The U.S. Department of Commerce and the European Commission have initiated discussions to evaluate the potential for an enhanced EU-U.S. Privacy Shield framework to comply with the July 16 judgment of the Court of Justice of the European Union in the Schrems II case.
The US Department of Commerce, in a joint press release with the European Commission, is calling for an enhanced EU-U.S. Privacy Shield framework to comply with the July 16th judgment of the Court of Justice of the European Union in the Schrems II case, which ruled the current EU-US framework “is no longer a valid mechanism to transfer personal data from the European Union to the United States.” (Note: Mr. Schrems claimed in a complaint against Facebook Ireland that the United States does not offer sufficient protection of data transferred to other countries. The case is seen to have broad implications on the enforcement of GDPR data transfer privacy requirements.)
Experts with Stealthbits Technologies and Gurucul offer perspective:
Saryu Nayyar, CEO, Gurucul:
“Europe’s top court striking down Privacy Shield, and Safe Harbor before it, is really no surprise. The internet spans the globe, with data going everywhere, all the time, for billions of users. While the internet was hailed as a borderless platform to bring the world together, the reality is each region has its own concerns and laws governing it. This is a perfect example of exactly that. The European Union puts data privacy for its citizens first, ahead of Law Enforcement and State needs. The US puts National Security and Law Enforcement interests ahead of personal privacy. It’s a fundamental difference in perspective, which makes it difficult for businesses to navigate the legal hurdles while simultaneously complying with conflicting regulations on a global scale. Finding common ground will take negotiation and compromise, but it is vital. The data must flow.”
Dan Piazza, Technical Product Manager, Stealthbits Technologies:
“The EU and the U.S. are working on a new Privacy Shield agreement, however, there’s much room for skepticism after both Safe Harbor and the first Privacy Shield were struck down by the European Court of Justice over the past few years. A joint statement between the U.S. Secretary of Commerce and the EU Commissioner for Justice states the two sides are working towards a new agreement, however, it all seems to be hand waving at this point until the U.S. government makes drastic changes to national data security policy and procedure.
Privacy Shield was struck down primarily because federal U.S. security agencies, such as the NSA, have too much access to personal information stored by U.S. tech companies and other organizations. Without drastic reform to data privacy standards in the U.S., and the reach of agencies like the NSA, any potential new Privacy Shield agreements will most likely be swiftly shut down by the same court in the EU. It’s clear the U.S. needs a mechanism like Privacy Shield in place, however, so far, the U.S. government hasn’t taken any clear action that indicates they intend to start taking data privacy more seriously.”
“The situation needs a serious surveillance reform. To this day, it crosses the line of human rights and privacy. Our US data protection laws are different from the EU. They offer much less protection than EU laws. In return, personal data from across the Atlantic could be stored without security measures, can be used without users’ knowledge, sold to other companies without protection, and possibly stolen. The EU-U.S. privacy shield was supposed to help provide protection to data and enforce companies to protect trans-Atlantic data with EU standards while providing limits on the data being shared or accessed. However, when it was being formed there were plenty of surveillance holes.
But let’s be real – did the EU do this to push for change? Or to “be seen” by the public to push for change? Because the reality is the U.S. has their hands deep in tech platforms. Thus, the EU often bends backwards for the U.S. because of its power and control, which we saw when creating the EU-U.S. privacy shield. And because of this power and control, the U.S. and EU are again trying to reach another “agreement” to make sure everything continues to function. But whoever controls tech has the ability to do what they want – and since that’s the US, it prevent the EU from imposing anything because they don’t have equal standing. Unless both parties are equally weighted during talks, the one in control can continue to have their demands met more than the weaker party. “