On 6 October 2015, the European Court of Justice (CJEU) invalidated a decision from 2000, wherein the Commission had granted an exception from the general prohibition regarding transfers of personal data outside the European Economic Area (EEA) (CJEU C-362/14, Schrems v Data Protection Commissioner 6 October 2015). Companies in the EEA were permitted to transfer personal data to US companies that had registered under the US Safe Harbor programme (Commission Decision 2000/520/EC, OJ L 215, 25 August 2000, 7). Data protection authorities in all EEA Member States retained their authority to suspend data transfers in case of concerns regarding the level of data protection in the USA, but never exercised this power, not even after Edward Snowden’s revelations in 2013. The CJEU judgment responded to questions from an Irish court regarding the dismissal of a complaint by the Irish Data Protection Commissioner who did not share the complainant’s concerns regarding the level of data protection in the USA. After the CJEU judgment, a number of myths started to establish themselves, including the following (for more details on the sources of myths and facts, see Determann, U.S. Privacy Safe Harbor—More Myths and Facts, Bloomberg BNA Privacy & Security Law Report, 14 PVLR 2017 (2015)):

中文翻译：

---

美国数据保护的充分性：神话和事实

2015 年 10 月 6 日，欧洲法院 (CJEU) 宣布 2000 年的一项决定无效，其中委员会批准了关于将个人数据传输到欧洲经济区 (EEA) 以外的一般禁令的例外情况 (CJEU C-362/14 , Schrems 诉数据保护专员案，2015 年 10 月 6 日）。欧洲经济区的公司被允许将个人数据传输给在美国安全港计划下注册的美国公司（委员会决定 2000/520/EC，OJ L 215，2000 年 8 月 25 日，7）。出于对美国数据保护水平的担忧，所有欧洲经济区成员国的数据保护机构保留了暂停数据传输的权力，但从未行使过这一权力，甚至在 2013 年爱德华·斯诺登 (Edward Snowden) 披露此事之后也没有行使过这一权力。CJEU 的判决回应了爱尔兰法院关于爱尔兰数据保护专员驳回投诉的问题，该专员没有同意投诉人对美国数据保护水平的担忧。在欧洲法院判决之后，一些神话开始建立起来，包括以下内容（有关神话和事实来源的更多详细信息，请参阅 Determann，美国隐私安全港——更多神话和事实，彭博 BNA 隐私与安全法报告， 14 PVLR 2017 (2015))：