Adrian Weckler: Safe Harbour becomes Privacy Shield, but is it trustworthy?
Published 02/02/2016 | 18:09
"Trust us, we have this sorted."
That appears to be what the European Commission is saying with its new transatlantic data privacy deal, the superhero-themed ‘EU-US Privacy Shield' agreement.
Do they have it sorted, though? Some key questions have not been answered.
For example, does the new deal mean that US spies won't dragnet EU citizens' personal emails and online messages as they have been doing?
It's highly unlikely. EU Commissioners talk of "commitments" from US politicians and trade officials that American agencies will "respect" European private data. They even claim that US government bodies won't "indiscriminately" apply surveillance to EU citizens' data.
But they don't go as far as to say that the type of activities revealed by Edward Snowden under America's infamous ‘Prism' data-collecting program will cease. They don't mention the CIA or the NSA.
And that is what got us all into this mess in the first place. The European Court of Justice drew a line in the sand on this stuff last year. It ruled that because our Gmail, Facebook and Instagram accounts are being swept up by US authorities in the name of their own ‘security' requirements, Europe now has to enforce the privacy rights of its online citizens, even if that means restricting transatlantic data flows.
It's very hard to say that the European Commission has solved this basic conflict in the new agreement.
The upshot is that when this agreement -- which is still at least three months from being law -- is challenged in Ireland or any other European country, it will likely go back before the European Court Of Justice. And can anyone see that court changing its mind on the basics of the matter?
All that said, why has the agreement been unveiled and positioned as a breakthrough?
In truth, the Commission is under severe pressure to come up with some sort of deal. Not because of privacy, but because of industry. European law was about to close in on multinationals that depend on transatlantic data flows. And that was an awful vista for the Commission which, on a day to day basis, has to deal with such matters much more than the European Court Of Justice.
This general drift was fairly clear from today's press conference with Commissioners Ansip and Jourova. Where reassurance was articulated, the emphasis was very much on business continuity rather than privacy.
Ireland could provide an early test case for this business. The Irish Data Protection Commissioner, Helen Dixon, is currently re-examining a complaint made against Facebook by the Austrian campaigner Max Schrems. The subject matter is exactly what made up the SAfe Harbour conflict. It will be interesting to see whether or how this new agreement informs the case or whether we're headed back to Europe's highest court.