The highest court in Europe has struck down the EU-US Privacy Shield over concerns that the agreement leaves the data of European customers too exposed to US government surveillance.
The agreement, which has been in place since 2016, allows companies operating in the EU to transfer data back to the US and over 5,000 companies currently operate under its terms.
Good news, of course, but while the focus is often on the US and China, we shouldn’t forget that European countries are also quite, quite adept at mass surveillance.
Your headline is false.
The EU was all gung ho for it.
“we shouldn’t forget that European countries are also quite, quite adept at mass surveillance.”
Right!
I am dutch and live in Austria.
President of the Austrian National Council mr. Sobotka visited the european police congress in february 2019 and openly spoke for introducing the chinese system of social scoring in the EU.
In every self-respecting democracy such person would have been removed/fired, not in Austria.
The chamber of commerce in Austria collects data from every business, if one protests against the collecting of every email, every click in their website etc. you will experience that this organisation is part of a political system that is practically untouchable.
When I called the Data protection committee they told me that as a private person or small business one has no chance to do something about that, “you should better give it up” was the advise.
The post in Austria sold all addresses and information about what had been delivered, Although it was considered a “scandal” nothing happened.
So, I think the EU is as bad as the USA or Russia or whatever other “western” country.
Regards,
Jan
You’re got to hand it to Max Schrems for his principaled persistence.
But it’s important to understand that this doesn’t mean companies can’t transfer EU citizen’s data and store it in the US. It just means that there’s no longer a default assumption that the privacy level’s the same in the US as it is in the EU for EU citizen’s data. Just like all other countries the US makes a legal distinction between the rights of its own citizens and those of other countries, so this shouldn’t be surprising (and in relation to surveillance, something the Snowden leaks shone a bright light on). If companies want to transfer data now they have to create contractual safeguards, be held responsible for breaches and make it clear to their customers (see GDPR article 49 https://gdpr.eu/article-49-when-can-personal-data-be-transfered/ )
So the consequence for Facebook etc. will probably be an additional line in their privacy policy, or maybe another popup for users to accept.
Max Schrems is too busy with facebook.
For a long while it was told that US and UK intelligence services “helped” each other to skirt their laws. They cannot track their own citizens, but could ask the organization across the pond to take a peek for them. It was a “scratch my back, I scratch yours” kind of thing.
Then US asked data on an Irish citizen from Microsoft, which they refused. It actually was a big thing, and took many news cycles:
https://www.theguardian.com/technology/2014/apr/29/us-court-microsoft-personal-data-emails-irish-server
The argument then was, they (Microsoft) did not actually have the rights to give it over, since it was not a US jurisdiction. It made sense, since then every other country can ask the same. For example: what would happen in there was a request for a Hong Kong protester in the US?
They then went one step further, and actually spun off EU data into a separate entity. Technically they still had full access to data, but could not give it over, since data access was thru a kind of a license agreement.
Now all these shenanigans are coming back to bite the US; but also average folks, too. Hope we end up in a sane position, and not a broken Internet where Brazilian Facebook users cannot talk to Russian ones, etc.