Oh no, you're thinking, yet another cookie pop-up. Well, sorry, it's the law. We measure how many people read us, and ensure you see relevant ads, by storing cookies on your device. If you're cool with that, hit “Accept all Cookies”. For more info and to customize your settings, hit “Customize Settings”.

Review and manage your consent

Here's an overview of our use of cookies, similar technologies and how to manage them. You can also change your choices at any time, by hitting the “Your Consent Options” link on the site's footer.

Manage Cookie Preferences
  • These cookies are strictly necessary so that you can navigate the site as normal and use all features. Without these cookies we cannot provide you with the service that you expect.

  • These cookies are used to make advertising messages more relevant to you. They perform functions like preventing the same ad from continuously reappearing, ensuring that ads are properly displayed for advertisers, and in some cases selecting advertisements that are based on your interests.

  • These cookies collect information in aggregate form to help us understand how our websites are being used. They allow us to count visits and traffic sources so that we can measure and improve the performance of our sites. If people say no to these cookies, we do not know how many people have visited and we cannot monitor performance.

See also our Cookie policy and Privacy policy.

This article is more than 1 year old

Safe Harbour v2.0 greenlights six bulk data collection excuses

'Privacy Shield' contains gaping holes, says Max Schrems et al

The final text of the EU's patchwork replacement for the Safe Harbour agreement, “Privacy Shield”, has been sent to data protection authorities. Privacy campaigners aren’t impressed.

Safe Harbour established a self-certification regime that allowed US companies to process EU citizens' personal data. But a European Court of Justice decision in favour of privacy campaigner Max Schrems last autumn effectively blew it up.

The CJEU cited the Edward Snowden revelations to support Schrems' contention that the USA couldn’t be trusted to protect EU citizens’ data, although the ruling failed to set any definitions or legal standards about what might Europe might actually consider trustworthy.

Under the proposed “Privacy Shield”, the USA promises to give law enforcement access to European’s data greater more transparency and possibly an independent “ombudsperson” to address complaints. US companies processing EU data must resolve complaints within 45 days. Data protection authorities in EU member states will have to work with the FTC to ensure these are resolved.

A draft adequacy decision was also published. (PDF)

Privacy campaigner Max Schrems called it “lipstick on a pig” while Dutch MEP Sophie in't Veld wondered how a US government official could be “independent”.

For Schrems, bulk collection is, by definition, an invasion of privacy. But he pointed out in a statement (PDF) that the Shield proposal lists six legitimate uses for bulk data collation: “detecting and countering certain activities of foreign powers; counterterrorism; counter-proliferation; cybersecurity; detecting and countering threats to US or allied armed forces; and combating transnational threats, including sanctions evasions”.

Given that the CJEU failed to define what is and isn’t acceptable the first time around, the Shield is sure to end up back in Luxembourg once again. ®

Similar topics

Similar topics

Similar topics

TIP US OFF

Send us news


Other stories you might like