Privacy Shield is the proposed new deal between the EU and the US that is supposed to safeguard all personal data on EU citizens held on computer systems in the US from being subject to mass surveillance by the US National Security Agency. The data can refer to any transaction — web purchases, cars or clothing — involving an EU citizen whose data is held on US servers.
Privacy groups say Privacy Shield — which replaces the Safe Harbor agreement ruled unlawful in October 2015 — does not meet strict EU standard on the use of personal data. Monique Goyens, Director General of the European Consumer Organization (BEUC) told Sputnik:
"We consider that the shield is cracked beyond repair and is unlikely to stand scrutiny by the European Court of Justice. A fundamental problem remains that the US side of the shield is made of clay, not iron."
The agreement has been under negotiation for months ever since the because the European Court of Justice ruled in October 2015 that the previous EU-US data agreement — Safe Harbor — was invalid. The issue arises from the strict EU laws — enshrined in the Charter of Fundamental Rights of the European Union — to the privacy of their personal data.
#PrivacyShield allows companies to "self-certify". Great news everyone! It's a certified data company! pic.twitter.com/3gOByRgVmH
— Hacker Fantastic (@hackerfantastic) 12 July 2016
Facebook Lawsuit
The Safe Harbor agreement was a quasi-judicial understanding that the US undertook to agree that it would ensure that EU citizens' data on US servers would be held and protected under the same restrictions as it would be under EU law and directives. The data covers a huge array of information — from Internet and communications usage, to sales transactions, import and exports.
#PrivacyShield opens hole in protection of EU citizens’ privacy. https://t.co/NMpiINOtEk #EUdataP pic.twitter.com/FGRBLdlnsx
— The Consumer Voice (@beuc) 12 July 2016
The case arose when Maximillian Schrems, a Facebook user, lodged a complaint with the Irish Data Protection Commissioner, arguing that — in the light of the revelations by ex-CIA contractor Edward Snowden of mass surveillance by the US National Security Agency (NSA) — the transfer of data from Facebook's Irish subsidiary onto the company's servers in the US does not provide sufficient protection of his personal data.
The court ruled that: "the Safe Harbor Decision denies the national supervisory authorities their powers where a person calls into question whether the decision is compatible with the protection of the privacy and of the fundamental rights and freedoms of individuals."
VIDEO: #PrivacyShield approved today. Watch my statement w/ @PennyPritzker https://t.co/2oSE880Qwn @EU_Commission pic.twitter.com/RG7XIK5UnW
— Věra Jourová (@VeraJourova) 12 July 2016
Launching Privacy Shiled, Vera Jourova, European Commissioner for Justice, Consumers and Gender Equality said the deal promised:
"Strong data protection obligations that we be more robustly enforced by US authorities. Secondly, reassurance from the US Government that any access to personal data for law enforcement or national security purposes is limited to what is necessary and proportionate, building on the important intelligence reforms by President Obama. Thirdly, easier redress possibilities for European in case of complaints about how their data is handled."
However, Monique Goyens told Sputnik: "The Commission should have listened more to data protection bodies and privacy advocates rather than giving in to political and commercial pressure from the tech industry and the US government. Sadly, commercial motivations seem to have outweighed citizens' right to privacy."
