EU-US privacy shield valid or not? Trinity users can relax

In 2015, the European Commission’s Safe Harbor decision was declared invalid by the European Court of Justice (ECJ). Five months later, the EU and the United States reached an agreement, regarding the set of rules which intend to protect the personal data of citizens of the European Economic Area, stored in the United States. 

A number of provisions should bring the level of data protection in the United States to a level that is in line with EU requirements. Already before Donald Trump published numerous decrees, US law took precedence allowing the FBI and NSA to gain access to the data stored on US servers in justified suspected cases (e.g. to combat terrorism). 

After living with this artificial, not really secure data protection shield for over four years, the ECJ invalidated this “adequacy decision” known as the “EU-US Privacy Shield” on July 16, 2020.

Standard contracts, with agreements on data protection that were still valid, were often agreed on a small scale. Large software providers in particular were happy to simplify referring to the EU-US Privacy Shield, which is now invalid.

Trinity offers its customers a “private cloud solution” in which the data is only stored on servers in Germany. As an ISO 27001 / IKS PS 951 and PS 983-certified full-service IT provider, our data center is specialized in highly available IT services for banks, stock exchanges and financial service providers and meets the highest data security requirements. State-of-the-art building technology and physical security measures are used at three locations in Germany to ensure business continuity management. As a result, the EU-US Privacy Shield is completely irrelevant for our corporate-, municipality- and bank customers using the Trinity TMS.