Already Under Attack In Top EU Court, Privacy Shield Framework For Transatlantic Data Flows Further Undermined By Trump
from the you're-not-really-helping-things,-Donald dept
A year ago, Techdirt wrote about the melodramatically-named “Privacy Shield.” Under EU data protection laws, the transfer of EU citizens’ personal data is only legal if the destination country meets certain basic conditions for data protection. Signing up to Privacy Shield is designed to allow US companies to meet that requirement. The earlier framework, called “Safe Harbor,” was thrown out by the EU’s highest court, the Court of Justice of the European Union (CJEU), largely because of NSA spying on data flows. Privacy Shield was hurriedly cobbled together because, without it, the vast flows of data across the Atlantic that occur all the time would be much harder to square with EU laws.
However, since the NSA has not stopped spying on data flows, some in the EU feel that Privacy Shield offers as little protection for personal data as Safe Harbor. This led the Irish civil liberties group Digital Rights Ireland (DRI) last October to ask the EU’s General Court — one of the more obscure courts of the CJEU — to annul the Privacy Shield framework, arguing that it too lacks adequate privacy protections. Although there are still some procedural matters to be settled first, largely to do with whether DRI has standing to bring this legal action, the case is considered a serious enough challenge to the Privacy Shield framework that the US government is getting involved directly:
The US government has applied to be an intervening party in a challenge by Irish privacy campaign group Digital Rights Ireland against the Privacy Shield transatlantic data transfer pact.
As the article from the Irish Times explains, the US is not alone: also keen to see the framework upheld are the British, Dutch, and French governments, as well as Microsoft and the Business Software Alliance, all of whom have applied separately to join the action. DRI’s basic argument is the following:
In questioning Privacy Shield’s adequacy, it says its provisions are not actually fixed in US law. The privacy group will also argue that the agreement neither adequately addresses the court’s specific objections to Safe Harbour, nor protects citizens’ rights provided for under the EU Charter of Fundamental Rights and by the general principles of EU law.
The DRI’s case may have just received a boost from an unusual quarter. As Techdirt reported, the President of the United States has signed an executive order that strips those who are not US citizens of certain rights under the Privacy Act. A spokeswoman for the European Commission told TechCrunch that Privacy Shield “does not rely on the protections under the US Privacy Act.” But Jan Philipp Albrecht, a Member of the European Parliament, and the leading expert on data protection regulation there, is not so sure that the framework will escape unscathed. He wrote in a tweet that:
If this is true [about the stripping of privacy protections] @EU_Commission has to immediately suspend #PrivacyShield & sanction the US for breaking EU-US umbrella agreement.
The “EU-US umbrella agreement” refers to another recently-agreed deal that puts in place a comprehensive high-level data protection framework for EU-US law enforcement cooperation. The long thread that follows Albrecht’s tweet explores to what extent the Privacy Shield framework is likely to be impacted by the new executive order. There’s no clear consensus yet on that. But one thing is for sure: the general thrust of Trump’s order probably indicates a broader shift in policy that makes it more likely that the CJEU will strike down Privacy Shield just as it struck down Safe Harbor.
Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+
Filed Under: donald trump, eu, privacy, privacy act, privacy shield, safe harbors, us
Comments on “Already Under Attack In Top EU Court, Privacy Shield Framework For Transatlantic Data Flows Further Undermined By Trump”
"But it's different, we're the Good Guys!"
The earlier framework, called "Safe Harbor," was thrown out by the EU’s highest court, the Court of Justice of the European Union (CJEU), largely because of NSA spying on data flows.
…
However, since the NSA has not stopped spying on data flows, some in the EU feel that Privacy Shield offers as little protection for personal data as Safe Harbor.
Any ‘framework’ should assume that the NSA can and will grab everything it possible can, showing absolutely no restraint whatsoever in it’s obsession and ‘Collect it all’ mindset, and move on from there, because at this point I’d say it’s probably safe to assume that the NSA will never voluntarily stop scooping up everything it can get.
Unless the NSA is forced to stop(and at this point I don’t think anything less than dissolving the agency entirely would accomplish that) they will completely and utterly ignore and ‘privacy’ and ‘personal data’ rules, because why wouldn’t they?
... one of the more obscure courts of the CJEU ...
Funny classification. Have a look:
https://en.wikipedia.org/wiki/Court_of_Justice_of_the_European_Union
And another thing
I love how there’s a question over whether the DRI has legal standing: "whether DRI has standing to bring this legal action". You know like, how dare an Irish organization challenge a European Union arrangement.
And I love how the USA feels totally free to blunder just right on in, like everyone else should just give a crap: "The US government has applied to be an intervening party in a challenge by Irish privacy campaign group Digital Rights Ireland". Because Screaming Eagles.
Team America World Police. It’s a thing.
Re: And another thing
“And I love how the USA feels totally free to blunder just right on in, like everyone else should just give a crap: “
“Other countries that have applied to join the case include France, the UK and the Netherlands.
Microsoft and the Business Software Alliance, which represents the global software industry, have separately applied to join the action.”
Looks like Team France, UK, and Netherlands are joining the fray. Lets toss in Team Microsoft and the GLOBAL Business Software Alliance” for good measure.
Should anyone give a crap about these?
Re: And another thing
And I love how the USA feels totally free to blunder just right on in, like everyone else should just give a crap: "The US government has applied to be an intervening party in a challenge by Irish privacy campaign group Digital Rights Ireland". Because Screaming Eagles.
Team America World Police. It’s a thing.
It gets even better when you consider that it was a USG agency that was responsible for ‘Safe Harbor’ being thrown out, and now ‘Privacy Shield’ being challenged.
The NSA’s ‘Collect it all’ fetish undermined the first to the point that it was tossed, and now it’s doing the exact same thing again with the replacement, and yet the US is filing in defense of the thing, in which I have no doubt that they’ll completely ignore the NSA’s role and go on and on about how the DRI is making mountains out of molehills, because if there’s one thing the USG and it’s agencies value and hold sacred above all other things it’s the privacy of non-US citizens.
Re: Re: And another thing
Should we lump in France, the UK, and the Netherlands as well? Lets give equal players equal under the buss time no?
Re: Re: Re: And another thing
The UK’s NSA equivalent(GCHQ I think it was?) certainly displays the same level of ‘respect’ towards privacy(and right, and laws, and anything that might otherwise prohibit them from doing whatever they want…) that the NSA does, but given the Safe Harbor and now Privacy Shield deal with data going between Europe and the US I’m not sure how much impact their actions would have towards Safe Harbor/Privacy Shield, though the cozy relationship between them and the NSA certainly doesn’t help.
Don’t know enough about the French and Netherlands equivalents to say either way, but again, both of those are European countries so probably not much impact in this case.
Re: Re: Re:2 And another thing
I’m just thinking that it appears people are bashing the U.S. over this, when in reality they are just one of many players. Doesn’t seem fair to me.
Re: Re: Re:3 And another thing
Given the NSA’s actions seems to have been a driving force in both, I don’t think any ‘USG bashing’ is unwarranted here. If the NSA hadn’t been caught grabbing everything they could get the original Safe Harbor likely would have been seen as plenty.
Re: Re: Re:4 And another thing
“I don’t think any ‘USG bashing’ is unwarranted here.”
Well, my point was lets just remember the USG is not alone. This train was moving before the US got on, and again they are only one of MANY players involved.
Re: Re: Re:5 And another thing
They’re not the only ones openly displaying contempt for those pesky ‘rights’ and ‘laws’ and concepts like ‘privacy’, no, not hardly, but in this case a US agency seems to hold the most blame for what has and continues to happen due to the European-US nature of the issue that makes the NSA’s actions of more immediate impact, even if other European agencies are just as bad in general.
Re: Re: Re:6 And another thing
Governments are the tools of your corporate overlords, bought and paid for they are.
Re: Re: Re:5 And another thing
The challenged agreement is between the US and EU. The spying of other parties is not even relevant. The USG is making it impossible, and that is the problem for the agreement.
Re: And another thing
It’s a US-EU agreement being challenged, so I’d say they have a good reason getting involved. Particularly since it’s being challenged because of its behavior.
That’s one if the rare cases where I find it legitimate for the USA to get involved.
I think I now know how Germans felt when a certain crazed lunatic came to power. It’s like watching a train come barreling toward you and not being able to move.
Re: Re:
Some Germans. As understand it, he was actually quite popular when he came to power.
Re: Re:
Well, even Thingiverse is getting political.
Window Dressing
The agreements have been violated in the past and the data didn’t stop flowing. They’ll be violated in the future and it won’t stop flowing. This is all just window dressing.
No, no entity is entitled to an individuals data however unobrusive it may be, without the consent of that individual
Thats not how the world works
Thats, HOW, the world should work
Defeatism leads to subserviance, when we should be argueing their right to our data, our information, our lives, so called supporters of human rights are talking about the best way to implement it in a minimised form. Its the INITIAL implementation thats wrong and dangerous, you accept it, it gets normalised in our lives, then they push the envelope further
The saying “give them an inch, and they take a mile” comes to mind
I wonder if the future generations were offloading this on, will be just like us, or evolved enough to rightly wonder why the fuck we just watched while it happened, those that cared enough to notice, those that noticed but didnt care, not to mention the mentality of the crazies actually driving the crazy bus down to crazytown, you now, the too big to jail folks
One mans leader is another mans tyrant
Theres a reason why the americans constitution makes mention of non interference……….to minimize the risk of the tyrant fork on the road our leaders will inevitably come across…….at least in this day and age
History lesson
1-We learn something profound through hardship
2-Humans look forward
3-Time passes
4-We forget that something profound
5-Humans stall, or go backwards
6-Hardship makes us relearn why number one was profound
7-Goto number 2
Its why, in one particular case, some folks decided to make a sticky note of some of it, and then proceeded to call it a constitution or bill of rights, to protect and as im realising, remind future generations that didnt go through the hardships that created it, or fail to recognise the signs of an overbearing government, or its next entity slogan change
Im disatisfied……can you tell
They say you can judge a man by the company he keeps. I say it’s not just men. If Microsoft and the BSA (a notorious Microsoft front group whose main purpose in life is promoting the progress of copyright abuse, particularly by Microsoft) think it’s such a good idea, that’s at the very least, a good reason to wonder if we might not be better off without it.
Re: Microsoft (and other companies) are in it for convenience
It is far more economical for them to keep all the data in one country and have Privacy Shield or an equivalent as legal approval to move all the data to that country, than it is for them to operate data centers positioned to abide by the privacy laws that Privacy Shield overrides. If Privacy Shield is struck down and not replaced, then data that Microsoft (and other companies) currently transfer out of the EU as an ordinary part of business would instead be required to stay, if not within EU borders, then at least outside US borders. It’s much easier and cheaper for them to intervene and have this challenge struck down than to change their business model to account for more restrictive privacy rules. In particular, some parts of their business may require more than just standing up region-isolated data centers. If their current design assumes that all data centers can always talk to all others (barring transient network errors), and the new laws preclude that, then they not only need to build and staff new data centers, but also change how the software works.