Activists warn of improvements to Privacy Shield • The Register

European privacy activist Max Schrems warns that improvements to the EU-US Privacy Shield data sharing agreements could be legally challenged unless negotiators take a fresh approach.

In an open letter, Schrems — the attorney behind the Schrems II ruling that ended the transatlantic data exchange agreement — said US assurances on EU citizens’ privacy were not enough to avoid another legal challenge.

“We understand that the US has denied any material protections for non-US persons and continues to discriminate against non-US persons by denying basic protections such as court authorization for individual surveillance,” the attorney wrote.

“We understand that the proposed deal will be largely based on US executive orders. Having worked on this matter with US surveillance experts and lawyers, such executive orders appear to be structurally insufficient to meet the requirements of the ECJ.”

In 2020, the European Court of Justice overturned the so-called Privacy Shield after Schrems successfully argued that it gave US government agencies access to EU citizens’ personal data without adequate protections.

Since then, companies have been forced to resort to Standard Contractual Clauses (SCCs) to cover international data exchanges between the EU and the US. In addition to being time-consuming to implement, SCCs may not be watertight.

In March, the US and EU announced that they had reached an agreement to enhance the Privacy Shield data-sharing arrangement to “enable predictable and trustworthy data flows between the EU and the US and protect privacy and civil liberties be protected,” said European Commission President Ursula von der Leyen.

What is Schrems I?

In the first case, stemming from a complaint filed with the Irish Data Protection Commissioner in 2011, privacy activist Max Schrems eventually toppled the largest EU-US data-sharing agreement, Safe Harbor. Schrems had accused Facebook of violating the so-called Safe Harbor Agreement to protect the privacy of EU citizens by transmitting its users’ data to the US National Security Agency (NSA).

In the Schrems I ruling in 2015, Europe’s highest court ruled that data exchange between the EU and the US was invalid under the Safe Harbor framework.

What is Schrems II?

Schrems, a former law student, brought up the latest installment of the long-running case (informally known as Schrems II) in 2015, complaining that the Irish data protection regulator was still not preventing Facebook Ireland Ltd (as the EU representative of the Zuckerberg empire). prevents their data from being beamed to the USA under Privacy Shield.

In July 2020, the EU Court of Justice overturned the so-called Privacy Shield data protection agreements between the political bloc and the US, sparking a new wave of legal confusion over the transfer of data from EU individuals to America.

In the open letter, however, Schrems said the proposed data-sharing directive does not provide sufficient controls over US authorities’ access to EU citizens’ data.

Schrems said the view was based on “preliminary observations” of the policy statements and not on the final text, which is still under negotiation. But he warned that the EU could look forward to another legal challenge if the concerns of his campaign group noyb (nobody’s your business) are addressed.

“We urge negotiators to continue working on a long-standing, privacy-preserving solution for transatlantic flows to avoid a ‘Schrems III’ decision,” he said.

Privacy advisor Bill Mew, founder and owner of Mew Era Consulting, said US President Donald Trump used executive orders to remove protections in the country’s privacy law for information the state holds about non-US citizens, which is part of the legal basis has undermined the Privacy Shield. However, a subsequent president could reverse executive orders.

The track record of implementing regulations affected the level of trust between the two parties as they negotiated the final text of an agreement. It would require “a certain level of commitment and trust on both sides,” Mew said.

He added: “The introduction of a judicial process would have to be applied by law – you couldn’t do that with an executive order. Unfortunately, Congress is at a complete standstill and passing a federal privacy law has proven impossible. Adding the need for additional measures to keep the EU happy would make such legislation even harder to pass.” ®

About Willie Ash

Check Also

MediaTek Genio 1200 Linux System-on-Module supports Cortex-A78/A55 AIoT development kit

ADLINK Technology just introduced the SMARC 2.1 compliant LEC-MTK-I12000 System-on-Module (SoM) powered by a MediaTek …