On Tuesday a new pact, Privacy Shield, went into effect between the U.S. and the European Union, giving American companies a simpler alternative to dealing with the E.U.'s normal data protection rules when shuttling data across the Atlantic.
Businesses can sign up to participate starting on Aug. 1, Reuters reported. Firms like Google and Microsoft are already planning to, but Facebook is allegedly waiting to evaluate the text of the pact, and there is no word yet on whether Apple will come onboard.
An earlier data agreement — Safe Harbor — was in place for about 15 years, but was in October was ruled invalid by the European Court of Justice, which expressed concerns about intrusion by U.S. intelligence agencies. In 2013, former NSA contractor Edward Snowden revealed numerous overreaches by the organization, such mass surveillance at home and even the tapping of German Chancellor Angela Merkel's cellphone. In some cases high tech firms like Apple and Microsoft were instrumental to the NSA's activities, whether willing or otherwise.
In theory Privacy Shield will give Europeans a safety net if they feel their data is being abused. This includes an ombudsman at the U.S. State Department, an annual review conducted by the European Commission and the U.S Department of Commerce, and cooperation between European privacy agencies and the U.S. Federal Trade Commission.
The pact is expected to be challenged in court by groups that say it doesn't do enough to protect Europeans.
Apple is likely to participate in Privacy Shield, since the company's first two European datacenters — located in Ireland and Denmark — aren't scheduled to start operations until sometime in 2017, and in the meantime its devices are increasingly dependent on cloud services.
3 Comments
Seems that the lobbyists are making much noise. Anyone well versed in EU Privacy Law and who has read and understood the decision of the EUCJ (the last-instance in EU Jurisdiction ... equivalent to the US Supreme Court) will understand that the "Privacy Shield" is a joke and is hignly unlikely to survive a challenge before that court.
Just for those who don't understand the full picture ... The privacy shield is an administrative act by the EU commission ... and the EUCJ has already determined that the EU Commission is subordinate in legal affairs to the EUCJ.
It is also quite likely that the privacy shield may well be challenged or declared invalid by individual national data protection authorities, independently of anything the EU Commission may wish to believe. In addition to its other findings, the EUCJ clearly stated that such administrative decisions of the EU Commission do not impair in any way the rights and obligations of the national data protection authorities to exercise their full statutory independence. Think about that for a moment or two before getting too excited about the Privacy Shield :-) It would be very unwise to stake any real hopes that the Privacy Shield will survive ... or any subsequent measure absent meaningful changes to US law. That is the crux of the matter.
I'm afraid that nobody in Europe, in their right mind, will believe that the US is suddenly going to stop snooping into people's data. As to the "ombudsman" well, ever heard of the expression : putting the horse behind the cart ?