The ECJ's videoconference system complies with data protection rules (EDPS)

With its Schrems II-judgment of 16 July 2020, the Court of Justice declared invalid the EU-US Privacy Shield, governing the transfer of personal data from the European Union to the United States. 

In the absence of this EU-US Privacy Shield, in February 2021 the Court of Justice of the European Union (CJEU), as an EU institution, referred its contract with its US-based videoconferencing operator to the European Data Protection Supervisor (EDPS). 

It asked the EDPS whether these rules complied with the EU’s data protection rules contained in the EU Data Protection Regulation. The EDPS issued two temporary authorisations, in 2021 and 2022, allowing the CJEU to use these contractual clauses. It adopted its final decision on 13 July 2023. 

The EDPS has decided that the CJEU’s videoconferencing services meet the data protection standards under EU Data Protection Regulation. The CJEU is the first EU institution to obtain such approval from the EDPS. The main characteristics of the videoconferencing services used by the CJEU are: 

  • no data is transmitted to the cloud for confidential meetings; 
  • very limited data transmitted to the cloud for other meetings with full and strong encryption (end-to-end encryption, one to many points) by default; 
  • combined with strong technical and organisational measures; and moreover 
  • the use of cloud servers located exclusively within the EU. 

The final decision of the EDPS adopted on 13 July 2023 may be consulted on the EDPS’ website. (source curia.europa.eu/photo freepik.com)

Comments

Editorial

Editorial
George Kazoleas, Lawyer

Top Stories

Ombudsman inquiry on Commission President’s text messages is a wake-up call for EU

Gigantic fine for unfair practices imposed on Booking.com by the Competition Authority of Hungary

The name Pablo Escobar may not be registered as an EU trade mark

First judgment of the ECHR: Lawless v. Ireland

Politically Exposed Persons (PEPs): What and Why?

Airbnb is not required to hold an estate agent’s professional licence as it did not notify the Commission of that requirement in accordance with the Directive on electronic commerce

McDonald’s loses the EU trade mark Big Mac in respect of poultry products