What is at stake?
In July 2020, the European Court of Justice annulled the Privacy Shield agreement between the USA and Europe. Until then, the Privacy Shield ensured unhindered data traffic between US-based companies and their customers in Europe and vice versa. The repeal was based on significant, substantiated doubts about its compatibility with the GDPR.
After this decision, however, many questions remained unanswered for the independent economy and public institutions. One of these questions was whether it was still permissible for U.S. providers of cloud and server services to continue to be eligible for cooperation via their European subsidiaries. Until now, it was not clear whether this was permissible under the GDPR.
But now there seems to be some movement on this issue: The law firm 'gruendelpartner', which is based in Leipzig, Jena and Berlin, was able to obtain a decision from the Baden-Württemberg Procurement Chamber, according to its own homepage. The decision is intended to clarify whether cooperation between the public sector and US companies can continue to be permitted.
In the process, the Procurement Chamber decided that cooperation with IT providers from so-called third countries, i.e. countries outside the EU, is potentially unlawful.
What happens next?
Of course, the question of possible consequences arises right away. Although the ruling is not yet legally binding, it could serve as a precedent for other similar cases.
That's why we asked our IOTIQ IT expert, Managing Director Sven Noack, how things could progress now.