Challenges to the EU-US Privacy Shield- What are the legal issues and how might these affect cloud-based medical AI technologies?

Timo Minssen; Claudia Seitz; Mateo Aboy; Marcelo Corrales Compagnucci

Challenges to the EU-US Privacy Shield- What are the legal issues and how might these affect cloud-based medical AI technologies?

Timo Minssen^*, Claudia Seitz, Mateo Aboy, Marcelo Corrales Compagnucci

^*Corresponding author af dette arbejde

Det Juridiske fakultet

Abstract

Cloud-based medical AI-technologies rely on effective and robust legal frameworks for international data transfer. This is not always simple to achieve as it can be illustrated in the United States (US)–European Union (EU) context. Due to the lack of general data protection law at the federal level, the US currently does not have a general “adequacy decision” from the European Commission (EC) to enable EU-US cross-border data transfers without the need for additional data protection safeguards. As a fallback, a “limited adequacy” decision was adopted in 2016 on the so-called “EU-US Privacy Shield Framework.” This framework protects the fundamental rights of natural persons in the EU and allows the free transfer of personal data to companies that are certified under the EU-US Privacy Shield. However, the EU-US Privacy Shield has been recently contested at the Court of Justice of the European Union (CJEU). This paper analyzes the EU-US Privacy Shield Framework, the associated legal challenges, and how these might affect organizations deploying or implementing cloud-based medical AI technologies relying on cross-border data transfers from EU data subjects .

Originalsprog	Engelsk
Tidsskrift	European Pharmaceutical Law Review
Antal sider	19
ISSN	2511-7157
Status	Afsendt - 21 nov. 2019

Citationsformater

@article{31fa5de2e07240189afacc251d388664,

title = "Challenges to the EU-US Privacy Shield- What are the legal issues and how might these affect cloud-based medical AI technologies?",

abstract = "Cloud-based medical AI-technologies rely on effective and robust legal frameworks for international data transfer. This is not always simple to achieve as it can be illustrated in the United States (US)–European Union (EU) context. Due to the lack of general data protection law at the federal level, the US currently does not have a general “adequacy decision” from the European Commission (EC) to enable EU-US cross-border data transfers without the need for additional data protection safeguards. As a fallback, a “limited adequacy” decision was adopted in 2016 on the so-called “EU-US Privacy Shield Framework.” This framework protects the fundamental rights of natural persons in the EU and allows the free transfer of personal data to companies that are certified under the EU-US Privacy Shield. However, the EU-US Privacy Shield has been recently contested at the Court of Justice of the European Union (CJEU). This paper analyzes the EU-US Privacy Shield Framework, the associated legal challenges, and how these might affect organizations deploying or implementing cloud-based medical AI technologies relying on cross-border data transfers from EU data subjects . ",

author = "Timo Minssen and Claudia Seitz and Mateo Aboy and {Corrales Compagnucci}, Marcelo",

year = "2019",

month = nov,

day = "21",

language = "English",

journal = "European Pharmaceutical Law Review",