Call For Robust Privacy Legislation In Wake Of EU Safe Harbor Strike-Down

28 Oct 2015 | Author: | No comments yet »

Call For Robust Privacy Legislation In Wake Of EU Safe Harbor Strike-Down.

German data protection authorities’ decision to break ranks with their counterparts in other European Union countries and block alternatives to Safe Harbor has business lobbyists worried. Oracle has become one of the first US based multinationals to indicate it is now keeping all the data of European citizens within its EU-based data centres, in order to comply with a recent European Court of Justice (ECJ) data privacy ruling.BRUSSELS—The European Union on Monday said it had agreed in principle with the U.S. on a new trans-Atlantic data-transfer pact, as both sides race to complete the deal after the bloc’s highest court junked a previous framework used by thousands of firms. The striking down of the Safe Harbor data sharing agreement by the European Union’s highest court on Oct. 6 left a legal vacuum that European Commission officials immediately sought to fill with a reminder of the legal alternatives available and promises of coordinated action by national privacy regulators, who responded with their own reassurances on Oct. 16. Center for Digital Democracy, the European Consumer Organization and Privacy International — have issued a statement calling for a “meaningful legal framework” to protect fundamental privacy rights in the digital era.

The statement comes as a critical response to the publication earlier this month of the Bridges report: a joint project between U.S. and EU academics — and including the involvement of the Dutch data protection agency — advocating for continued reliance on existing laws coupled with industry self-regulation as a middle-of-the-road approach to safeguarding privacy rights. The court ruled that Europeans’ data was insufficiently protected when transferred to the U.S., where it could fall prey to national intelligence services. EU law requires that companies exporting the personal information of EU citizens do so in a way that guarantees it privacy protection equivalent to that provided at home.

The Bridges report advocates for, as they put it, “a framework of practical options that advance strong, globally-accepted privacy values in a manner that respects the substantive and procedural differences between the two jurisdictions” — such as offering standardized user controls and user complaint mechanisms, and best practices for the de-identification of user data, among other proposed measures. The decision applied to a case taken by Austrian law postgraduate Max Schrems against the Irish Data Protection Commissioner, over the privacy protections on his Facebook data. However the EFF et al are highly critical of this approach — dubbing it “failed policy” and “remarkably out of touch with the current legal reality”. “Digital rights organization and consumer NGOs call on the Data Protection Commissioners to refocus their attention on the need to update and enforce privacy law,” the group said today. No data is sent across the geographical boundaries to any other legislative boundary.” As a result, Kurian added: “we are very comfortable with where we are with our cloud offerings and the new regulatory framework around data governance.” Oracle is not known for meekly accepting court rulings, as its behaviour in the lawsuit against Google shows. Companies reliant on it suddenly found themselves unable to make such transfers legally, until they could adopt an alternative legal mechanism such as binding corporate rules or model contract clauses, or obtain unambiguous and informed consent from those whose data they were transferring.

Jourova didn’t set a hard deadline for a completed deal, but she said she expected both sides to make significant progress on the remaining technical points of discussion by the time she visits the U.S. in mid-November. They warned companies still relying on Safe Harbor that they are now operating illegally, and urged them to consider what technical or legal steps they need to take to protect the personal data they handle. Back in May, Twitter changed its privacy policy to reflect the fact that non-US users were handled by its data centre in Ireland, rather than California. The working party’s members declared something of a truce until the end of January, at which point they said they would consider coordinated enforcement actions to ensure companies complied with data protection requirements. This is not a situation conducive to operational certainty for businesses — with DPAs already issuing differing opinions on the current post-Safe Harbor scenario.

Among the issues that still need to be addressed, the commissioner said the EU was still looking for clear conditions and limits to the extent to which U.S. intelligence services have access to Europeans’ personal data. For example, guidance issued by the U.K.’s ICO differs greatly in tone from a position paper published by German data supervisory authorities in the wake of the ECJ ruling. That makes promising to keep EU data strictly within the EU—as Oracle is now doing—a relatively safe and straightforward option for US companies that require certainty for their business operations. Following the Schrems decision, some multinationals, including Amazon and Salesforce, have told customers that data transfers are safe because they are using direct “model contracts” with data partners.

Department of Commerce to ensure that companies comply with rules to protect Europeans’ data as well as greater cooperation between national data protection regulators and American authorities. Hamburg’s Commissioner for Data Protection and Freedom of Information, Johannes Caspar, spelled it out: “Anyone who wants to escape the legal and political implications of the CJEU judgment should in future consider storing personal data only on servers within the EU.” That’s upset John Higgins, director-general of DigitalEurope, an industry lobby group representing Apple, BlackBerry, Google, Microsoft, Oracle and SAP, among others. It is unclear how many small and medium sized companies operating in Germany will be able to continue their commercial activities with these new restrictions,” Higgins said. The Germans’ move is a dream come true for companies like Zettabox that guarantee that Europeans’ personal data will be hosted in Europe. “Companies of all sizes will need to look to providers that can successfully answer the question ‘Where is my data?’” said Alexander Guy, Zettabox’s head of sales and business development. Jourova said the commission would soon issue a statement explaining the consequences of the so-called Schrems ruling and would set guidance for international data transfers, without overriding the authority of national data privacy regulators.

Here you can write a commentary on the recording "Call For Robust Privacy Legislation In Wake Of EU Safe Harbor Strike-Down".

* Required fields
All the reviews are moderated.
Our partners
Follow us
Contact us
Our contacts

ICQ: 423360519

About this site