook users to servers in the United States. He felt that his personal data in the United States was not sufficiently protected against access by U.S. security services. On January 25, 2016, the Electronic Privacy Information Center (EPIC) finally succeeded in forcing the U.S. Department of Justice (DOJ) to publish the entire text of the EU-U.S. agreement. EPIC sued the DOJ last year after the Agency failed to respond to EPIC Freedom of Information Act`s request for the secret agreement. The Umbrella Agreement describes data transfers between EU-US law enforcement agencies and forms the basis of the Judicial Redress Act currently before Congress.
EPIC criticized the legislation and recently asked the Senate to delay measures on the bill until the DOJ unblocks the umbrella agreement and the Justice Committee holds a hearing on the laws. On 8 September 2015, the European Commission publishes a brochure on frequently asked questions about the Umbrella Agreement, which aims to establish a high-level data protection framework for EU-US law enforcement cooperation. The agreement includes all personal data exchanged between the EU and the US and the necessary security measures for the prevention, detection, investigation and prosecution of criminal offences, including terrorism.