Scalper1 News
Europe and the U.S. continued a privacy tug-of-war Wednesday over transatlantic data transfers, leaving tech giants like Amazon.com ( AMZN ), Facebook ( FB ) and Alphabet ’s ( GOOGL ) Google up a legal creek until at least June. The Article 29 Working Party, an advisory group, said Wednesday that the proposed EU-U.S. Privacy Shield is “complex, various and nebulous,” but said what’s clear is that six situations in which the U.S. can survey Europeans are unacceptable. “The possibility that is left in the Shield and its nexus for bulk collection, which is massive and indiscriminate, is not acceptable,” Chairwoman Isabelle Falque-Pierrotin said during a press conference. Falque-Pierrotin also questioned the ombudsperson position, created to handle European grievances over U.S. data collection. Though it’s “great progress,” there’s no guarantee the ombudsperson — a U.S. official — will be totally independent, she said. Catherine Novelli, U.S. undersecretary of state for economic growth, energy and the environment, has been tapped for the position. But Falque-Pierrotin argued that the European Data Protection Authorities (DPAs) would be a better fit for the job. Falque-Pierrotin suggested that the Article 29 Working Party re-examine the Privacy Shield in two years, when the more stringent European General Data Protection Regulation goes into effect. Ombudsperson, Bulk Surveillance Questioned Although the group’s opinion isn’t binding, it’s a serious blow to the proposed Privacy Shield, which is intended to replace the 15-year-old Safe Harbor Agreement , shuttered in October in a case against Facebook. Then, Austrian grad student Max Schrems accused Facebook of cooperating with an NSA data-collection program. Facebook has denied the allegation, but the European court’s ruling is “rather demanding,” Falque-Pierrotin said. The European Commission can pass the Privacy Shield without the group’s blessing. But in its current form, the Privacy Shield would be subject to numerous judicial challenges, Mary Hildebrand, a partner at law firm Lowenstein Sandler, told IBD. Under the Schrems decision, the Safe Harbor replacement must provide essentially equivalent security, she said. “The feeling is the ombudsperson doesn’t have the ability to act independently,” she said. And a January 2014 Obama directive allowing bulk surveillance isn’t very well defined from a European perspective. Now, thousands of companies are sitting in legal limbo. “It prolongs the uncertainty across the board,” Hildebrand said. “For a U.S. company to implement the Privacy Shield, it would not, for the foreseeable future, be a reliance means of data transfer.” Legal Loopholes Meanwhile, companies are jumping through legal loopholes, including standard contract clauses and binding corporate rules, for transfers. Other loopholes, like individual consent, are cumbersome for consumer-facing businesses that process thousands or millions of data transfers each day. Individual consent must be “unambiguous and fully informed,” Hildebrand said. “So, the company must tell the individual all the different uses their data could be put through,” she said. “And every time an individual would be asked to transfer data of any kind, they would have to click a different consent.” Multiply that by thousands or millions of interactions, and “can you imagine how impractical that would be?” she asked. The Information Technology & Innovation Foundation in Washington D.C. argued against delaying the Privacy Shield implementation, saying “a prolonged climate of regulatory uncertainty places unnecessary strain on the digital economy, hurting businesses, workers and consumers.” Image provided by Shutterstock . Scalper1 News
Scalper1 News