Photo by Dan Nelson on Unsplash [Download]

EU-US Privacy Shield is dead. Long live Privacy Shield

Department of Commerce and the European Commission have initiated discussions to evaluate the potential for an enhanced EU-U.S.

The EU-US Privacy Shield, as you may recall, refers to the four-year-old data transfer mechanism which Europes top court just sunk with the legal equivalent of a nuclear bomb.

Five years ago the same court carpet-bombed its predecessor, a fifteen-year-old arrangement known without apparent irony as Safe Harbor.

Thousands of companies had been signed up to the Privacy Shield, relying on the claimed legal protection to authorize transatlantic transfers of EU users data. The mirage collapsed on cue last month, raising legal questions over continued use of cloud services based in a third country like the US barring data localization.

Alternative data transfer mechanisms do exist but data controllers wanting to use an alternative tool, like Standard Contractual Clauses , to take EU citizens data over the pond are legally required to carry out an assessment of whether US law provides adequate protections.

The fall of Privacy Shield should really have shocked no one, given the warnings, right from the get-go, that it amounted to lipstick on a pig.

Nothing since the Snowden disclosures has substantially reworked US surveillance law to make it less incompatible with EU privacy law.

President Obama made a few encouraging noises but under Trump the administration has dug in on helping itself to peoples data without a warrant.

However neither side has demonstrated that it posses the political clout and influence to remake the US data industrial complex which is whats needed to meaningfully enhance Privacy Shield.

Original article
Author: Natasha Lomas

TechCrunch is a leading technology media property, dedicated to obsessively profiling startups, reviewing new Internet products, and breaking tech news.

Natasha Lomas has recently written 10 articles on similar topics including :
  1. "Apple is facing fresh questions from its lead data protection regulator in Europe following a public complaint by a former contractor who revealed last year that workers doing quality grading for Siri were routinely overhearing sensitive user data". (May 22, 2020)
  2. "The question of how policymakers should respond to the power of big tech didnt get a great deal of airtime at TechCrunch Disrupt last week, despite a number of investigations now underway in the United States (hi, Google)". (September 22, 2020)
  3. "Confusion over an update to Facebook-owned chat platform WhatsApps terms and conditions has triggered an intervention by Italys data protection agency". (January 14, 2021)
  4. "A group of European privacy experts has proposed a decentralized system for Bluetooth-based COVID-19 contacts tracing which they argue offers greater protection against abuse and misuse of peoples data than apps which pull data into centralized pots". (April 6, 2020)
  5. "The European Data Protection Board (EDPB) has published guidance for the use of location data and contacts tracing tools intended to mitigate the impact of the COVID-19 pandemic". (April 22, 2020)
  6. "The FTC has reached a settlement with Flo, a period and fertility tracking app with 100 million+ users, over allegations it shared users health data with third-party app analytics and marketing services like Facebook despite promising to keep users sensitive health data private". (January 13, 2021)
  7. "The European Unions lead data protection supervisor has recommended that a ban on targeted advertising based on tracking Internet users digital activity be included in a major reform of digital services rules which aims to increase operators accountability, among other key goal". (February 10, 2021)
  8. "Privacy concerns that have been driving app users to alternative chat apps like Signal and Telegram in recent weeks, since Facebook-owned WhatsApp announced a T&Cs change, appear to also be generating some uplift for end-to-end encrypted email providers". (January 14, 2021)
  9. "A number of UK computer security and privacy experts have signed an open letter raising transparency and mission creep concerns about the national approach to develop a coronavirus contacts tracing app". (April 29, 2020)
  10. "One of the first national coronavirus contacts tracing apps to be launched in Europe is being suspended in Norway after the countrys data protection authority raised concerns that the software, called Smittestopp, poses a disproportionate threat to user privacy includin". (June 15, 2020)
Posted on