Split between EU privacy watchdogs on Safe Harbor worries business lobby

28 Oct 2015 | Author: | No comments yet »

Call For Robust Privacy Legislation In Wake Of EU Safe Harbor Strike-Down.

Oracle has become one of the first US based multinationals to indicate it is now keeping all the data of European citizens within its EU-based data centres, in order to comply with a recent European Court of Justice (ECJ) data privacy ruling.BRUSSELS—The European Union on Monday said it had agreed in principle with the U.S. on a new trans-Atlantic data-transfer pact, as both sides race to complete the deal after the bloc’s highest court junked a previous framework used by thousands of firms. Center for Digital Democracy, the European Consumer Organization and Privacy International — have issued a statement calling for a “meaningful legal framework” to protect fundamental privacy rights in the digital era.

The statement comes as a critical response to the publication earlier this month of the Bridges report: a joint project between U.S. and EU academics — and including the involvement of the Dutch data protection agency — advocating for continued reliance on existing laws coupled with industry self-regulation as a middle-of-the-road approach to safeguarding privacy rights. The court ruled that Europeans’ data was insufficiently protected when transferred to the U.S., where it could fall prey to national intelligence services. The Bridges report advocates for, as they put it, “a framework of practical options that advance strong, globally-accepted privacy values in a manner that respects the substantive and procedural differences between the two jurisdictions” — such as offering standardized user controls and user complaint mechanisms, and best practices for the de-identification of user data, among other proposed measures. The decision applied to a case taken by Austrian law postgraduate Max Schrems against the Irish Data Protection Commissioner, over the privacy protections on his Facebook data. Washington and Brussels have been negotiating for around two years to update the Safe Harbor framework after EU officials demanded changes to the agreement in 2013 following National Security Agency contractor Edward Snowden’s disclosures of widespread U.S. spying. “There is agreement on these matters in principle, but we are still discussing how to ensure that these commitments are binding enough to fully meet the requirements of the court,” Justice Commissioner Vera Jourova told European lawmakers Monday.

However the EFF et al are highly critical of this approach — dubbing it “failed policy” and “remarkably out of touch with the current legal reality”. “Digital rights organization and consumer NGOs call on the Data Protection Commissioners to refocus their attention on the need to update and enforce privacy law,” the group said today. They have long imposed rigorous requirements on companies that collect, process, or transfer EU residents’ personal data (defined broadly as “any information relating to an identified or identifiable natural person”). A brief statement noted only that “we are working with our customers to offer practical and flexible solutions to these new challenges.” However, at a press conference at Oracle’s annual OpenWorld conference in San Francisco, Mr Kurian was asked how Oracle was handling data in the wake of the Schrems case, especially in the context of its cloud strategy. “We are very comfortable [WITH]our operational practices and the way we handle data privacy and residency. Jourova didn’t set a hard deadline for a completed deal, but she said she expected both sides to make significant progress on the remaining technical points of discussion by the time she visits the U.S. in mid-November.

Although there are multiple ways for a recipient to ensure an adequate level of data protection, the most popular method since 2000 has been the EU-U.S. This is not a situation conducive to operational certainty for businesses — with DPAs already issuing differing opinions on the current post-Safe Harbor scenario. Among the issues that still need to be addressed, the commissioner said the EU was still looking for clear conditions and limits to the extent to which U.S. intelligence services have access to Europeans’ personal data. Following the court ruling, national data privacy regulators set an end-January deadline for the EU and U.S. to replace the framework and said they would also look into implications the court’s ruling has on other arrangements for transferring personal data, which are more cumbersome for businesses to use but are currently the only options available. Department of Commerce that it agreed to adhere to several privacy principles (such as notice, choice, and access) and by demonstrating its adherence to those principals by joining a self-regulatory program or developing its own, self-regulatory policy.

Following the Schrems decision, some multinationals, including Amazon and Salesforce, have told customers that data transfers are safe because they are using direct “model contracts” with data partners. Many privacy advocate groups as well as several German regional data protection authorities have said model contracts are not adequate, and that EU data must for now, remain within Europe. The CJEU decision may not be of great import to most large multinational organizations which have side agreements with the EU permitting them to continue moving personal data across borders. Failure to find an alternative means of compliance – or stop transferring data — could expose such an organization to fines or orders to suspend data flows. Happily, there are both operational and administrative alternatives companies can pursue to demonstrate they adequately protect the privacy rights of EU citizens.

However, this operational change is cost-prohibitive for many small and medium-sized companies, and it could also disrupt the delivery of products and services to customers. EU law also permits companies to use so-called “model contracts,” which contain provisions pre-approved by EU regulators, to govern transactions involving trans-Atlantic data transfers.

Here you can write a commentary on the recording "Split between EU privacy watchdogs on Safe Harbor worries business lobby".

* Required fields
All the reviews are moderated.
Our partners
Follow us
Contact us
Our contacts


ICQ: 423360519

About this site