The tug-of-war between the EU and US to keep EU data safe has been relentless. The issue has continued for years, largely due to most internet activities happening under US companies. These US companies, unsurprisingly, keep their servers local. The EU choose to prevent the transfer of citizen’s data unless it’s sure it’ll be fully protected. The EU is pretty sure the US security state will snoop on the data, and have reason to think so. There’s been some scandals in recent years, and the US government hasn’t been convincing that it won’t happen again.
Yesterday, in an expectedly bureaucratic fashion, the European Commission gave the greenlight for a ”new adequacy decision for safe and trusted EU-US data flows”. This was following its assessment that the US now provides sufficient protection for EU data. It follows that the decision aims to enable a hassle-free transfer of the data devoid of any sticky obstacles.
”Today’s decision is the result of intense cooperation with our partners in the US, working together to ensure that Europeans’ data travels safely, wherever it goes,” said Věra Jourová, EC VP for Values and Transparency. ”The new adequacy decision will provide legal certainty for businesses and will help further consolidate the EU as a powerful player in transatlantic markets, while remaining uncompromising on respecting fundamental rights of Europeans for their data to be always protected.”
Didier Reynders, Commissioner for Justice, added, ”Since the Schrems II decision came out years ago, I have worked tirelessly with my US counterparts to address the concerns identified by the Court of Justice, and ensure that technological advances do not come at the cost of Europeans’ trust… But as close like-minded partners, the EU and US could find solutions, based on their shared values, that are both lawful and workable in their respective systems.”
What happened before?
What the two are referring to here is the negation of the previous EU-US Data Protection Shield. This was mostly due to the efforts of Austrian privacy activist Max Schrems. The EC believes it has addressed the concerns that resulted in that CJEU rejection, but Schrems, among others, aren’t so convinced.
Schrems proceeded to share his skepticism on the subject as followed:. ”They say the definition of insanity is doing something again and again and expecting a different result. just like ‘Privacy Shield’ the latest deal is not based on material changes, but by political interests…” He also brings up the state of the Commission, and how they seem to think that ”the mess will be the next Commission’s problem”. He then makes an observation that the EU has lost power to get a reform of FISA 702.
”We have various options for a challenge already in the drawer. although we are sick and tired of this legal ping pong. We currently expect to be back at the Court of Justice by the beginning of next year.” Schrems pointed out in various tweets how incredibly similar the new framework is to the previous Privacy Shield. In one tweet, he even showcases an error leaving the website to reference it.
The biggest focus of Schrems’ activism, Facebook, have some different ideas.
”We welcome the new Data Privacy Framework, which will safeguard the goods & services relied on by people and businesses on both sides of the Atlantic. Congratulations to all involved!” in a tweet from Nick Clegg on July 10th
When compared up to public revelations from Facebook and other US tech giants about their pressure from the US security apparatus and political pressure to censor internet platforms, it’s hard to trust this latest agreement between them. The EU may want to introduce the same thing over and over until its normal, but with Schrems and other activists around, that might not be possible.