The New EU-US “Shield” for data privacy is full of holes

Vĕra Jourová, European Commissioner in charge of Justice

Vĕra Jourová, European Commissioner in charge of Justice, Consumers and Gender Equality at the European Parliament Plenary last January in Strasbourg. © European Union , 2016 / Source: EC – Audiovisual Service / Photo: Jean-François Badias.

Last week the “post-Safe Harbour era” was officially launched. On February 2 the European Union and the United States have agreed on a new framework for transatlantic data flows, the so-called Privacy Shield. The two sides have now a brand new data-sharing deal, which will allow websites like Facebook, Apple and Google to transfer EU citizens’ data across the Atlantic and to process them in the US under certain privacy terms.

Background

The announcement by the European Commission came three months after the European Court of Justice struck down the previous data-protection deal, the Safe Harbour, and immediately gave relief to thousands of American companies which used to rely on Safe Harbour to handle data. Indeed, the old agreement have been used for 15 years, since the beginning of the new Millennium, to transfer personal data from the EU to US in compliance with the EU Data Protection Directive and European privacy laws.

Following the cocktail of NSA leaks, Snowden scandal and the Schrems case, which raised concerns that Europeans’ personal data stored by companies in the US might be exposed to American intelligence agencies, the ECJ found that the Safe Harbour was “inadequate” to serve its protection purpose and that was not compliant with the EU Data Protection Directive.

From that moment on a sort of nightmare began for 4,500+ American firms, which started to fear they might have been requested to process data locally in each country they operate. Until a week ago, when things changed again, and “normality” came back.

Satisfaction for a “strong framework”

European Commission’s Vice President for the Digital Single Market Andrus Ansip greeted the news and expressed satisfaction for a “strong framework”. “Our people can be sure that their personal data is fully protected”, he underlined last week. “Our businesses, especially the smallest ones, have the legal certainty they need to develop their activities across the Atlantic”, he added. “We have a duty to check and we will closely monitor the new arrangement to make sure it keeps delivering”, he also declared.

EU Justice Commissioner Věra Jourová also commented the news. “The new EU-US Privacy Shield will protect the fundamental rights of Europeans when their personal data is transferred to US companies”, she said. “For the first time ever, the United States has given the EU binding assurances that the access of public authorities for national security purposes will be subject to clear limitations, safeguards and oversight mechanisms”, she added.

Commissioner Jourová also said that the US government has assured it will not conduct “mass or indiscriminate” surveillance of Europeans. The two sides have indeed established an annual joint review in order to closely monitor the implementation of these commitments, with the first expected sometime next year.

What businesses say

Besides the official plaudit by negotiators and authorities, which have worked to find the perfect balance between the privacy protection needs and the requirements of the businesses, what the real improvements, or the simple consequences, the new data-transfer agreement will bring are still to be defined. From a business perspective, the new deal will have some positive effects.

Many businesses greeted the new deal with a sigh of relief, as many now believe the new deal will bring an end to some big uncertainty the fall of Safe Harbour left behind. Others expressed just a cautious optimism, as they are still keen to see if the new deal will be just a temporary measure or a proper, cost-effective solution. In general, the new pact will effectively allow an easier transfer of data from the EU to the US and grease the “mechanics” of the data flow.

Privacy concerns

However, from a privacy protection perspective, critics are way heavier. European privacy activists were sharply critical of Tuesday’s deal, saying it will not help protect the EU citizens’ privacy, as bigger issues are basically underneath the “tip of the iceberg”.

One of the main critique is indeed that many do not believe that an American government agency which operates in secret can be monitored and checked on a regular base, and so can be trusted. Moreover, activists claim that the new framework is more intended to keep European courts from getting involved into business than to protect citizens from being spied on.

Also Maximilian Schrems, the Austrian law student and Facebook user that triggered the scandal, expressed his own concerns. “A couple of letters by the outgoing Obama administration is by no means a legal basis to guarantee the fundamental rights of 500 million European users in the long run, when there is explicit US law allowing mass surveillance,” he reportedly wrote in a letter. “We don’t know the exact legal structure yet, but this could amount to obviously disregarding the Court’s judgment”, he continued.

A short life for Privacy Shield?

Indeed, and this is what basically everyone thinks, Privacy Shield risks to have a very short life, as it seems it simply doesn’t have what it takes to survive the standards set by the European Court of Justice, but only to “buy some time” instead in the meantime. The Washington, D.C.-based Center for Democracy & Technology published a statement right after the formalization of the new EU-US deal, saying that despite the framework’s improvement for EU citizens’ data privacy it would still probably face trouble in court.

“More aligned” with human rights norm

Jens-Henrik Jeppesen, Director of European Affairs at the CDT, said that the Privacy Shield will be “deemed sufficient by the Court of Justice”. Mr. Jeppesen also declared that he believes the EU Member States should narrow their surveillance laws and practices to be “more aligned” with international human rights norms. “The goal must remain a long-term, sustainable transatlantic consensus on the proper legal framework for law enforcement and national security access to data, as well as strong, transparent commercial privacy practices,” Jeppesen concluded.

Lack of info

All in all, the main point here is that a real, effective evaluation of the new deal is really hard to be made at this point, given the tremendous lack of information. The full framework is not yet available, and so the boundaries of the EU citizens’ data are not yet precisely defined. Besides the new clause that foresees an annual EU-US joint review to check the agreement is being applied correctly, we basically only know that the US will provide “written assurances” that they will basically limit surveillance and not a lot further.

The EU declared in last week’s statement that Commissioners Ansip and Jourová receive the mandate to prepare a draft “adequacy decision” in the coming weeks, which could then be presented by the College of Commissioners to the Member States.

In general, with the people’s privacy on the table the ball should be played carefully. No doubt that some steps forward and improvements towards privacy protection were taken, but still it seems hard to believe a final solution has been found.

At the end, if the European Court of Justice sunk an EU-US data privacy deal with such a background like the Safe Harbour one, there’s no real reason why it shouldn’t do the same with this one too.

Advertising

Advertising

Advertising

Advertising

Advertising

Advertising

Advertising

Advertising

Advertising

Advertising

Advertising

Advertising

Advertising

Advertising

Advertising

Advertising

Advertising

Advertising

Featured Stings

Will France vote for more or less Europe in the next presidential elections?

EU Commission expects consumer spending to unlock growth

No agreement in sight on EU budget

A ship with containers at the port of Rotterdam. (Copyright: European Union. Source: EC - Audiovisual Service. Photo: Robert Meerding)

US follows the EU in impeding China market economy status in WTO

Merry Christmas from Erdogan, Putin, Mogherini and the Polish firefighter

EU prepares a banking union amidst financial ruins

The Eurogroup has set Cyprus on fire

World Summit Awards 2016: Sustainable impact through digital innovation

“Private” sea freight indexes hide Libor like skeletons?

The EU stops being soft with 10 Downing Street about Brexit

“At the Environment Assembly citizens expect clean, not hot air”, the Head of UN Environment in Europe underscores in a Sting Exclusive

A Sting Exclusive: “China is Making Good Stories not Bad Ones”, Ambassador Yang highlights from Brussels

The Chinese spirit

The Changing Scope of International Economic Relations – Chinese Leadership in the 21st Century

Ukrainian civil war: Is this the beginning of the end or the end of the beginning?

China’s New Normal and Its Relevance to the EU

Look Mom, even the House of Lords says the #righttobeforgotten is not right

The Sting’s Values

Beyond self-regulation: dealing with Europe’s consumption problem

Is Eurozone heading towards a long stagnation?

COP21 Breaking News_03 December: Transport Industry Drive for Improved Energy Efficiency and Electro-Mobility to Stem High Growth of Emissions

Switzerland to favour EU citizens in immigration quotas as the risk of a new referendum looms

Elections in Britain may reserve a surprise for May’s Tories

Why is Grexit again in the news? Who is to pay for Eurozone’s banking problems?

Gender equality and medicine in the 21st century

A day in the life of a refugee: We should be someone who helps

Breaking barriers between youth in the new tech era: is there an easy way through?

Intel, Almunia and 1 billion euros for unfair potatoes

The three sins the EU committed in 2015

EU Commission retracts on the Chinese solar panel case

Greece’s last Eurogroup or the beginning of a new solid European Union?

Memoirs from a unique trip to China: “my new old dragon” (Part I)

How ‘small’ is Europe in Big Data?

TTIP 9th Round marked by American disappointment: Will some optimism save this trade agreement?

Parliament: No consent to EU budget until €11.2 billion unpaid bills are settled

G20 World Exclusive Interview: “The world, especially emerging economies and developing countries, require a more sustainable and quality development”, the Spokesperson of Japan underscores live from Antalya Turkey

Juncker Investment Plan for Europe welcomed by European Youth Forum

Can the world take the risk of a new financial armageddon so that IMF doesn’t lose face towards Tsipras?

Are ECB’s €500 billion enough to revive Eurozone? Will the banks pass it to the real economy?

The new general election will secure Greece’s position in Eurozone; at least for some time

Parliament cuts own spending to facilitate agreement on EU budget

Will the outcome of the UK referendum “calm” the financial markets?

Although Greece is struggling to pay salaries and pensions Varoufakis is “optimistic”; the Sting reports live from EBS 2015

Council Presidency: Floundering with the EU 2014 budget

Recession: the best argument for growth

Gas pipeline in the European Union. (Copyright: EU, 2012 / Source: EC - Audiovisual Service / Photo: Ferenc Isza)

EU Investment Bank approves € 1.5bn loan for Trans Adriatic Pipeline (TAP)

Fed, ECB take positions to face the next global financial crisis; the Brits uncovered

EU to finance new investment projects with extra borrowing; French and Italian deficits to be tolerated

Managers’ pay under fire

COP21 Breaking News_05 December: Carbon Price Needed for Climate Change Success

Higher education becoming again a privilege of the wealthy?

Dutch voters reject EU-Ukraine partnership and open a new pandora’s box for the EU

Commission: Gifts of €6 billion and free trainees to ‘help’ poor employers

Trump’s Syrian hit the softest option vis-a-vis Russia

Leveraging digital for high quality internships

Draghi strives to control the unruly exploitation of financial markets by banking leviathans

VW emissions scandal: While U.S. car owners are vindicated, Europe still unable to change its laws and protect its consumers

Japanese banks to move their European HQ from London to Frankfurt after Brexit

Berlin and Paris pursue the financial fragmentation of Eurozone

More Stings?

Speak your Mind Here

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s