EU-US Privacy Shield Still Not Protecting Your Privacy
EU-US Privacy Shield Still Not Protecting Your Privacy
Full text of the new draft EU-US Privacy Shield was released February 29th but has not been signed yet. They have made some changes from the previous Safe Harbor Agreement. While some are good improvements, some seem to have not changed how our data is handled at all. A conclusion on if the draft agreement will be acceptable should be made by mid-April to the end of April.
History: Safe Harbor Agreement
Before going in to the Privacy Shield here is the history of why we needed a new agreement between the European Union and United States. In an earlier blog, Safe Harbor Ruled Invalid, How it Affects You, we talked about the invalid ruling of the Safe Harbor Agreement and how it affected businesses and consumers. So here’s a little history on the old Safe Harbor Agreement:
The European Union (EU) and the United States (US) established the Safe Harbor Pact in 2000. This allowed businesses to legally funnel info across the Atlantic. Common data storage and transfers might include global commerce, sending and receiving emails, and even posting on social media. US companies can “self-certify” that they meet the stricter European privacy standards.
In early October of 2015, the European Court of Justice found the US approach to domestic surveillance and absence of legislation governing certain privacy rights was not up to European standards following a case brought by an Austrian student Max Schrems. The EU then made the Safe Harbor pact invalid. They believe the US has compromised their data and would like for some changes to happen to ensure the US is not spying on their citizens.
While there are some improvements to the Trans-Atlantic data transfer deal many say it does not differ much from the original Safe Harbor and does not address the “core concerns and fundamental flaws of US surveillance law and the lack of privacy protections under US law.”
Key Positive Takeaways:
[space10]Citizen and Company Complaints
The new agreement gives companies and citizens the chance to complain and dispute any mishandling of records and personal information. Governments must resolve such complaints within 45 days or use a free “alternative Dispute Resolution”.
An ombudsman is a public advocate representing the interests of the public by investigating and addressing complaints. An ombudsman within the US State Department will handle any allegations of privacy violations.
Key Negative Takeaways:
[space10]Collecting Data in “Bulk”
In a Press Release from February 29th the European Commission states there will be “no indiscriminate or mass surveillance by national security authorities.” But then is contradicted by this:
6 exceptions where US can collect data “in bulk”:
- Detecting and countering certain activities of foreign powers
- Detecting and countering threats to US or allied armed forces
- Combating transnational criminal threats, including sanctions evasion
US Judicial Redress Act
In addition to the Privacy shield, President Obama signed the U.S. Judicial Redress Act on February 24th that will “give EU citizens access to US courts to enforce privacy rights in relation to personal data transferred to the U.S. for law enforcement purposes. ” […] The Judicial Redress Act will extend the rights U.S. citizens, and residents enjoy under the 1974 Privacy Act also to EU citizens.”
At first that sounds good. After further research on the Privacy Act of 1974, many believe that the Privacy Act is “worthless”, with similar views from the Electronic Frontier Foundation (EFF),. There are many exceptions including 32 CFR 322.7 which exempts the NSA from rules of privacy on records maintained on individuals, according to 5 U.S. Code § 552a.
“Essential Equivalence” Non-Existent
One of the most important parts of changing this agreement was to have “essential equivalence” of European data protection in the US. Max Schrems points out that this deal falls short:
“The new deal does not even address the matter of private sector data misuse, despite the fact that there would have been much more leeway than in the government sector. There are tiny improvements, but the core rules on private data usage are miles away for EU law.”(TechCrunch)
Privacy Shield Certified
Under the Privacy Shield a business can become ‘certified’ to establish “adequate” protections for Trans-Atlantic data transfers. While this helps to protect your business from data transfer problems, it does not protect you completely.
The new agreement allows Data Protection Authorities (DPAs) to suspend data flow regardless of a business being Privacy Shield Certified. This would mean you cannot secure continuous data flow for your company.
The EU-US Privacy Shield still needs to be approved by the EU’s WP29, also known as the Article 29 Working Party, and from the privacy issues others have already found in the draft it does not seem likely it will be approved.
“They tried to put 10 layers of lipstick on a pig, but I doubt the court and the DPA’s now suddenly want to cuddle with it”
Why Is It Important To Know Who Owns Your Representative? One Example: Glass-Steagall
Just why is it important to know who owns your representative? The need to be an informed voter is obvious – it’s good to know what your representative’s priorities and motivations are when it comes time for elections. Beyond being in the know about the organizations and companies your elected officials represent, it’s worthwhile to know just who is financially backing your representative as well, so that you know where you – the constituent – fit into the picture. Do you have as much influence as you think?
While corporations cannot directly back a given elected official, laws have paved the way for them to shell out significant amounts of money to support their views on a campaign. This has far-reaching effects regarding how and when laws are enacted.
In 1933, four years after the stock market crashed, the Glass-Steagall Act was established as a way of preventing commercial banks from trading securities with their clients’ deposits – effectively gambling deposits on the stock market. The collapse of the banking system was still fresh in everyone’s mind when they created the FDIC as a guard against bank runs in the Banking Act of 1933.
Starting in the 1960s and as time went on, the Glass-Steagall Act grew less effective as it was legislated away bit by bit, until in 1999 under the Clinton Administration the act was repealed entirely. President Clinton declared that the act was “no longer appropriate” as banks pushed their way into expanded banking and securities. The repeal of the Glass-Steagall Act is believed by many to have lead to the 2008 financial crisis, when banks became “too big to fail”.
Fast-forwarding to more recent history, the Dodd-Frank Wall Street Reform and Consumer Protection Act was signed into federal law in 2010 as a means of reigning in financial regulation and to correct the downturn. One section of the act included the Volcker Rule – a rule to restrict United States banks from making certain kinds of speculative investments – effectively a ban on proprietary trading by commercial banks.
As of fall 2013, the rule has still not been implemented and estimates are that it won’t take effect until July 2014. Lobbyists are trying to push the law back further still.
Why So Much Power?
Why is it that corporations – banks, in this case – have so much power to push back a law for four or more years while breaking deadlines and dragging their feet? Why aren’t they being held accountable?
The answer to this is as murky as it sounds, and exactly why it’s important to know where campaign contributions come from. The Taft-Hartley Act in 1947 prohibited labor unions and corporations from spending money to influence federal elections. This lead to the formation of PACs and Super PACS. Super PACS may not make contributions to candidate campaigns or parties, but may engage in unlimited spending independently of the campaigns – including with organizations and groups.
Meanwhile, the Citizens United vs FEC case held that the First Amendment prohibits the government from restricting independent expenditures by organizations and groups, in a 5-4 decision that the Bipartisan Campaign Reform Act violated the First Amendment. The majority ruled that people in a group (the organization) could not be prevented from free speech any more than individuals or the press.
Free Speech, or Campaign Contributions?
This did not affect actual campaign contributions, but it permitted partisan organizations to spend unlimited amounts of money on political campaigns, often greatly affecting the outcome.
The Citizens United vs FEC case, along with the surge of Super PACs in the last bout of Federal Elections, made very apparent the influence and strength behind organizations putting forth money advocating for political campaigns. Organizations, be they corporations or Super PACs, can place considerably more money towards a cause than even wealthy individuals. This problem becomes more urgent when we consider the existence of large media organizations capable of delivering a message – positive or otherwise – to more than a hundred million homes across America*. It becomes clear that a candidate is not only beholden to the corporations and Super PACs that helped them get elected, but also to the media machine itself. When a company or group can drag your name through the mud in front of millions, or set you up on a pedestal as a hero, the decision making process for individual voters becomes irrelevant. By the time a voter gets to see a candidate, he or she has already been bought and paid for by any number of organizations and special interests.
Back to Consumer Protection
Returning to the Volck Rule from the Consumer Protection Act, there is little wonder as to why lobbyists and outside influences have delayed a rule that may stand in the way of banks being Too Big To Fail. The money can speak, has spoken, and has a much stronger voice when made by a large corporation than by an individual citizen.
So, who owns your representative? The Who Owns My Rep project helps you find out the companies or organizations funding your representative. Does this help to explain their behavior?
* As of May 2013, Nielsen estimates that there are 115.6 million TV homes in the US, making television a staggeringly powerful tool to sway opinions – and votes – in America.
The Cyber Intelligence Sharing and Protection Act, or, CISPA, is a proposed law in the United States which would allow for the sharing of Internet traffic information between the U.S. government and certain technology and manufacturing companies. The aim of the bill is to help the U.S government investigate cyber threats and ensure the security of networks against cyberattack.
Its predecessors, SOPA (Stop Online Piracy Act) and PIPA (Protect IP Act) were blocked earlier this year; however, CISPA has been passed in the House of Representatives and is now awaiting attention in the Senate.
Overview of CISPA
While SOPA and PIPA were meant mostly for stopping pirated material from being transferred over the internet, CISPA is an entirely different can of worms. Succinctly put, it allows both the government and private businesses to share information about cyberthreats. (Cyberthreats are anything making “efforts to degrade, disrupt or destroy” vital networks, or anything that makes a “threat or misappropriation” of information owned by the government or private businesses.) CISPA rewards companies for collecting data from internet users, intercepting or modifying communications, and providing this information to the government.
What does this mean to you, as a company with a website?
CISPA mostly affects individual internet users, however, its intent is to allow companies to protect their computers and networks against global cybersecurity threats. Information-sharing with the government is voluntary; however, data anonymity is encouraged and not required (from “CISPA Will Improve U.S. Cybersecurity” by Matthew Eggers at the US News and World Report).
According to an article from the Electronic Frontier Foundation, “One of the scariest parts of CISPA is that the bill goes above and beyond information sharing. Its definitions allow for countermeasures to be taken by private entities, and we think these provisions are ripe for abuse… These countermeasures could put free speech in peril, and jeopardize the ordinary functioning of the Internet… These countermeasures could even serve as a back door to enact policies unrelated to cybersecurity, such as disrupting p2p traffic.”
Additionally, “Heritage [Foundation] discussed how CISPA gives private entities ‘clear legal authority to defend their own networks.’ While we think private entities should be able to defend their networks, they should not be able to do without accountability in a manner that threatens free speech or disrupts the Internet.”
Where do you stand?
Appletree MediaWorks believes privacy is of the utmost importance, however, in a democratic society such as ours, we recognize the need for discourse on all topics of this nature. Please feel free to comment with your opinion on CISPA.
Take A Stand Against PIPA & SOPA Acts
You may have heard about Protect-IP (PIPA) and the Stop Online Piracy Act (SOPA) currently under consideration in Congress. We would like to make sure you are aware of Appletree MediaWorks official position on SOPA.
As a national provider of online Web services, we oppose the Stop Online Piracy Act (SOPA) or Protect-IP (PIPA) Acts currently under consideration. While we observe the concerns of those who are troubled by the potential impact on protecting intellectual property online, Appletree MediaWorks feels there is an urgent need to strike a balance between dissemination of and access to information and protection against its illegal use within the public domain.
The US government is currently reviewing SOPA and PIPA as possible ways to prevent unlawful distribution of copyrighted materials available on the Internet. These current proposals, if passed, would allow for significant interventions into the technological and economical basis of the Internet. This could put the vast benefits and economic opportunities of entirely legal and legitimate e-business models at risk. Generally, companies offering technological services should not be forced to be the executor of authority in such matters. If they were to act upon every implication of content infringement without any judicial research into the actual usage of its customers, the integrity behind their customer’s freedom of information and speech would be enormously harmed.
We encourage every Internet user concerned about these plans to contribute to the debate and to raise their voice with their local representatives in the House or Senate. We welcome the serious consideration by the US Congress of the potential
harmful effects on Internet freedom should SOPA and / or PIPA be passed as law, and hope the stability of the Internet’s domain name system (DNS) remains intact.
One way to express your concerns could be to use one of the websites that emerged to protect user interests in the current legislative debate, such as Fight for the Future, “a nonprofit working to expand the internet’s power for good”.
At Appletree MediaWorks, we support you, our customer, and an open Internet. Thank you for being one of our extremely valued customers, and for taking the time to read this.