Privacy Shield Data Pact Gets European Approval

A commercial data transfer pact provisionally agreed by the EU executive and the United States in February received the green light from EU governments on Friday, the European Commission said, paving the way for it to come into effect next week. This will end months of legal limbo for companies such as Facebook, Google, and MasterCard after the EU's top court struck down the previous data transfer framework, Safe Harbour, on concerns about intrusive U.S surveillance. BBC reports: Member states of the European Commission have given "strong support" to the Privacy Shield said the EC's Justice Commissioner Vera Jourova in a statement. Ms Jourova said the approval paved the way for the formal adoption of the agreement early next week. "The EU-US Privacy Shield will ensure a high level of protection for individuals and legal certainty for business," said Commissioner Jourova. "It is fundamentally different from the old Safe Harbour." The adoption of the Privacy Shield ends months of uncertainty for many tech companies such as Google and Facebook after the European court found the Safe Harbour agreement wanting. The agreement covers everything from personal information about employees to the detailed records of what people do online, which is often used to aid targeted advertising. The Safe Harbour pact let US companies skirt tough European rules that govern how this data can be treated, by letting them generate their own reports about the steps they took to stop it being misused.Ars Technica's report further explains the matter.

coming up soon...

[ooloorie]

After the "Safe Harbor" and the "Privacy Shield", why not go for some spicier names for the next few rounds of this?

"Data Chastity Belt"
"Information Condom"
"The Internet Dildo"

Re:So is it good or bad for privacy?

[aicrules]

It allows a data transfer between the US and EU that wasn't going to be allowed before. From that perspective some group of people's privacy has been eroded. The provisions that have been finally approved make the way that data transfer is handled supposedly safer and therefore less likely to have that group of people's private data exposed to people who aren't supposed to get the data as part of the data transfer. Net result is affected group's privacy has been lessened.

Re:So is it good or bad for privacy?

[Anonymous+Brave+Guy]

The trouble is that the fundamental paradox still exists.

On the one hand, European privacy standards are stronger than the US. In particular, there is no magic exemption in the European privacy rules where the US government should be allowed to arbitrarily spy on European citizens if their data is exported to or via a company with assets in the US. Clearly the US government disagrees with this principle and wants access to everything, and it is well established that the US government does in fact take measures to do that monitoring and does consider that data its for the taking. In short, Snowden and the like have undermined the polite fiction that underpinned the previous Safe Harbor arrangement, which in theory leaves any European data controller that exports personal data to a US partner at risk of violating the data protection rules.

On the other hand, European and US businesses have a lot more options and can provide better and cheaper services to their customers if they can work together. Working together inevitably involves passing some data around that actually is reasonable and necessary for what the customer actually wants. If the companies involved are basically responsible in how they handle that data then being able to work together does little practical harm compared to European companies working with other European companies, since our own governments pose essentially the same threat to privacy and there are plenty of alliances with the US in that respect.

So this is basically a matter of principle -- the US government wants access to all the data it can find in a dragnet, which is contrary to the basic privacy rules in Europe -- vs a matter of pragmatism -- governments are widely ignoring the rules and either breaking the laws or changing their own laws to allow this kind of behaviour anyway, and banning all personal data sharing because of that special case may be throwing the baby out with the bathwater if the businesses in the US are otherwise constrained to handle any exported personal data to the same standards as businesses in Europe.