Cloud threatened: German DPAs stop granting permission for data transfers to non-EU countries

In a dramatic move to highlight the excessive surveillance by foreign intelligence services, Germany’s Data Protection Authorities have declared that until their Federal Government provides a plausible explanation on how to limit this access, new applications, for example, for data transfers to the US, will not be approved. The DPAs say they will also examine whether such data transfers “also for the use of certain cloud services” should be suspended on the basis of the US Safe Harbour framework and the European Union standard contractual clauses.

The declaration refers to “extensive surveillance by foreign intelligence services, in particular the U.S. National Security Agency (NSA) in the absence of specific suspicion of wrongdoing…. and in disregard of the principles of need, proportionality and purpose limitation.”

The decision, taken at the Conference of German Federal and State Data Protection Commissioners on 24 July, calls on the European Commission to suspend its decisions on Safe Harbour and on the standard agreements until further notice in view of the excessive surveillance by foreign intelligence services.

The European Commission has always stressed that the national supervisory authorities may suspend the transfer of data to such countries when there is a “substantial likelihood” that the Safe Harbour principles or standard contractual clauses are being violated.

See the press release.