[kictanet] Fwd: [Internet Policy] NYT: Data Transfer Pact Between U.S. and Europe Is Ruled Invalid
Barrack Otieno
otieno.barrack at gmail.com
Mon Oct 12 00:07:44 EAT 2015
---------- Forwarded message ----------
From: Joly MacFie <joly at punkcast.com>
Date: Tue, 6 Oct 2015 13:46:23 -0400
Subject: [Internet Policy] NYT: Data Transfer Pact Between U.S. and
Europe Is Ruled Invalid
To: "internetpolicy at elists.isoc.org" <InternetPolicy at elists.isoc.org>
http://www.nytimes.com/2015/10/07/technology/european-union-us-data-collection.html
Europe’s highest court on Tuesday struck down an international agreement
that allowed companies to move people’s digital data between the European
Union and the United States, leaving the international operations of
companies like Google and Facebook in a sort of legal limbo.
The ruling, by the European Court of Justice, said the so-called safe
harbor agreement was flawed because it allowed American government
authorities to gain routine access to Europeans’ online information. The
court said leaks from Edward J. Snowden, the former contractor for the
National Security Agency, made it clear that American intelligence agencies
had almost unfettered access to the data, infringing on Europeans’ rights
to privacy.
The court said data protection regulators in each of the European Union’s
28 countries should have oversight over how companies collect and use
online information of their countries’ citizens. Many European countries
have widely varying stances towards privacy.
Data protection advocates hailed the ruling. Industry executives and trade
groups, though, said the decision left a huge amount of uncertainty for big
companies. They called on the European Commission to complete a new safe
agreement with the United States, a deal that has been negotiated for more
than two years.
Some European officials and many of the big technology companies, including
Facebook and Microsoft, tried to play down the impact of the ruling, saying
side agreements with the European Union should allow the companies to
continue moving data across borders.
But some of Europe’s national privacy watchdogs are expected to make it
hard for large companies like Facebook to transfer Europeans’ information
overseas under the current data arrangements. And the ruling appeared to
leave smaller companies with fewer legal resources vulnerable to potential
privacy violations.
“We can’t assume that anything is now safe,” Brian Hengesbaugh, a privacy
lawyer with Baker & McKenzie in Chicago who helped to negotiate the
original safe harbor agreement. “The ruling is so sweepingly broad that any
mechanism used to transfer data from Europe could be under threat.”
At issue is the sort of personal data that people create when they post
something on Facebook or other social media; when they do web searches on
Google; or when they order products or buy movies from Amazon or Apple.
Such data is hugely valuable to companies, which use it in a broad range of
ways, including tailoring advertisements to individuals and promoting
products or services based on users’ online activities.
The data-transfer ruling does not apply solely to tech companies. It also
affects any organization with international operations, such as when a
company has employees in more than one region and needs to transfer payroll
information or allow workers to manage their employee benefits online.
Frans Timmermans, the first vice president for the European Commission,
which will be charged with carrying out the ruling, tried to ease the
concerns of companies on Tuesday. He said businesses could still move
European data to the United States through other existing treaties.
He added that the European Commission would work with national privacy
regulators to ensure that the court’s decision was carried out in a uniform
fashion across the entire region.
“Citizens need robust safeguards,” said Mr. Timmermans. “And companies need
certainty.”
But it was unclear how bulletproof those treaties would be under the new
ruling, which cannot be appealed and went into effect immediately. Europe’s
privacy watchdogs, for example, remain divided over how to police American
tech companies.
France and Germany, where companies like Facebook and Google have huge
numbers of users and have already been subject to other privacy rulings,
are among the countries that have sought more aggressive protections for
their citizens’ personal data. Britain and Ireland, among others, have been
supportive of Safe Harbor, and many large American tech companies have set
up overseas headquarters in Ireland.
“For those who are willing to take on big companies, this ruling will have
empowered them to act,” said Ot van Daalen, a Dutch privacy lawyer at
Project Moore, who has been a vocal advocate for stricter data protection
rules.
The safe harbor agreement has been in place since 2000, enabling American
tech companies to compile data generated by their European clients in web
searches, social media posts and other online activities.
Under the deal, more than 4,000 European and American companies had been
expected to treat the information moved outside the European Union with the
same privacy protections the data had inside the region. The United States
government had lobbied aggressively in Brussels in recent months to keep
the agreement in place.
The United States and the European Union have worked for roughly two years
on a new safe harbor agreement. The court’s ruling now puts pressure on
negotiators to complete an agreement, but it may also complicate matters.
Any new deal had already been expected to give Europeans greater say over
how their online information is collected, transferred and managed by tech
companies. But the talks have stalled over what type of access to European
data American intelligence agencies should be given, according to several
people with direct knowledge of the matter, who spoke on the condition of
anonymity.
In addition, legal experts said that even if a new deal is reached, the
court’s decision would would still give the national privacy regulators
some say over the transfer of data.
Penny Pritzker, the American secretary of commerce, said she was
disappointed about the European court’s decision, adding she would work
with the European Commission to finalize the new safe harbor agreement.In
its ruling, the European court noted that the region’s 500 million citizens
did not have the right to bring legal cases in United States courts if they
believed their privacy had been infringed by American companies or by the
United States government. A bill to provide this legal recourse is being
debated in Congress, though analysts said it was unlikely to become law
before the American elections next year.
The legal ruling “puts at risk the thriving transatlantic digital economy,”
she said in a statement on Tuesday.
The lengthy negotiations have highlighted the different approaches to
online data protection. In the United States, privacy is viewed as a
consumer protection issue; in Europe, privacy is almost on a par with such
fundamental rights as freedom of expression. Last year, Europe’s top court
ruled that anyone with connections to the region could ask search engines
like Google to remove links about themselves from online results. European
campaigners said this so-called right to be forgotten ruling would help
protect people’s online privacy, while many in the United States said the
decision would curtail online freedom of speech.
Those differences became more pronounced after Mr. Snowden revealed how
American and British intelligence agencies had seemingly unfettered access
to people’s online activities.
“The United States safe harbor scheme thus enables interference, by United
States public authorities, with the fundamental rights of persons,” the
judges said in a statement on Tuesday, referring to access to European data
by American intelligence agencies.
The case reviewed by the European Court of Justice related to a complaint
brought by Max Schrems, a 27-year-old Austrian graduate student, who argued
that Europeans’ online data was misused when Facebook was said to have
cooperated with the N.S.A.’s Prism program.
That program is reported to have given the American agency significant
access to data collected by several American tech companies. Facebook
denies that the United States government had unlimited access to its users’
data.
Mr. Snowden on Tuesday, after the court ruling, posted a message on Twitter
praising Mr. Schrems: ‘‘Congratulations, @maxschrems. You’ve changed the
world for the better.’’
In a statement on Tuesday, Mr. Schrems, who is pursuing a separate civil
class-action lawsuit against Facebook in an Austrian court, praised the
decision.
“Governments and businesses cannot simply ignore our fundamental right to
privacy,” he said, “but must abide by the law and enforce it.”
--
---------------------------------------------------------------
Joly MacFie 218 565 9365 Skype:punkcast
--------------------------------------------------------------
-
--
Barrack O. Otieno
+254721325277
+254-20-2498789
Skype: barrack.otieno
http://www.otienobarrack.me.ke/
More information about the KICTANet
mailing list