[governance] NYT: Data Transfer Pact Between U.S. and Europe Is Ruled Invalid

Seth Johnson seth.p.johnson at gmail.com
Tue Oct 6 23:17:36 EDT 2015


(small clarification below)

On Tue, Oct 6, 2015 at 11:13 PM, Seth Johnson <seth.p.johnson at gmail.com> wrote:
> Data Transfer Pact Between U.S. and Europe Is Ruled Invalid:
> http://www.nytimes.com/2015/10/07/technology/european-union-us-data-collection.html
>
> Court of Justice Declares Irish Data Protection Commissioner's US Safe
> Harbour Decision Invalid:
> http://curia.europa.eu/jcms/upload/docs/application/pdf/2015-10/cp150117en.pdf
>
>
> This is great, because it illustrates how a fundamental rights
> framework of a sorta-federalized type (in the EU) gives you a real
> basis for actual recourse -- courts are rooted properly, so, as in
> this case, they are a check assuring the priority of the people(s)'
> fundamental rights in relation to the government(s) (the Irish Data
> Protection Commissioner in this case).  (The EU's Charter of
> Fundamental Rights, crafted to acknowledge the fundamental rights the
> people[s] of the EU have claimed for themselves.)
>
> Note that this is fundamentally different from an international treaty
> on rights, which is not so rooted.  You don't have fundamental rights
> in the international arena.  Really.  That requires an act of the
> people setting limits on their governments, not among governments.

Correction:
That requires an act of the people (setting limits on their
government[s]), not an act among governments.

(That's what gets you a fundamental right "trump card," which is what
I explain in the next sentence)

(eoi)

>  A
> treaty among governments is essentially "statutory" at best, meaning
> the same "legislators" who wrote a human rights treaty can go ahead and
> qualify those rights through other treaties.
>
> Opinion:
> http://curia.europa.eu/juris/document/document.jsf?text=&docid=168421&doclang=EN
>
>
> Seth
>
> On Tue, Oct 6, 2015 at 1:46 PM, Joly MacFie <joly at punkcast.com> wrote:
>> http://www.nytimes.com/2015/10/07/technology/european-union-us-data-collection.html
>> Europe’s highest court on Tuesday struck down an international agreement
>> that allowed companies to move people’s digital data between the European
>> Union and the United States, leaving the international operations of
>> companies like Google and Facebook in a sort of legal limbo.
>>
>> The ruling, by the European Court of Justice, said the so-called safe harbor
>> agreement was flawed because it allowed American government authorities to
>> gain routine access to Europeans’ online information. The court said leaks
>> from Edward J. Snowden, the former contractor for the National Security
>> Agency, made it clear that American intelligence agencies had almost
>> unfettered access to the data, infringing on Europeans’ rights to privacy.
>>
>> The court said data protection regulators in each of the European Union’s 28
>> countries should have oversight over how companies collect and use online
>> information of their countries’ citizens. Many European countries have
>> widely varying stances towards privacy.
>>
>> Data protection advocates hailed the ruling. Industry executives and trade
>> groups, though, said the decision left a huge amount of uncertainty for big
>> companies. They called on the European Commission to complete a new safe
>> agreement with the United States, a deal that has been negotiated for more
>> than two years.
>>
>> Some European officials and many of the big technology companies, including
>> Facebook and Microsoft, tried to play down the impact of the ruling, saying
>> side agreements with the European Union should allow the companies to
>> continue moving data across borders.
>>
>> But some of Europe’s national privacy watchdogs are expected to make it hard
>> for large companies like Facebook to transfer Europeans’ information
>> overseas under the current data arrangements. And the ruling appeared to
>> leave smaller companies with fewer legal resources vulnerable to potential
>> privacy violations.
>>
>> “We can’t assume that anything is now safe,” Brian Hengesbaugh, a privacy
>> lawyer with Baker & McKenzie in Chicago who helped to negotiate the original
>> safe harbor agreement. “The ruling is so sweepingly broad that any mechanism
>> used to transfer data from Europe could be under threat.”
>>
>> At issue is the sort of personal data that people create when they post
>> something on Facebook or other social media; when they do web searches on
>> Google; or when they order products or buy movies from Amazon or Apple. Such
>> data is hugely valuable to companies, which use it in a broad range of ways,
>> including tailoring advertisements to individuals and promoting products or
>> services based on users’ online activities.
>>
>> The data-transfer ruling does not apply solely to tech companies. It also
>> affects any organization with international operations, such as when a
>> company has employees in more than one region and needs to transfer payroll
>> information or allow workers to manage their employee benefits online.
>>
>> Frans Timmermans, the first vice president for the European Commission,
>> which will be charged with carrying out the ruling, tried to ease the
>> concerns of companies on Tuesday. He said businesses could still move
>> European data to the United States through other existing treaties.
>>
>> He added that the European Commission would work with national privacy
>> regulators to ensure that the court’s decision was carried out in a uniform
>> fashion across the entire region.
>>
>> “Citizens need robust safeguards,” said Mr. Timmermans. “And companies need
>> certainty.”
>>
>> But it was unclear how bulletproof those treaties would be under the new
>> ruling, which cannot be appealed and went into effect immediately. Europe’s
>> privacy watchdogs, for example, remain divided over how to police American
>> tech companies.
>>
>> France and Germany, where companies like Facebook and Google have huge
>> numbers of users and have already been subject to other privacy rulings, are
>> among the countries that have sought more aggressive protections for their
>> citizens’ personal data. Britain and Ireland, among others, have been
>> supportive of Safe Harbor, and many large American tech companies have set
>> up overseas headquarters in Ireland.
>>
>> “For those who are willing to take on big companies, this ruling will have
>> empowered them to act,” said Ot van Daalen, a Dutch privacy lawyer at
>> Project Moore, who has been a vocal advocate for stricter data protection
>> rules.
>>
>> The safe harbor agreement has been in place since 2000, enabling American
>> tech companies to compile data generated by their European clients in web
>> searches, social media posts and other online activities.
>>
>> Under the deal, more than 4,000 European and American companies had been
>> expected to treat the information moved outside the European Union with the
>> same privacy protections the data had inside the region. The United States
>> government had lobbied aggressively in Brussels in recent months to keep the
>> agreement in place.
>>
>> The United States and the European Union have worked for roughly two years
>> on a new safe harbor agreement. The court’s ruling now puts pressure on
>> negotiators to complete an agreement, but it may also complicate matters.
>>
>> Any new deal had already been expected to give Europeans greater say over
>> how their online information is collected, transferred and managed by tech
>> companies. But the talks have stalled over what type of access to European
>> data American intelligence agencies should be given, according to several
>> people with direct knowledge of the matter, who spoke on the condition of
>> anonymity.
>>
>> In addition, legal experts said that even if a new deal is reached, the
>> court’s decision would would still give the national privacy regulators some
>> say over the transfer of data.
>>
>> Penny Pritzker, the American secretary of commerce, said she was
>> disappointed about the European court’s decision, adding she would work with
>> the European Commission to finalize the new safe harbor agreement.In its
>> ruling, the European court noted that the region’s 500 million citizens did
>> not have the right to bring legal cases in United States courts if they
>> believed their privacy had been infringed by American companies or by the
>> United States government. A bill to provide this legal recourse is being
>> debated in Congress, though analysts said it was unlikely to become law
>> before the American elections next year.
>>
>> The legal ruling “puts at risk the thriving transatlantic digital economy,”
>> she said in a statement on Tuesday.
>>
>> The lengthy negotiations have highlighted the different approaches to online
>> data protection. In the United States, privacy is viewed as a consumer
>> protection issue; in Europe, privacy is almost on a par with such
>> fundamental rights as freedom of expression. Last year, Europe’s top court
>> ruled that anyone with connections to the region could ask search engines
>> like Google to remove links about themselves from online results. European
>> campaigners said this so-called right to be forgotten ruling would help
>> protect people’s online privacy, while many in the United States said the
>> decision would curtail online freedom of speech.
>>
>> Those differences became more pronounced after Mr. Snowden revealed how
>> American and British intelligence agencies had seemingly unfettered access
>> to people’s online activities.
>>
>> “The United States safe harbor scheme thus enables interference, by United
>> States public authorities, with the fundamental rights of persons,” the
>> judges said in a statement on Tuesday, referring to access to European data
>> by American intelligence agencies.
>>
>> The case reviewed by the European Court of Justice related to a complaint
>> brought by Max Schrems, a 27-year-old Austrian graduate student, who argued
>> that Europeans’ online data was misused when Facebook was said to have
>> cooperated with the N.S.A.’s Prism program.
>>
>> That program is reported to have given the American agency significant
>> access to data collected by several American tech companies. Facebook denies
>> that the United States government had unlimited access to its users’ data.
>>
>> Mr. Snowden on Tuesday, after the court ruling, posted a message on Twitter
>> praising Mr. Schrems: ‘‘Congratulations, @maxschrems. You’ve changed the
>> world for the better.’’
>>
>> In a statement on Tuesday, Mr. Schrems, who is pursuing a separate civil
>> class-action lawsuit against Facebook in an Austrian court, praised the
>> decision.
>>
>> “Governments and businesses cannot simply ignore our fundamental right to
>> privacy,” he said, “but must abide by the law and enforce it.”
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> --
>> ---------------------------------------------------------------
>> Joly MacFie  218 565 9365 Skype:punkcast
>> --------------------------------------------------------------
>> -
>>
>>
>> _______________________________________________
>> To manage your ISOC subscriptions or unsubscribe,
>> please log into the ISOC Member Portal:
>> https://portal.isoc.org/
>> Then choose Interests & Subscriptions from the My Account menu.

-------------- next part --------------
____________________________________________________________
You received this message as a subscriber on the list:
     governance at lists.igcaucus.org
To be removed from the list, visit:
     http://www.igcaucus.org/unsubscribing

For all other list information and functions, see:
     http://lists.igcaucus.org/info/governance
To edit your profile and to find the IGC's charter, see:
     http://www.igcaucus.org/

Translate this email: http://translate.google.com/translate_t


More information about the Governance mailing list