The ECJ's videoconference system complies with data protection rules (EDPS)
In the absence of this EU-US Privacy Shield, in February 2021 the Court of Justice of the European Union (CJEU), as an EU institution, referred its contract with its US-based videoconferencing operator to the European Data Protection Supervisor (EDPS).
It asked the EDPS whether these rules complied with the EU’s data protection rules contained in the EU Data Protection Regulation. The EDPS issued two temporary authorisations, in 2021 and 2022, allowing the CJEU to use these contractual clauses. It adopted its final decision on 13 July 2023.
The EDPS has decided that the CJEU’s videoconferencing services meet the data protection standards under EU Data Protection Regulation. The CJEU is the first EU institution to obtain such approval from the EDPS. The main characteristics of the videoconferencing services used by the CJEU are:
- no data is transmitted to the cloud for confidential meetings;
- very limited data transmitted to the cloud for other meetings with full and strong encryption (end-to-end encryption, one to many points) by default;
- combined with strong technical and organisational measures; and moreover
- the use of cloud servers located exclusively within the EU.
The final decision of the EDPS adopted on 13 July 2023 may be consulted on the EDPS’ website. (source curia.europa.eu/photo freepik.com)