Understanding the new privacy (non-)deal between the US and EU

Understanding the new privacy (non-)deal between the US and EU
By Rick Falkvinge

Yesterday, the US and EU announced that they had come to an agreement regarding US corporations’ future use of EU personal data, after the European Court of Justice struck down the previous so-called Safe Harbor agreement. However, a closer look shows the new “deal” to be little more than an attempt to save face.

The European Union has long bent over backwards to give the United States anything it asked for on its own citizens. The United States asked for passenger name records on all flights in the EU, and received it (“PNR data”). The United States asked for data on all financial transactions (“SWIFT”), and received it.

One has to ask why this is in the interest of the European Union. It mostly isn’t, actually. But the EU is a multifaceted bureaucracy with many competing interests, and the executive branch – the European Commission – has historically been a lot more willing to sell out EU citizen interests when the US asks for it. This was not just evident in the cases above, but also with lopsided “trade deals” such as ACTA. The primary counterweights to the Commission are the European Parliament, which has elected representatives and is some equivalent of the legislative branch, and the European Court of Justice, which is the equivalent of the judicial branch.

It is in the light of this that the Commission’s previous “Safe Harbor” arrangement was struck down by the European Court of Justice. There are very strong privacy safeguards for personal data in the European Union, and the Commission had basically said that as long as US companies promise to adhere to those safeguards, they are free to take the data to servers elsewhere.

Now, the European Court of Justice cleared its throat, said “NSA”, said “mass surveillance”, and said that those US companies don’t have agency to make such a promise as long as the US government is doing what it’s doing, and promptly cancelled the Commission’s “Safe Harbor” arrangement. This was an embarrassment to the European Commission and the United States alike (the latter trying to pretend that mass surveillance doesn’t exist, or at least doesn’t matter).

It is in the light of this embarrassment that yesterday’s announcement must be understood.

There is no new deal. There is no new text of a new deal. There is, at most, an agreement to come to an agreement that doesn’t exist yet.

This is an attempt to try to save face.

The gist of the agreement that doesn’t exist yet appears to be some kind of guarantee from the United States to exempt European Union citizen data from mass surveillance when it’s handled by United States corporations, as a precondition for those US corporations handling the EU citizen data in the first place. But this is a contradiction in terms: the mass surveillance cannot tell European data apart from other data without first sniffing it up and looking at it. The action of sorting requires observation.

If the European Commission moves ahead with a new Safe Harbor that looks like this, or like the old one, the European Court of Justice will just nix it again. That’s hardly going to save face in the long run.

The post Understanding the new privacy (non-)deal between the US and EU appeared first on Privacy Online News.

February 3, 2016 at 12:53PM
via Privacy Online News http://ift.tt/20Gr6uz