Interesting ruling! Will definitely cause a lot of controversy. What are your thoughts?
My two cents:
The agreement is supposedly with Akamai’s European subsidiary, with an US parent. No transfer ever took place. The judgement is solely based on the judges’ lack of understanding, it appears.
This judgement essentially entails that any European company that is a subsidiary or is owned by an American company cannot process any personal data simply because a transfer is assumed. Which is incorrect, and absolute nonsense.
The US parent has general control over the EU subsidiary, but that subsidiary is a legal entity of its own.
US parent is NOT in charge of the day-to-day management and is NOT allowed to give orders. That authority (managing the EU subsidiary) lies with the management of that subsidiary, only there and no where else.
The US parent can decide on big things like dissolving or selling the subsidiary), but for the rest the US parent can only send management / board home and appoint a new one that does what you ask.
I immediately believe that the US parent can get an order including “don’t care how but do it” for the EU subsidiary. But there is no legal mechanism by which the parent company can then force the subsidiary to comply with that order. That is a work instruction, a daily decision; which - again - is the exclusive competence of the EU subsidiary’s director / management / board and not of the US parent!
At most the parent can dismiss the management (“difference of opinion”) and then appoint its own people who will do whatever they are told by the parent under the table. Those people will then personally be liable (directors’ liability) if the fine comes from Europe, and the rest of their career will probably not go smoothly
I just really don’t see how a European director can justify giving personal data because the parent company is under pressure from a Californian judge who is waving a CLOUD or FISA order under the threat of contempt of court.