Advertisement

We need your help now

Support from readers like you keeps The Journal open.

You are visiting us because we have something you value. Independent, unbiased news that tells the truth. Advertising revenue goes some way to support our mission, but this year it has not been enough.

If you've seen value in our reporting, please contribute what you can, so we can continue to produce accurate and meaningful journalism. For everyone who needs it.

€2 a Month €5 a Month One-off amount
Dominic Lipinski/PA Wire
finishing touches

The new way US tech giants are going to handle your data is almost in place

The EU and US have released details of their Privacy Shield agreement, designed to replace its previous data transfer agreement Safe Harbour.
3.21pm, 29 Feb 2016
12.8k
4

THE EUROPEAN UNION (EU) and the US have released the full details of their new transatlantic data transfer agreement.

The Privacy Shield agreement was originally decided upon at the beginning of February as a way of replacing the Safe Harbour agreement, but details had still yet to be decided.

Safe Harbour fell was deemed to be invalid after the EU Court of Justice (ECJ) said it was lacking in a number of areas regarding the US and mass surveillance.

The decision originated from Max Schrems’, a privacy rights campaigner from Austria, complaint with the Irish Data Protection Commissioner regarding Facebook’s handling of his personal data.

When it was brought to the ECJ, it said the agreement didn’t offer users enough privacy protections.

Europe Facebook Lawsuit Max Schrems at the European Court of Justice in October the day it deemed Safe Harbour invalid. Geert Vanden Wijngaert / PA photos Geert Vanden Wijngaert / PA photos / PA photos

The result of that was Privacy Shield, which aims to ensure the personal data of EU citizens is given the same privacy protections in the US like it would in the EU.

According to the European Commission’s FAQ, American companies will register to be on the Privacy Shield list and certify themselves so they meet the requirements set out. The procedure has to be done each year.

The US Department of Commerce will have to monitor and verify that company’s privacy policies are presented in line with the agreement and are readily available. The US will be required to maintain a list of said members and ensure that those who aren’t members continue to follow the same rules as if they were signed up to it.

As part of the agreement, both the EU and US will be required to:

  • Review the agreement annually, which will be carried out by the European Commission and the US Department of Commerce.
  • Incorporate additional measures for EU citizens to solve grievances with companies concerning data use. Complaints have to be resolved by companies within 45 days and an Alternative Dispute Resolution solution will be available free of charge. Citizens can also go to their national data protection authority to resolve the problem, and if it’s not resolved, they can use an enforceable arbitration mechanism.
  • Create an ombudsperson mechanism which will follow up on complaints and enquiries by individuals. They will work within the US Department of State, and will be independent from national security laws.

The EU released it as an ‘adequacy decision’ meaning a non-EU country ensures an adequate level of protection of personal data. It also called on the US to strengthen its domestic privacy protections so they match the same data protection standards in the EU.

However, Scherms has criticised the deal saying it already violates the rules made by the ECJ on Safe Harbour.

“Basically the US openly confirmed that it violates EU fundamental rights in at least six cases,” he said in a statement. “The Commission claims that there is no ‘mass surveillance’ anymore. It used to be the other way around. This charade is not only bluntly in conflict with the law and the Court judgement but also with the document the Commission presented”.

It begs the question what forces push the Commission in the background. This is obviously not driven by a rational implementation of the facts, the law and the judgement.

While the details of the agreement have been set, it still needs to be approved by European data regulators, and EU member states have to ratify the agreement. If they agree on the draft, then it will be made final.

Read: Snapchat employee sent personal details to scammer he thought was his boss >

Read: Apple changed its site’s code so ‘click’ wouldn’t look like something else >

Making a difference

A mix of advertising and supporting contributions helps keep paywalls away from valuable information like this article. Over 5,000 readers like you have already stepped up and support us with a monthly payment or a once-off donation.

For the price of one cup of coffee each week you can make sure we can keep reliable, meaningful news open to everyone regardless of their ability to pay.

Support us Learn More

Author
Quinton O'Reilly
quinton@thejournal.ie
@qoreilly
Send Tip or Correction
Read Next
More Stories
Related Tags
Your Voice
Readers Comments
4
    Submit a report
    Please help us understand how this comment violates our community guidelines.
    Thank you for the feedback
    Your feedback has been sent to our team for review.