Skip to main content

LUP Student Papers

LUND UNIVERSITY LIBRARIES

GDPR Compliance in EU-US Data Transfers - Examining the impact of the EU Commission’s 2023 adequacy decision on surveillance risks

Kidwell, Linda LU (2024) HARH13 20232
Department of Business Law
Abstract
International data transfers serve to support the global economy, facilitating international collaboration and economic expansion. However this increased productivity comes at a cost, namely amplified personal data privacy and security risks. In an era dominated by rapid technological advancements, the clandestine actions of intelligence agencies have the potential to infringe upon the privacy and integrity of individuals on a near global scale. The revelations of mass surveillance programs, as exposed by whistleblowers like Edward Snowden in the United States, demonstrate the real risks of mass data collection to individuals. Consequently, public debate and concern has escalated pertaining to the contentious balance between national... (More)
International data transfers serve to support the global economy, facilitating international collaboration and economic expansion. However this increased productivity comes at a cost, namely amplified personal data privacy and security risks. In an era dominated by rapid technological advancements, the clandestine actions of intelligence agencies have the potential to infringe upon the privacy and integrity of individuals on a near global scale. The revelations of mass surveillance programs, as exposed by whistleblowers like Edward Snowden in the United States, demonstrate the real risks of mass data collection to individuals. Consequently, public debate and concern has escalated pertaining to the contentious balance between national security protective measures and the preservation of human rights and civil liberties.
The EU Commission's 2023 adequacy decision determined that the United States provided an essentially equivalent level of protection for European personal data. This decision follows the development of the EU-US Data Privacy Framework and has significant implications, as it permits European entities to transfer personal data directly to US companies participating in the framework. As a result, European businesses can conduct data transfers to their US counterparts without the necessity of additional protective measures, streamlining the exchange of personal data and facilitating collaboration in the modern digital economy. However, the high risk of personal data access by US state intelligence agencies makes this practice fraught with complications pertaining GDPR. This raises questions about how to achieve suitable balance between encouraging the free flow of information and protecting data privacy as well as about the validity of the EU Commission’s 2023 adequacy decision. (Less)
Abstract (Swedish)
Internationella dataöverföringar stödjer den globala ekonomin, underlättar internationellt samarbete och främjar ekonomisk expansion. Denna ökade produktivitet innehåller dock risker, nämligen stora risker för kränkningar av den personliga integriteten. I en tid som domineras av tekniska framsteg har regeringar, inom EU och i tredjeländer, potential att överträda individers integritet på en nära global skala. Avslöjandena av massövervakningsprogram, som avslöjats av whistleblowers som Edward Snowden i USA, visar de verkliga riskerna med massdatainsamling för individer. Följaktligen har den offentliga debatten och oron eskalerat när det gäller den omtvistade balansen mellan skyddsåtgärder för nationell säkerhet och bevarandet av mänskliga... (More)
Internationella dataöverföringar stödjer den globala ekonomin, underlättar internationellt samarbete och främjar ekonomisk expansion. Denna ökade produktivitet innehåller dock risker, nämligen stora risker för kränkningar av den personliga integriteten. I en tid som domineras av tekniska framsteg har regeringar, inom EU och i tredjeländer, potential att överträda individers integritet på en nära global skala. Avslöjandena av massövervakningsprogram, som avslöjats av whistleblowers som Edward Snowden i USA, visar de verkliga riskerna med massdatainsamling för individer. Följaktligen har den offentliga debatten och oron eskalerat när det gäller den omtvistade balansen mellan skyddsåtgärder för nationell säkerhet och bevarandet av mänskliga rättigheter och medborgerliga friheter.

EU-kommissionens beslut om adekvans 2023 fastställde att USA tillhandahåller en i huvudsak likvärdig skyddsnivå för europeiska personuppgifter. Detta beslut följer utvecklingen av EU-USA:s Data Privacy Framework och har betydande konsekvenser eftersom det tillåter europeiska enheter att överföra personuppgifter direkt till amerikanska företag som deltar i ramverket. Som ett resultat kan europeiska företag genomföra dataöverföringar till sina amerikanska motparter utan att det krävs ytterligare skyddsåtgärder, vilket effektiviserar utbytet av personuppgifter och underlättar samarbetet i den moderna digitala ekonomin. Den höga risken för tillgång till personuppgifter från den amerikanska staten gör dock sådana utbyte belastade med komplikationer gällande GDPR. Detta väcker frågor om hur man kan uppnå en lämplig balans mellan att uppmuntra det fria flödet av information medan samtidigt lyckas skydda datasekretessen. Även giltigheten av EU-kommissionens beslut om adekvathet från 2023 ifrågasätts. (Less)
Please use this url to cite or link to this publication:
author
Kidwell, Linda LU
supervisor
organization
course
HARH13 20232
year
type
M2 - Bachelor Degree
subject
keywords
General Data Protection Regulation, Adequacy Decision, EU Commission, Surveillance law, Third country data transfers, US intelligence agencies
language
English
id
9145969
date added to LUP
2024-01-21 11:02:46
date last changed
2024-01-21 11:02:46
@misc{9145969,
  abstract     = {{International data transfers serve to support the global economy, facilitating international collaboration and economic expansion. However this increased productivity comes at a cost, namely amplified personal data privacy and security risks. In an era dominated by rapid technological advancements, the clandestine actions of intelligence agencies have the potential to infringe upon the privacy and integrity of individuals on a near global scale. The revelations of mass surveillance programs, as exposed by whistleblowers like Edward Snowden in the United States, demonstrate the real risks of mass data collection to individuals. Consequently, public debate and concern has escalated pertaining to the contentious balance between national security protective measures and the preservation of human rights and civil liberties.
The EU Commission's 2023 adequacy decision determined that the United States provided an essentially equivalent level of protection for European personal data. This decision follows the development of the EU-US Data Privacy Framework and has significant implications, as it permits European entities to transfer personal data directly to US companies participating in the framework. As a result, European businesses can conduct data transfers to their US counterparts without the necessity of additional protective measures, streamlining the exchange of personal data and facilitating collaboration in the modern digital economy. However, the high risk of personal data access by US state intelligence agencies makes this practice fraught with complications pertaining GDPR. This raises questions about how to achieve suitable balance between encouraging the free flow of information and protecting data privacy as well as about the validity of the EU Commission’s 2023 adequacy decision.}},
  author       = {{Kidwell, Linda}},
  language     = {{eng}},
  note         = {{Student Paper}},
  title        = {{GDPR Compliance in EU-US Data Transfers - Examining the impact of the EU Commission’s 2023 adequacy decision on surveillance risks}},
  year         = {{2024}},
}