On 16 July 2020, the Court of Justice of the European Union (EUCJ) ruled that the EU-US Privacy Shield was invalid, as it was found to not provide adequate protections to EU citizens against potential government spying. The EU-US Privacy Shield was designed to regulate exchanges of personal data for commercial purposes made between the European Union and the United States, which made it easier for US companies to receive personal data from EU entities under EU privacy laws.
This decision doesn’t mean that data transfers between the EU and the US have to stop, however. The court upheld the use of the European Commission’s “standard contractual clauses” (SCCs) which still allow companies to transfer data to the US provided they request specific consent.
The fundamental power of a real-time transportation visibility (RTTV) solution stems from its ability to seamlessly integrate data sources and enable automated data sharing amongst supply chain actors, including suppliers, carriers and drivers, distribution centers and of course end customers. This in turn can boost operational efficiencies, cut costs, increase productivity and improve service levels throughout the chain. So how does this decision on the Privacy Shield impact the European transportation visibility market?
The decision effectively means that the personal data of Europeans can no longer be sent and processed on servers located on American soil. US-based providers may face a dilemma in which they need to repatriate personal data processing to European soil, which can take considerable time and money to implement, or risk violating the General Data Protection Regulation (GDPR). A fine for a violation could amount to 20 million euros, or 4% of the company's worldwide turnover. US-based RTTV providers will need to take appropriate and decisive steps to confirm that the data transfers under their responsibility comply with the GDPR and this new EU Court of Justice decision. Service providers with data processing operations in the US and elsewhere should consider how to verify the adequacy of the level of protection of European customer data. If the Privacy Shield was the only method used to legitimize data transfers, companies will need to now ensure the transfers are covered under another safeguard. The ruling will also likely see European data protection authorities soon publish their own statements on the legality of data transfers to other countries including the US on the basis of SCCs, which could result in further actions needing to be taken. It’s possible that the European Commission could issue a new set of updated SCCs to address the risks identified by the EU Court of Justice relating to law enforcement and intelligence agencies in the US. At Shippeo, we already comply with all best-practice data management and applicable privacy regulation including the GDPR, which applies to personal data processing for Europe-based operations. In particular, GDPR requires the implementation of a strong security policy to protect personal data. This is why Shippeo’s platform allows user access to be carefully managed to ensure each user is only allowed to access data that is relevant to their own activities. Shippeo’s RTTV platform fully respects the principle of privacy by design and follows strict security protocols and can certify that any data shared to and stored on the Shippeo platform is safe and properly managed. Find out about other real-time transportation visibility best-practices in Shippeo’s Visibility Guide on “Choosing the right transportation visibility provider”.
Consultez notre Politique de Confidentialité pour plus de détails sur l'utilisation et le stockage de vos données personnelles.