United States, you have 2 months to sort Privacy Shield ... or data deal is for the bin – Eurocrats

MEPs call for urgent fix

The Privacy Shield agreement – which governs the flow of personal data between America and Europe – should be suspended if the US doesn't comply by 1 September, the European Parliament has said.

At the plenary session of the European Parliament today, MEPs voted 303 to 223 in favour of a resolution that criticises the US and the European Commission's approach to ensuring compliance.

The move ramps up the pressure on the agreement, which is already facing legal challenges, with politicos saying that the commission needs to suspend the deal unless the US sorts its act out.

The resolution states that Privacy Shield has not provided the adequate level of protection required by EU laws or fundamental rights.

Issues with the deal, which was rushed through in summer 2016 after its predecessor Safe Harbor collapsed, were raised during the first annual review of Privacy Shield last year.

They included vacant posts on the Privacy and Civil Liberties Oversight Board, the lack of a permanent ombudsman, the impact of US President Donald Trump's executive orders on immigration, and attitudes towards security and privacy.

However, the European Parliament is unimpressed with the progress made to date.

Among issues listed in the resolution are the reauthorisation of section 702 of the Foreign Intelligence Surveillance Act for six more years, which "calls into question the legality of the Privacy Shield", and the way Facebook shifted non-EU users under the control of Facebook US, not Facebook Ireland.

The parliament said the US should be given until 1 September to fix the issues. If it doesn't, the commission must suspend the deal.

The MEPs also criticised the commission and its US counterparts for failing to take action sooner, pointing out that the EU's data protection watchdogs (formerly known as the Article 29 Working Party or WP29) had raised concerns about the deal's status six months ago.

The resolution read:

[The Parliament] deplores that the Commission and the competent US authorities did not restart discussions on the Privacy Shield arrangement and did not set up any action plan in order to address as soon as possible the deficiencies identified, as called for by the WP29 in its December report on the joint review; calls on the Commission and the competent US authorities to do so without any further delay.

The parliament's Committee on Civil Liberties, Justice and Home Affairs – which drafted and approved the resolution last month – has been told to monitor developments, including cases brought before the Court of Justice of the European Union that could affect the deal. ®

Other stories you might like

  • Stolen university credentials up for sale by Russian crooks, FBI warns
    Forget dark-web souks, thousands of these are already being traded on public bazaars

    Russian crooks are selling network credentials and virtual private network access for a "multitude" of US universities and colleges on criminal marketplaces, according to the FBI.

    According to a warning issued on Thursday, these stolen credentials sell for thousands of dollars on both dark web and public internet forums, and could lead to subsequent cyberattacks against individual employees or the schools themselves.

    "The exposure of usernames and passwords can lead to brute force credential stuffing computer network attacks, whereby attackers attempt logins across various internet sites or exploit them for subsequent cyber attacks as criminal actors take advantage of users recycling the same credentials across multiple accounts, internet sites, and services," the Feds' alert [PDF] said.

    Continue reading
  • Big Tech loves talking up privacy – while trying to kill privacy legislation
    Study claims Amazon, Apple, Google, Meta, Microsoft work to derail data rules

    Amazon, Apple, Google, Meta, and Microsoft often support privacy in public statements, but behind the scenes they've been working through some common organizations to weaken or kill privacy legislation in US states.

    That's according to a report this week from news non-profit The Markup, which said the corporations hire lobbyists from the same few groups and law firms to defang or drown state privacy bills.

    The report examined 31 states when state legislatures were considering privacy legislation and identified 445 lobbyists and lobbying firms working on behalf of Amazon, Apple, Google, Meta, and Microsoft, along with industry groups like TechNet and the State Privacy and Security Coalition.

    Continue reading
  • SEC probes Musk for not properly disclosing Twitter stake
    Meanwhile, social network's board rejects resignation of one its directors

    America's financial watchdog is investigating whether Elon Musk adequately disclosed his purchase of Twitter shares last month, just as his bid to take over the social media company hangs in the balance. 

    A letter [PDF] from the SEC addressed to the tech billionaire said he "[did] not appear" to have filed the proper form detailing his 9.2 percent stake in Twitter "required 10 days from the date of acquisition," and asked him to provide more information. Musk's shares made him one of Twitter's largest shareholders. The letter is dated April 4, and was shared this week by the regulator.

    Musk quickly moved to try and buy the whole company outright in a deal initially worth over $44 billion. Musk sold a chunk of his shares in Tesla worth $8.4 billion and bagged another $7.14 billion from investors to help finance the $21 billion he promised to put forward for the deal. The remaining $25.5 billion bill was secured via debt financing by Morgan Stanley, Bank of America, Barclays, and others. But the takeover is not going smoothly.

    Continue reading

Biting the hand that feeds IT © 1998–2022