Back to news

Stop with Google and Facebook? - European privacy protection is leaking from all sides

14-10-2016

Quiz Question: At the end of June there were two events which left us as EU citizens stunned. Which events were they? The time begins now … The Brexit? Good answer. But what was the other event? My privacy, and yours, as internet users being put at risk? Ever heard of the Privacy Shield? Read and shudder.

There is a convenient way to silently carry through a politically or socially sensitive decision. Use a moment when there is another subject taking all of the attention. Here I am thinking about the 24th June when I read the news about the Privacy Shield.

24th June, which for many Europeans is 'The Day after the Brexit'. By a small majority the British voters decided via a referendum to leave the European Union. The referendum initially seemed to fizzle out, but ended up sending shockwaves like an earthquake. It was literally as if Great Britain was floating away from the continent.

New: The Privacy Shield

Experts tumbled over each other to predict the effects of Brexit. The heads of more and more British politicians began to roll. Share prices plummeted. During this downpour of Brexit news came a small drop of other news. Barely noticed, almost exclusively for the connoisseur: The EU and United States have reached an agreement regarding The Privacy Shield.

First a step back. The Privacy Shield, what is that exactly?

The Privacy Shield is an agreement between The EU and the US regarding the protection of our personal details. Lots of our personal details end up in the US. We all use Google and Facebook. But according to the European rules those details cannot just end up there. We need an explicit statement that our personal details will be protected in the US in the same way they are here in The EU. Only then will the EU grant permission. The Privacy Shield are those regulating it.

For years there was another agreement in place with the US: The Safe Harbour Convention. Through this the EU declared that our details were in safe in the hands of America. What a restful thought. We could enjoy Google and Facebooking.

Criticisms about the previous agreement

But, do the Americans really do a good job of respecting our private information? According to the whistle blower Edward Snowden they don't, and highlighted that the intelligence services draw an abundance of information from American servers. With a trawling net they collect the data and put privacy-sensitive information from Europeans at the top of the catch.

Then there was the Austrian privacy activist Max Schrems. He criticised Facebook. Schrems found that the American company were guilty of privacy violations and filed a lawsuit. Very quickly the case was about The Safe Harbour Convention, which the European Head of Justice evaluated as providing very little protection. The Head of Justice referred the convention to the dustbin in 2015.

So, then we sat with no legal protection at all. A new convention was needed really quickly, and that is The Privacy Shield. The question now is whether this 'shield' is up to the job of withstanding the prying eyes of the intelligence services and companies. Schrems also questions this, he has highlighted that the US are able to still carry out mass-surveillance on data. Surveillance can be carried out if related to 6 specific tasks, including cybercrime and terrorism.

Shield or Dead Wood?

The Privacy Shield appears to be a pile of dead wood. This isn't just the opinion of Schrems, the European privacy regulators are also critical, for example, they find it unacceptable that the US saves and stores information for such a long time. However, they are pleased by the idea to introduce an ombudsman in relation to the Privacy Shield, but ask: how independent will this ombudsman be?

Then the message of 24th June arrived: The EU and US have agreed terms relating to The Privacy Shield. Despite all of the criticism. It is true to say the agreement has been sharpened up. The US has promised that the new privacy ombudsman will operate independently. They listened. There will also be more explanation regarding the interception of data by intelligence services. Well! So an admission of monitoring and collecting data, to be followed with just a neat explanation of why.

Just as silently this was agreed to in July by EU member states. Therefore, the Privacy Shield became operational on the 1st August. Yippee! The question is - did you see any reports of this in the papers or news? One thing is clear: the decision about the Privacy Shield, and the consequences of it, are for most people a well-kept secret they know nothing about. What the Privacy Shield is about is private.