A recent ruling by the European Court of Justice reminds us that protection of our personal data has been diminished since we left the EU.
The case goes back to the Austrian lawyer and privacy activist Max Schrems who had filed a complaint saying that Facebook had violated his privacy rights when his data was transferred to the US.
By ruling that the deal was invalid because US security and intelligence agencies could still access data stored by Facebook, Twitter, Google, Apple, Microsoft and other companies, the court issued a strong reprimand to the European Commission and the US. It said that the data of EU citizens was endangered and ruled that the US should not be considered a country with adequate data protection policies.
It is the second time that the European Court of Justice has delivered such a scathing verdict. In 2015, it declared invalid Privacy Shield's predecessor, the European Commission's Safe Harbor agreement with the US, which was not very different from its successor.
The court's message is loud and clear: It does not think that the Commission or the US have drawn the right conclusions since the scandal triggered by whistle-blower Edward Snowden's revelations regarding the activities of the US intelligence agencies and the mass surveillance of citizens, including in the EU.
[...]
EU offers considerable data protection
In the European Union, however, there has been some progress since the first verdict in 2015. The General Data Protection Regulation has come into effect and is considered to offer extensive protection by comparison to other policies around the world.
The European Commission only recognizes a few countries, such as Switzerland, Japan and a few more, as providing similarly adequate protection. The US was on the list so long as the Privacy Shield deal was in place but will now join other "ordinary" countries such as China, India, Brazil and most of the world.
[One presumes that the UK is now on this list - FHL]
Despite the verdict from Luxembourg, companies will still be able to exchange and transfer sensitive data to third countries. However, companies in the US or China will have to guarantee that they are complying with European data protection regulations by signing Standard Contractual Clauses.
All of us are affected by this. Each time, we book a journey or buy a product online our personal data can be sent abroad.
Deutsche Welle's Brussels correspondent concludes:
In the long term, the European Commission and European companies will have to ensure that European data is processed in accordance with EU law, on servers located on the continent. The idea is to increase the number of clouds in the EU and thus improve data sovereignty. For now, most clouds are in the US and China.
No comments:
Post a Comment