Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Privacy

EU, US Agree to New Internet ‘Privacy Shield’

The EU and United States struck a new deal Tuesday on data transfers relied on by Facebook and Google, after Europe’s top court struck down the previous pact for failing to protect users from US spying.

The EU and United States struck a new deal Tuesday on data transfers relied on by Facebook and Google, after Europe’s top court struck down the previous pact for failing to protect users from US spying.

Dubbed “Privacy Shield“, the agreement replaces the 16-year-old Safe Harbor arrangement that was ruled illegal in October in the wake of the Edward Snowden revelations on US intelligence.

Businesses on both sides of the Atlantic had expressed concerns about the legal limbo and warned of the fallout if the two sides failed to reach a new agreement, which was meant to happen by the end of January.

Privacy Shield with Europe and US Internet DataBut privacy campaigners — in addition to mocking the pact’s new name and comic-book style logo — expressed concern that the new deal does not produce the necessary safeguards and warned the arrangement could end up back in court.

“I’m glad to announce today that we have finalised negotiations with the United States on a renewed and safe framework for transatlantic data flows,” European Justice Commissioner Vera Jourova told a press conference.

She said she expected the deal to take effect in about three months.

In Washington, US Commerce Secretary Penny Pritzker said: “Beyond being central to transatlantic commerce, this deal also signals the closeness of the EU-US relationship.”

In October, the European Court of Justice ruled the arrangement allowing firms to transfer European citizens’ personal information to the US was “invalid” because of US snooping practices exposed by Snowden, the former intelligence contractor who leaked a hoard of National Security Agency documents.

Future legal challenges?

Advertisement. Scroll to continue reading.

The case stemmed from a legal challenge brought by Austrian Internet activist and law student Max Schrems against Facebook in Ireland.

Schrems sent out a series of tweets mocking the new deal, including calling Privacy Shield a “strange name,” and issued a statement that the new deal could end up back in the court in Luxembourg.

He said the deal was based only on a couple of letters from the administration of President Barack Obama, adding that it was “by no means a legal basis to guarantee the fundamental rights of 500 million European users in the long run, when there is explicit US law allowing mass surveillance.”

But Brussels said the deal would protect Europeans.

“For the first time, the US has given the EU binding assurances that the access of public authorities for law enforcement and national security will be subject to clear limitations, safeguards and oversight mechanisms,” Jourova said.

Europeans would also benefit for the first time from “redress mechanisms” if their data was illegally accessed.

Ansip stressed the new arrangement allowed for annual reviews which would allow the two sides to tackle any new threats to privacy.

The European Commission, the EU executive, said the deal gave Europeans the chance to raise any enquiry or complaint with a dedicated new watchdog.

Digital Europe — one of the top business groups in Europe that had warned of fallout if a new deal was not swiftly agreed — welcomed the arrangement.

But Estelle Masse, European policy analyst at campaign group Access Now, echoed Schrems’ concerns.

“Since both sides failed to conduct the necessary surveillance and privacy reforms, this deal is not fit to resist future legal challenges,” Masse warned. 

Written By

AFP 2023

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Compliance

The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often...

Artificial Intelligence

Two of humanity’s greatest drivers, greed and curiosity, will push AI development forward. Our only hope is that we can control it.

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...

Privacy

Many in the United States see TikTok, the highly popular video-sharing app owned by Beijing-based ByteDance, as a threat to national security.The following is...

Privacy

Employees of Chinese tech giant ByteDance improperly accessed data from social media platform TikTok to track journalists in a bid to identify the source...

Application Security

Open banking can be described as a perfect storm for cybersecurity. At one end, small startups with financial acumen but little or no security...

Mobile & Wireless

As smartphone manufacturers are improving the ear speakers in their devices, it can become easier for malicious actors to leverage a particular side-channel for...

Government

The proposed UK Online Safety Bill is the enactment of two long held government desires: the removal of harmful internet content, and visibility into...