Already Under Attack In Top EU Court, Privacy Shield Framework For Transatlantic Data Flows Further Undermined By Trump
from the you're-not-really-helping-things,-Donald dept
A year ago, Techdirt wrote about the melodramatically-named "Privacy Shield." Under EU data protection laws, the transfer of EU citizens' personal data is only legal if the destination country meets certain basic conditions for data protection. Signing up to Privacy Shield is designed to allow US companies to meet that requirement. The earlier framework, called "Safe Harbor," was thrown out by the EU's highest court, the Court of Justice of the European Union (CJEU), largely because of NSA spying on data flows. Privacy Shield was hurriedly cobbled together because, without it, the vast flows of data across the Atlantic that occur all the time would be much harder to square with EU laws.
However, since the NSA has not stopped spying on data flows, some in the EU feel that Privacy Shield offers as little protection for personal data as Safe Harbor. This led the Irish civil liberties group Digital Rights Ireland (DRI) last October to ask the EU's General Court -- one of the more obscure courts of the CJEU -- to annul the Privacy Shield framework, arguing that it too lacks adequate privacy protections. Although there are still some procedural matters to be settled first, largely to do with whether DRI has standing to bring this legal action, the case is considered a serious enough challenge to the Privacy Shield framework that the US government is getting involved directly:
The US government has applied to be an intervening party in a challenge by Irish privacy campaign group Digital Rights Ireland against the Privacy Shield transatlantic data transfer pact.
As the article from the Irish Times explains, the US is not alone: also keen to see the framework upheld are the British, Dutch, and French governments, as well as Microsoft and the Business Software Alliance, all of whom have applied separately to join the action. DRI's basic argument is the following:
In questioning Privacy Shield's adequacy, it says its provisions are not actually fixed in US law. The privacy group will also argue that the agreement neither adequately addresses the court's specific objections to Safe Harbour, nor protects citizens' rights provided for under the EU Charter of Fundamental Rights and by the general principles of EU law.
The DRI's case may have just received a boost from an unusual quarter. As Techdirt reported, the President of the United States has signed an executive order that strips those who are not US citizens of certain rights under the Privacy Act. A spokeswoman for the European Commission told TechCrunch that Privacy Shield "does not rely on the protections under the US Privacy Act." But Jan Philipp Albrecht, a Member of the European Parliament, and the leading expert on data protection regulation there, is not so sure that the framework will escape unscathed. He wrote in a tweet that:
If this is true [about the stripping of privacy protections] @EU_Commission has to immediately suspend #PrivacyShield & sanction the US for breaking EU-US umbrella agreement.
The "EU-US umbrella agreement" refers to another recently-agreed deal that puts in place a comprehensive high-level data protection framework for EU-US law enforcement cooperation. The long thread that follows Albrecht's tweet explores to what extent the Privacy Shield framework is likely to be impacted by the new executive order. There's no clear consensus yet on that. But one thing is for sure: the general thrust of Trump's order probably indicates a broader shift in policy that makes it more likely that the CJEU will strike down Privacy Shield just as it struck down Safe Harbor.
Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: donald trump, eu, privacy, privacy act, privacy shield, safe harbors, us
Reader Comments
The First Word
“They say you can judge a man by the company he keeps. I say it's not just men. If Microsoft and the BSA (a notorious Microsoft front group whose main purpose in life is promoting the progress of copyright abuse, particularly by Microsoft) think it's such a good idea, that's at the very least, a good reason to wonder if we might not be better off without it.
Subscribe: RSS
View by: Time | Thread
"But it's different, we're the Good Guys!"
The earlier framework, called "Safe Harbor," was thrown out by the EU's highest court, the Court of Justice of the European Union (CJEU), largely because of NSA spying on data flows.
...
However, since the NSA has not stopped spying on data flows, some in the EU feel that Privacy Shield offers as little protection for personal data as Safe Harbor.
Any 'framework' should assume that the NSA can and will grab everything it possible can, showing absolutely no restraint whatsoever in it's obsession and 'Collect it all' mindset, and move on from there, because at this point I'd say it's probably safe to assume that the NSA will never voluntarily stop scooping up everything it can get.
Unless the NSA is forced to stop(and at this point I don't think anything less than dissolving the agency entirely would accomplish that) they will completely and utterly ignore and 'privacy' and 'personal data' rules, because why wouldn't they?
[ link to this | view in thread ]
... one of the more obscure courts of the CJEU ...
https://en.wikipedia.org/wiki/Court_of_Justice_of_the_European_Union
[ link to this | view in thread ]
And another thing
I love how there's a question over whether the DRI has legal standing: "whether DRI has standing to bring this legal action". You know like, how dare an Irish organization challenge a European Union arrangement.
And I love how the USA feels totally free to blunder just right on in, like everyone else should just give a crap: "The US government has applied to be an intervening party in a challenge by Irish privacy campaign group Digital Rights Ireland". Because Screaming Eagles.
Team America World Police. It's a thing.
[ link to this | view in thread ]
Re: And another thing
"Other countries that have applied to join the case include France, the UK and the Netherlands.
Microsoft and the Business Software Alliance, which represents the global software industry, have separately applied to join the action."
Looks like Team France, UK, and Netherlands are joining the fray. Lets toss in Team Microsoft and the GLOBAL Business Software Alliance" for good measure.
Should anyone give a crap about these?
[ link to this | view in thread ]
Re: And another thing
And I love how the USA feels totally free to blunder just right on in, like everyone else should just give a crap: "The US government has applied to be an intervening party in a challenge by Irish privacy campaign group Digital Rights Ireland". Because Screaming Eagles.
Team America World Police. It's a thing.
It gets even better when you consider that it was a USG agency that was responsible for 'Safe Harbor' being thrown out, and now 'Privacy Shield' being challenged.
The NSA's 'Collect it all' fetish undermined the first to the point that it was tossed, and now it's doing the exact same thing again with the replacement, and yet the US is filing in defense of the thing, in which I have no doubt that they'll completely ignore the NSA's role and go on and on about how the DRI is making mountains out of molehills, because if there's one thing the USG and it's agencies value and hold sacred above all other things it's the privacy of non-US citizens.
[ link to this | view in thread ]
Re: Re: And another thing
[ link to this | view in thread ]
Re: Re: Re: And another thing
The UK's NSA equivalent(GCHQ I think it was?) certainly displays the same level of 'respect' towards privacy(and right, and laws, and anything that might otherwise prohibit them from doing whatever they want...) that the NSA does, but given the Safe Harbor and now Privacy Shield deal with data going between Europe and the US I'm not sure how much impact their actions would have towards Safe Harbor/Privacy Shield, though the cozy relationship between them and the NSA certainly doesn't help.
Don't know enough about the French and Netherlands equivalents to say either way, but again, both of those are European countries so probably not much impact in this case.
[ link to this | view in thread ]
Re: Re: Re: Re: And another thing
[ link to this | view in thread ]
Re: Re: Re: Re: Re: And another thing
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Re: And another thing
Well, my point was lets just remember the USG is not alone. This train was moving before the US got on, and again they are only one of MANY players involved.
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Re: Re: And another thing
They're not the only ones openly displaying contempt for those pesky 'rights' and 'laws' and concepts like 'privacy', no, not hardly, but in this case a US agency seems to hold the most blame for what has and continues to happen due to the European-US nature of the issue that makes the NSA's actions of more immediate impact, even if other European agencies are just as bad in general.
[ link to this | view in thread ]
[ link to this | view in thread ]
Window Dressing
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Thats not how the world works
Thats, HOW, the world should work
Defeatism leads to subserviance, when we should be argueing their right to our data, our information, our lives, so called supporters of human rights are talking about the best way to implement it in a minimised form. Its the INITIAL implementation thats wrong and dangerous, you accept it, it gets normalised in our lives, then they push the envelope further
The saying "give them an inch, and they take a mile" comes to mind
I wonder if the future generations were offloading this on, will be just like us, or evolved enough to rightly wonder why the fuck we just watched while it happened, those that cared enough to notice, those that noticed but didnt care, not to mention the mentality of the crazies actually driving the crazy bus down to crazytown, you now, the too big to jail folks
One mans leader is another mans tyrant
Theres a reason why the americans constitution makes mention of non interference..........to minimize the risk of the tyrant fork on the road our leaders will inevitably come across.......at least in this day and age
History lesson
1-We learn something profound through hardship
2-Humans look forward
3-Time passes
4-We forget that something profound
5-Humans stall, or go backwards
6-Hardship makes us relearn why number one was profound
7-Goto number 2
Its why, in one particular case, some folks decided to make a sticky note of some of it, and then proceeded to call it a constitution or bill of rights, to protect and as im realising, remind future generations that didnt go through the hardships that created it, or fail to recognise the signs of an overbearing government, or its next entity slogan change
Im disatisfied......can you tell
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Re: Re: Re: And another thing
[ link to this | view in thread ]
Re:
Well, even Thingiverse is getting political.
[ link to this | view in thread ]
They say you can judge a man by the company he keeps. I say it's not just men. If Microsoft and the BSA (a notorious Microsoft front group whose main purpose in life is promoting the progress of copyright abuse, particularly by Microsoft) think it's such a good idea, that's at the very least, a good reason to wonder if we might not be better off without it.
[ link to this | view in thread ]
Microsoft (and other companies) are in it for convenience
[ link to this | view in thread ]
Re: And another thing
That's one if the rare cases where I find it legitimate for the USA to get involved.
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Re: Re: And another thing
[ link to this | view in thread ]