Verify and enrich your customer data.
Stop bouncing - start connecting!
Validate addresses, phone numbers and email addresses - with unparalleled precision in 240+ countries world-wide.
July 16, 2020 (Press release for Case C-311/18) - The EU Court of Justice invalidates Decision 2016/1250 on the adequacy of the protection provided by the EU-US Data Protection Shield. The restrictions of the Privacy Shield Decision 2016/1250 assessed by the Commission in protection of personally identifiable information, resulting from the fact that U.S. authorities under the law of the United States on such data, which are transferred from an EU country to the U.S. may access and use them, are not regulated in such a way that requirements equivalent in substance to those laid down by EU law in accordance with the principle of proportionality would be met, as the surveillance programmes in the U.S. are not limited to what is strictly necessary.
As regards the requirement of judicial protection, the Court holds that, contrary to the view taken by the Commission in Decision 2016/1250, the Ombudsperson mechanism referred to in that decision does not provide data subjects with any cause of action before a body which offers guarantees substantially equivalent to those required by EU law, such as to ensure both the independence of the Ombudsperson provided for by that mechanism and the existence of rules empowering the Ombudsperson to adopt decisions that are binding on the US intelligence services. On all those grounds, the Court declares Decision 2016/1250 invalid.
The transfer of personally identifiable information (PII) to the U.S. is illegal now and could
result in fines of up to 20 million euros or 4% of the worldwide annual revenue as well as claims for
damages from affected individuals. The EU Data Protection Commissioners have already pointed out that there
will be no "grace period" in this context - the "transfer of personally identifiable information to
the U.S. on the basis of the EU-US Privacy Shield is unlawful and must be stopped immediately".
Companies and organizations based in the EU that transfer PII by using service providers from the
U.S., now have these two options:
1. Negotiate an individual data protection agreement with each U.S. service provider, which is fully compliant with the GDPR and the standard contract clauses and submit it to the respective data protection authority for review and approval, or
2. Switch service providers now and choose a German company, whose solution is already 100% GDPR compliant by default. Our Email Validator offers you these advantages: