The Safe Harbor agreement was a quasi-judicial understanding that the US undertook to agree that it would ensure that EU citizens' data on US servers would be held and protected under the same restrictions as it would be under EU law and directives. The data covers a huge array of information — from internet and communications usage, to sales transactions, import and exports.
Short life for #PrivacyShield? "#ECJ could reject it. We'll ask for renegotiation", @JanAlbrecht told us https://t.co/kTOybup00P @maxschrems
— Francesca De Benedet (@FrancesDiBi) 13 July 2016
Schrems, a Facebook user, lodged a complaint with the Irish Data Protection Commissioner, arguing that — in the light of the revelations by ex-CIA contractor Edward Snowden of mass surveillance by the US National Security Agency (NSA) — the transfer of data from Facebook's Irish subsidiary onto the company's servers in the US do not provide sufficient protection of his personal data.
The court ruled that:
"The Safe Harbor Decision denies the national supervisory authorities their powers where a person calls into question whether the decision is compatible with the protection of the privacy and of the fundamental rights and freedoms of individuals."
This week, the EU and the US signed off a replacement for Safe Harbor, called Privacy Shield, which is claimed to protect European citizens from mass surveillance by the US authorities.
However, Max Schrems told Sputnik: "Privacy Shield is the product of pressure by the US and the IT industry — not of rational or reasonable considerations. It is little more than a little upgrade to Safe Harbor, but not a new deal. It is very likely to fail again, as soon as it reaches the CJEU."
"This deal is bad for users, which will not enjoy proper privacy protections and bad for businesses, which have to deal with a legally unstable solution. The European Commission and the US government managed to make everyone miserable, when they could have used this opportunity to upgrade the protections that are crucial for consumer trust in online and cloud services."
Privacy Shield promises that "for the first time, the US government has given the EU written assurance from the Office of the Director of National Intelligence that any access of public authorities for national security purposes will be subject to clear limitations, safeguards and oversight mechanisms, preventing generalized access to personal data […] through an Ombudsperson mechanism within the Department of State, who will be independent from national security services. "
Schrems told Sputnik:
"The ombudsperson is an undersecretary of the US state department, not a court or independent body. While the new ombudsperson can raise issues within the US government, the reply to the individual is defined in Annex IV of the Privacy Shield decision."
"It will always contain the same two sentences. First, the US will not confirm or deny any surveillance. Secondly, say that all US laws were adhered to, or any non-compliance was remedied.
"The proposed ombudsperson therefore provides for anything but a 'right to an effective remedy and to a fair trial' as the [Court of Justice of the European Union] CJEU has required in line with Article 47 of the Charter of Fundamental Rights," Schrems told Sputnik.