The Free Internet Project

US

Schrems II: EU Court of Justice strikes down US-EU "Privacy Shield," which allowed businesses to transfer data despite lower privacy protections in US

 On July 16, 2020, the European Union’s top court, the Court of Justice, struck down the trans-Atlantic data privacy transfer pact in a case called Schrems II. The agreement bewteen the US and EU known as the Privacy Shield, allows businesses to transfer data between the United States and European Union, even though U.S. privacy laws do not meet the higher level of data protection of EU law. Data transfer is essential for businesses that rely on the pact to operate their businesses across the Atlantic. For example, multi-national corporations routlinely obtain shipping consumer data from the EU for further use in the US. The Court of Justice ruled that the transfer of data leaves European citizens exposed to US government surveillance and did not comply with EU data privacy law. The Court explained: "although not requiring a third country to ensure a level of protection identical to that guaranteed in the EU legal order, the term ‘adequate level of protection’ must, as confirmed by recital 104 of that regulation, be understood as requiring the third country in fact to ensure, by reason of its domestic law or its international commitments, a level of protection of fundamental rights and freedoms that is essentially equivalent to that guaranteed within the European Union by virtue of the regulation, read in the light of the Charter."

Companies in the U.S. can work out privacy protections by contract, but such contracts also must comply with EU privacy standards. The Court explained: "the assessment of the level of protection afforded in the context of such a transfer must, in particular, take into consideration both the contractual clauses agreed between the controller or processor established in the European Union and the recipient of the transfer established in the third country concerned and, as regards any access by the public authorities of that third country to the personal data transferred, the relevant aspects of the legal system of that third country, in particular those set out, in a non-exhaustive manner, in Article 45(2) of that regulation."

Ars Technica explains the origins of Privacy Shield and the troubles that have long existed with the agreement. Prior to Privacy Shield being adopted, the agreement governing the sharing of consumer data across the Atlantic was called the Safe Harbor. In 2015, the Safe Harbor was invalidated after being challenged by Maximillian Schrems, an Austrian privacy advocate, because it conflicted with EU law. After the Safe Harbor was struck down by the Court of Justice, EU lawmakers and the US Department of Commerce negotiated the Privacy Shield, which went effect in 2016. But many in the EU questioned its validity and lawfulness.

In Schrems II, the Court of Justice agreed. According to Axios, Schrems complained that the clause in Facebook's data contract was insufficient to protect Europeans from US government surveillance. The Court agreed, ruling that once the data entered the US, it was impossible to adequately ensure the protection of the data.  European citizens would have no redress in the US for violations of the EU standards of privacy. The Privacy Shield did not provide equivalent privacy protection. 

So what happens next? EU and the US officials must negotiate a new data sharing agreement between the EU and the US that can be equivalent to the level of privacy protection in the EU. Tech companies like Google and Facebook have issued assurances that this decision will not affect their operations in Europe because the companies have alternative data-transfer contracts, according to Ars Technica. It remains to be seen whether a new transatlantic data sharing agreement can be reached in a way that comports with EU privacy law.

-written by Bisola Oni

U.S. Federal Communications Commission votes to repeal net neutrality law

 

On December 14, 2017, the United States Federal Communications Commission (FCC) voted to repeal Obama's net neutrality protections. These now-eliminated protections include barring internet providers from slowing down or blocking access to online content, and prohibiting internet providers from promoting their own content. Ajit Pai, Chairman of the FCC, stated "[the repeal] is not going to destroy the internet. It is not going to end the internet as we know it. It is not going to kill democracy. It is not going to stifle free expression online."

Others, have voiced strong opinions against the repeal. "This is a matter of enormous importance with significant implications for our entire economy and therefore merits the most thorough, deliberate, and thoughtful process that can be provided," stated Maine Senators Susan Collins, Republican, and Angus King, independent. The FCC also received millions of comments supporting current net neutrality protections.

States have voiced their stance against the FCC's net neutrality protection repeals. New York Attorney General Eric Schneiderman has declared intentions to sue to stop the FCC’s rollback of net neutrality, stating "We will be filing a claim to preserve protections for New Yorkers and all Americans. And we’ll be working aggressively to stop the FCC’s leadership from doing any further damage to the internet and to our economy.” Washington State Attorney Bob Ferguson also announced his intention to take action, stating "Today, I am announcing my intention to file a legal challenge to the FCC’s decision to roll back net neutrality, along with attorneys general across the country." Other states, including Oregon, Illinois, Iowa, and Massachusetts, will join the lawsuit as well.
 

Blog Search

Blog Archive

Categories