One of the most surprising developments in recent years is how privacy – something that by definition is about small, intimate things – has become a major global force in the spheres of economics and politics. Perhaps the clearest demonstration of that transformation involves data flows across the Atlantic, and the Austrian lawyer and activist Max Schrems.
As the New York Times reported in 2015, Schrems was a 24-year-old student studying at the Santa Clara School of Law in California, when lawyers from Silicon Valley came to talk to students about their companies’ approach to privacy. Schrems was “taken aback” when he heard them say that they didn’t take Europe’s privacy laws very seriously, since companies rarely faced any significant penalties for breaking them.
What was probably just an off-the-cuff remark by a lawyer touched Schrems, an Austrian national, personally. It spurred him to investigate how Facebook dealt with EU data protection laws. In particular, Schrems asked to see all the data the company had collected from him, as he was entitled to do under EU privacy laws.
He was surprised to see that Facebook had retained information that he had deleted, including highly personal matters. Schrems filed various complaints with the Irish Data Protection Commission, which regulates Facebook in the EU because Facebook’s European headquarters are located in Ireland.
The revelation by Edward Snowden in 2013 that the US National Security Agency could access the personal data of EU citizens, thanks to the Prism program, led to another privacy complaint by Schrems, which concerned the transfer of his personal data from the EU to the US.
Under the 1995 EU Data Protection Directive, which preceded today’s better-known General Data Protection Regulation (GDPR), that was only permitted if the receiving country offered “an adequate level of protection of the data”. Schrems claimed that Snowden’s leaks revealed that the US did not offer the necessary level of protection.
The Court of Justice of the European Union (CJEU), the EU’s highest court, agreed with him, and ruled that the Safe Harbor framework agreed between the US and the EU to legalise the transfer of personal data was invalid. That ruling made the transfers to the US of personal data concerning EU citizens much harder, since companies could not depend on the Safe Harbor framework.
To remedy the situation, a replacement for the Safe Harbor scheme was agreed between the US and the EU. However, as PIA blog reported in 2020 the Privacy Shield was also sunk by the CJEU, largely on the same grounds as before.
Since then, the US and EU have been working hard to come up with a third framework to allow the smooth transfer of EU personal data in a way that is legal under the GDPR. Businesses on both sides of the Atlantic were becoming seriously concerned about the delay. The US Chamber of Commerce of Commerce and BusinessEurope issued a joint statement on the topic, which includes the following:
We call on the European Commission and on the U.S. Administration to swiftly conclude a robust new framework for data transfers, addressing the problems which led to the invalidation of the Privacy Shield, and upholding our shared transatlantic values of privacy and security.
Finalizing a new agreement will not only provide a legal mechanism that is accessible to small and medium-sized businesses but also will remove growing uncertainty around the role of standard contractual clauses, which are relied upon for the bulk of cross-border data flows. We are confident that a new agreement is within reach that can provide long-term legal certainty and will in turn yield increased innovation, cooperation, and growth across the transatlantic economy.
Indeed, the President of the EU Commission, Ursula von der Leyen, has just announced that the EU and US have “found an agreement in principle on a new framework for transatlantic data flows.” However, there are few details yet. In particular, it is not clear whether it can deal with the fallout of an important recent judgment handed down by the US Supreme Court. An opinion piece in The Hill explains:
The U.S. Supreme Court’s decision this month in FBI v. Fazaga, a case challenging FBI surveillance, will make it significantly harder for people to pursue surveillance cases, and for U.S. and European Union (EU) negotiators to secure a lasting agreement for transatlantic transfers of private data.
The justices gave the U.S. government more latitude to invoke “state secrets” in spying cases. But ironically, that victory undercuts the Biden administration’s efforts to show that the United States has sufficiently strong privacy protections to sustain a new Privacy Shield agreement — unless Congress steps in now.
The future “Trans-Atlantic Data Privacy Framework” has “a new multi-layer redress mechanism”, and specifies that “intelligence collection may be undertaken only where necessary to advance legitimate national security objectives, and must not disproportionately impact the protection of individual privacy and civil liberties”.
However, without full details of how those will work in practice, it’s impossible to say whether it is likely that the CJEU would rule that the new framework is invalid, as it did for the other two. Max Schrems has already indicated that he or others will bring a legal challenge if the new framework seems to offer insufficient safeguards.
Without a valid framework, companies will be forced to come up with expensive and messy ad hoc solutions that will act as a significant obstacle to the frictionless flow of personal data across the Atlantic. And all because of a few words said by a lawyer in front of one particular student.
By: Glyn Moody
By: Cameron F. Kerry
Recent congressional hearings and data breaches have prompted more legislators and business leaders to say the time for broad federal privacy legislation has come. Cameron Kerry presents the case for adoption of a baseline framework to protect consumer privacy in the U.S.
Most recent proposals for privacy legislation aim at slices of the issues this explosion presents. The Equifax breach produced legislation aimed at data brokers. Responses to the role of Facebook and Twitter in public debate have focused on political ad disclosure, what to do about bots, or limits to online tracking for ads.
Most state legislation has targeted specific topics like use of data from ed-tech products, access to social media accounts by employers, and privacy protections from drones and license-plate readers. Facebook’s simplification and expansion of its privacy controls and recent federal privacy bills in reaction to events focus on increasing transparency and consumer choice. So does the newly enacted California Privacy Act.
Our existing laws developed as a series of responses to specific concerns, a checkerboard of federal and state laws, common law jurisprudence, and public and private enforcement that has built up over more than a century.
It began with the famous Harvard Law Review article by (later) Justice Louis Brandeis and his law partner Samuel Warren in 1890 that provided a foundation for case law and state statutes for much of the 20th Century, much of which addressed the impact of mass media on individuals who wanted, as Warren and Brandeis put it, “to be let alone.”
The advent of mainframe computers saw the first data privacy laws adopted in 1974 to address the power of information in the hands of big institutions like banks and government: the federal Fair Credit Reporting Act that gives us access to information on credit reports and the Privacy Act that governs federal agencies.
Today, our checkerboard of privacy and data security laws covers data that concerns people the most. These include health data, genetic information, student records and information pertaining to children in general, financial information, and electronic communications (with differing rules for telecommunications carriers, cable providers, and emails).
- “Protecting Consumer Privacy and Security”. Federal Trade Commission. 2013-08-05. Retrieved 2021-09-28.
- “Fair Credit Reporting Act (FCRA)”. Investopedia. Retrieved 2021-09-28.
- “Children’s Online Privacy Protection Rule (“COPPA”)”. Federal Trade Commission. 2013-07-25. Retrieved 2021-09-28.
- “Fighting Identity Theft with the Red Flags Rule: A How-To Guide for Business”. Federal Trade Commission. 2013-05-02. Retrieved 2021-09-28.
- How Europe’s New Privacy Law Will Change the Web, and More”. Wired. ISSN 1059-1028. Retrieved 2021-10-26.
- “Facebook: active users worldwide”. Statista. Retrieved 2020-10-11.
- Hugl, Ulrike (2011), “Reviewing Person’s Value of Privacy of Online Social Networking,” Internet Research, 21(4), in press,
- Private traits and attributes are predictable from digital records of human behavior”. Proceedings of the National Academy of Sciences. 110 (15): 5802–5805.
- “Self-portraits and social media: The rise of the ‘selfie'”. BBC News. 2013-06-07. Retrieved 2021-03-17.
- Do Online Privacy Concerns Predict Selfie Behavior among Adolescents, Young Adults and Adults?”. Frontiers in Psychology. 8:
- The History of Cyberbullying”. Bark. 22 March 2017. Retrieved 2 November 2021.
- “In wake of Amanda Todd suicide, MPs to debate anti-bullying motion”. CTV News. Archived from the original on January 4, 2014. Retrieved October 17, 2012.
- Amanda Todd’s mother raises concerns about cyberbullying bill: Families of cyberbullying victims want legislation, but some have concerns about warrantless access to Canadians personal data”
More Remote Working Apps:
https://quintexcapital.com/?ref=arminham Quintex Capital https://www.genesis-mining.com/a/2535466 Genesis Mining http://www.bevtraders.com/?ref=arminham BevTraders https://jvz8.com/c/202927/369164 prime stocks https://jvz3.com/c/202927/361015 content gorilla https://jvz8.com/c/202927/366443 stock rush https://jvz1.com/c/202927/373449 forrk https://jvz3.com/c/202927/194909 keysearch https://jvz4.com/c/202927/296191 gluten free https://jvz1.com/c/202927/286851 diet fitness diabetes https://jvz8.com/c/202927/213027 writing job https://jvz6.com/c/202927/108695 postradamus https://jvz1.com/c/202927/372094 stoodaio https://jvz4.com/c/202927/358049 profile mate https://jvz6.com/c/202927/279944 senuke https://jvz8.com/c/202927/54245 asin https://jvz8.com/c/202927/370227 appimize https://jvz8.com/c/202927/376524 super backdrop https://jvz6.com/c/202927/302715 audiencetoolkit https://jvz1.com/c/202927/375487 4brandcommercial https://jvz2.com/c/202927/375358 talkingfaces https://jvz6.com/c/202927/375706 socifeed https://jvz2.com/c/202927/184902 gaming jobs https://jvz6.com/c/202927/88118 backlink indexer https://jvz1.com/c/202927/376361 powrsuite https://jvz3.com/c/202927/370472 tubeserp https://jvz4.com/c/202927/343405 PR Rage https://jvz6.com/c/202927/371547 design beast https://jvz3.com/c/202927/376879 commission smasher https://jvz2.com/c/202927/376925 MT4Code System https://jvz6.com/c/202927/375959 viral dash https://jvz1.com/c/202927/376527 coursova https://jvz4.com/c/202927/144349 fanpage https://jvz1.com/c/202927/376877 forex expert https://jvz6.com/c/202927/374258 appointomatic https://jvz2.com/c/202927/377003 woocommerce https://jvz6.com/c/202927/377005 domainname marketing https://jvz8.com/c/202927/376842 maxslides https://jvz8.com/c/202927/376381 ada leadz https://jvz2.com/c/202927/333637 eyeslick https://jvz1.com/c/202927/376986 creaite contentcreator https://jvz4.com/c/202927/376095 vidcentric https://jvz1.com/c/202927/374965 studioninja https://jvz6.com/c/202927/374934 marketingblocks https://jvz3.com/c/202927/372682 clipsreel https://jvz2.com/c/202927/372916 VideoEnginePro https://jvz1.com/c/202927/144577 BarclaysForexExpert https://jvz8.com/c/202927/370806 Clientfinda https://jvz3.com/c/202927/375550 Talkingfaces https://jvz1.com/c/202927/370769 IMSyndicator https://jvz6.com/c/202927/283867 SqribbleEbook https://jvz8.com/c/202927/376524 superbackdrop https://jvz8.com/c/202927/376849 VirtualReel https://jvz2.com/c/202927/369837 MarketPresso https://jvz1.com/c/202927/342854 voiceBuddy https://jvz6.com/c/202927/377211 tubeTargeter https://jvz6.com/c/202927/377557 InstantWebsiteBundle https://jvz6.com/c/202927/368736 soronity https://jvz2.com/c/202927/337292 DFY Suite 3.0 Agency+ information https://jvz8.com/c/202927/291061 VideoRobot Enterprise https://jvz8.com/c/202927/327447 Klippyo Kreators https://jvz8.com/c/202927/324615 ChatterPal Commercial https://jvz8.com/c/202927/299907 WP GDPR Fix Elite Unltd Sites https://jvz8.com/c/202927/328172 EngagerMate https://jvz3.com/c/202927/342585 VidSnatcher Commercial https://jvz3.com/c/202927/292919 myMailIt https://jvz3.com/c/202927/320972 Storymate Luxury Edition https://jvz2.com/c/202927/320466 iTraffic X – Platinum Edition https://jvz2.com/c/202927/330783 Content Gorilla One-time https://jvz2.com/c/202927/301402 Push Button Traffic 3.0 – Brand New https://jvz2.com/c/202927/321987 SociCake Commercial https://jvz2.com/c/202927/289944 The Internet Marketing Newsletter PLR Monthly Membership https://jvz2.com/c/202927/297271 Designa Suite License https://jvz2.com/c/202927/310335 XFUNNELS FE Commercial Drag-n-Drop Page Editor https://jvz2.com/c/202927/291955 ShopABot https://jvz2.com/c/202927/312692 Inboxr https://jvz2.com/c/202927/343635 MediaCloudPro 2.0 – Agency Rights https://jvz2.com/c/202927/353558 MyTrafficJacker 2.0 Pro+ https://jvz2.com/c/202927/365061 AIWA Commercial https://jvz2.com/c/202927/357201 Toon Video Maker Premium https://jvz2.com/c/202927/351754 Steven Alvey’s Signature Series 3rd Installment https://jvz2.com/c/202927/344541 Fade To Black https://jvz2.com/c/202927/290487 Adsense Machine https://jvz2.com/c/202927/315596 Diddly Pay’s DLCM DFY Club https://jvz2.com/c/202927/355249 CourseReel Professional https://jvz2.com/c/202927/309649 SociJam System https://jvz2.com/c/202927/263380 360Apps Certification Masterclass https://jvz2.com/c/202927/359468 LocalAgencyBox https://jvz2.com/c/202927/377557 Instant Website Bundle https://jvz2.com/c/202927/377194 GMB Magic Content https://jvz2.com/c/202927/376962 PlayerNeos VR