EU-US Privacy Shield Still Not Protecting Your Privacy
Full text of the new draft EU-US Privacy Shield was released February 29th but has not been signed yet. They have made some changes from the previous Safe Harbor Agreement. While some are good improvements, some seem to have not changed how our data is handled at all. A conclusion on if the draft agreement will be acceptable should be made by mid-April to the end of April.
History: Safe Harbor Agreement
Before going in to the Privacy Shield here is the history of why we needed a new agreement between the European Union and United States. In an earlier blog, Safe Harbor Ruled Invalid, How it Affects You, we talked about the invalid ruling of the Safe Harbor Agreement and how it affected businesses and consumers. So here’s a little history on the old Safe Harbor Agreement:
The European Union (EU) and the United States (US) established the Safe Harbor Pact in 2000. This allowed businesses to legally funnel info across the Atlantic. Common data storage and transfers might include global commerce, sending and receiving emails, and even posting on social media. US companies can “self-certify” that they meet the stricter European privacy standards.
In early October of 2015, the European Court of Justice found the US approach to domestic surveillance and absence of legislation governing certain privacy rights was not up to European standards following a case brought by an Austrian student Max Schrems. The EU then made the Safe Harbor pact invalid. They believe the US has compromised their data and would like for some changes to happen to ensure the US is not spying on their citizens.
What’s New
While there are some improvements to the Trans-Atlantic data transfer deal many say it does not differ much from the original Safe Harbor and does not address the “core concerns and fundamental flaws of US surveillance law and the lack of privacy protections under US law.”
Key Positive Takeaways:
Citizen and Company Complaints
The new agreement gives companies and citizens the chance to complain and dispute any mishandling of records and personal information. Governments must resolve such complaints within 45 days or use a free “alternative Dispute Resolution”.
Ombudsman
An ombudsman is a public advocate representing the interests of the public by investigating and addressing complaints. An ombudsman within the US State Department will handle any allegations of privacy violations.
Key Negative Takeaways:
Collecting Data in “Bulk”
In a Press Release from February 29th the European Commission states there will be “no indiscriminate or mass surveillance by national security authorities.” But then is contradicted by this:
6 exceptions where US can collect data “in bulk”:
- Detecting and countering certain activities of foreign powers
- Counterterrorism
- Counter-Proliferation
- Cybersecurity
- Detecting and countering threats to US or allied armed forces
- Combating transnational criminal threats, including sanctions evasion
US Judicial Redress Act
In addition to the Privacy shield, President Obama signed the U.S. Judicial Redress Act on February 24th that will “give EU citizens access to US courts to enforce privacy rights in relation to personal data transferred to the U.S. for law enforcement purposes. ” […] The Judicial Redress Act will extend the rights U.S. citizens, and residents enjoy under the 1974 Privacy Act also to EU citizens.”
At first that sounds good. After further research on the Privacy Act of 1974, many believe that the Privacy Act is “worthless”, with similar views from the Electronic Frontier Foundation (EFF),. There are many exceptions including 32 CFR 322.7 which exempts the NSA from rules of privacy on records maintained on individuals, according to 5 U.S. Code § 552a.
“Essential Equivalence” Non-Existent
One of the most important parts of changing this agreement was to have “essential equivalence” of European data protection in the US. Max Schrems points out that this deal falls short:
“The new deal does not even address the matter of private sector data misuse, despite the fact that there would have been much more leeway than in the government sector. There are tiny improvements, but the core rules on private data usage are miles away for EU law.”(TechCrunch)
Privacy Shield Certified
Under the Privacy Shield a business can become ‘certified’ to establish “adequate” protections for Trans-Atlantic data transfers. While this helps to protect your business from data transfer problems, it does not protect you completely.
The new agreement allows Data Protection Authorities (DPAs) to suspend data flow regardless of a business being Privacy Shield Certified. This would mean you cannot secure continuous data flow for your company.
The Outlook
The EU-US Privacy Shield still needs to be approved by the EU’s WP29, also known as the Article 29 Working Party, and from the privacy issues others have already found in the draft it does not seem likely it will be approved.
“They tried to put 10 layers of lipstick on a pig, but I doubt the court and the DPA’s now suddenly want to cuddle with it”
-Max Schrems
Subscribe To Our E-Newsletter
Recent Articles
- The Great Phishing Scamdemic
Have you been noticing an abundance of suspicious looking emails flooding y…
- Serious Risks to Consider When Socializing Distantly
In today’s crazy world of staying home instead of visiting friends, we’ve a…
- Ten Tips on How to be Successful While Working From Home Dur
As a web developer of over 15 years, I’ve spent a lot of time working remot…
Categories
Recommended Posts
- Calendar
- Why Is It Important To Know Who Owns Your Representative? One Example: Glass-Steagall
- Facebook Password Reset Scam!
- How the Internet Helps in a Crisis
- Web Designer Vs. Web Developer
- Cat Tech Tips – Computer Updates
- Social Media Copyright Issues: Fair Use or Infringement?
- What’s a Twitter Storm?
- Cat Tech Tips: Cleaning the Computer
- Technology for Christmas
Upcoming Events
Social Media
-
- A great quote to live by! Happy President's Day 🇺🇸
.
.
.
#presidentsday #internet #truthish #quotes #life #inspiration #quoteoftheday #quote #follow #success #believe #inspirationalquotes #quotestagram #quotestoliveby - Happy Valentine's Day ❤️
.
.
.
#valentine #pickuplines #cupid #love #valentinesday #pickuplines101 #valentines #valentineday #valentinegift #heart - I don't know who needs to hear this, but Valentine's Day IS this Sunday. She'll remember.... 🥰💐
- How to see what Facebook knows about you, and download your data Do you know what they know?
.
.
#Facebook #Facebookpage #PrivacyAware #privacypolicy #Data #datasecurity - Tech that died in 2020 We've been busy helping clients with Flash workarounds for training software. What tech are you going to mourn in #2021?
- How to recycle your old phone, laptop, TV and batteries for free A win for those with resolutions to declutter or be nice to the environment this year. I'd never heard of Cell Phones For Soldiers before!
- We can’t thank you enough for all of your support this year. From our entire team, we want to wish you a happy, healthy, and prosperous new year! #welcome2021goodbye2020 https://t.co/yEYCRBAK4d
-
-
- I'm not just scrolling to the bottom and hitting AGREE anymore.
.
.
.
#2021 #ReadyorNot #HereWeGo #happynewyear2021 -
-
-
-
- The year is 1997.
You: *struggling to write a letter*
Clippy: Would you like some assistance with that? -
-
- The Jetsons predicted 2020.. just waiting on the flying cars. No doubt our hero @elonmusk will make that come true too. 🚀 #jetsons #telework #onlineclasses #telemedicine #videocalls #tesla https://t.co/0T1s3MgaMx
- @GovWhitmer Why aren't #Michigan groomers allowed to open if they are offering curbside service? #Ohio and #Indiana allow it. Asking for a client (and our staff).
- The most popular pickup line for Web Developers: "Can I clear your cache?" https://t.co/pIUAEr23nX
-
- Have you considered the risks of socializing distantly? 💬🗨️⚠️ https://t.co/xzOTfGBJIc
#SocialDistancing #SocialMedia - If #IRS doesn’t have your direct deposit info, a check will be mailed to your address on file. For your #TaxSecurity, do NOT provide your direct deposit or banking information for others to input on your behalf into the IRS...
- Chinese Government Holds Back Everyone’s Internet Freedom: A strong example of the problems this world... Chinese Government Holds Back Everyone’s Internet Freedom: A strong example of the problems this world faces with cyber censorship is what is going on in China. The government blocks many websites, searches, and software based on their content.
- EU-US Privacy Shield Still Not Protecting Your Privacy: Still collecting bulk data, problems with the... EU-US Privacy Shield Still Not Protecting Your Privacy: Still collecting bulk data, problems with the judicial redress act, and no true protection for businesses
- Copyright and Social Media: This has become a gray area. Almost everyone is guilty of... Copyright and Social Media: This has become a gray area. Almost everyone is guilty of sharing something on social media, whether it be Facebook, Twitter, or Pinterest, that was copyrighted and not yours to share. But what is fair to ...
- How Your Devices are Tracking you and How to Stop it: Apple, Microsoft, and Android How Your Devices are Tracking you and How to Stop it: Apple, Microsoft, and Android
- Being Safe while Downloading Apps: With how many apps are downloaded it is always a... Being Safe while Downloading Apps: With how many apps are downloaded it is always a good idea to stay safe while downloading. You must take precautions, learn where to download, and do your research.