Bonum Certa Men Certa

EPO and Microsoft Collude to Break the Law -- Part VI: A Not-so-safe Harbour

Previous parts:



Safe Harbour
Thanks to the efforts of Max Schrems, the Safe Harbour Agreement was invalidated in October 2015



Summary: Examining the so-called 'Safe Harbour' Agreement, which was neither safe nor a harbour

To ensure that the personal data of European citizens was protected in a manner complaint with EU data protection regulations after it had been transferred to the USA, deals such as the Safe Harbour Agreement and the EU-US Privacy Shield were drafted and implemented to address the shortcomings of nationwide data protection in the USA.



As it turned out, these agreements did not last very long. The Court of Justice of the EU (CJEU) overturned them both because in practice they did not live up to the agreed data protection standards.

These CJEU rulings were a slap in the face for the politicians in the European Parliament who had rubber-stamped the agreements despite warnings from data protection advocates.

The CJEU judgements also gave a clear indication that future agreements of this kind must deliver genuine data protection if they are to be upheld.

"On top of this, there is also the concern and suspicion that commercially lucrative data from the EU can (and will) be tapped on the American side."This effectively creates an impasse because US providers are subject to American legislation such as the PATRIOT Act, the USA FREEDOM Act, and the CLOUD Act, which are designed to ensure that US authorities and intelligence agencies have access to personal data of EU citizens.

On top of this, there is also the concern and suspicion that commercially lucrative data from the EU can (and will) be tapped on the American side.

However, in July 2000, in the context of an examination of the adequacy of the protection of personal data transferred to other countries, the European Commission took the position that the "Safe Harbour" principles developed by the US were in compliance with Article 25 of the EU Data Protection Directive 95/56/EC and would provide "adequate protection" for the transfer of personal information from the EU to the US.

The European Commission thus gave approval for transfers of personal data to the US by means of executive decision no. 2000/520/EC, the so-called "Safe Harbour decision".

However, in 2013 this decision was called into question by the Snowden revelations.

The game was over on 6 October 2015 when the CJEU delivered its judgment in the case of Maximillian Schrems v Data Protection Commissioner.

"...in 2013 this decision was called into question by the Snowden revelations."In this judgment the Court invalidated the European Commission's Safe Harbour Decision, because "legislation permitting the public authorities to have access on a generalised basis to the content of electronic communications must be regarded as compromising the essence of the fundamental right to respect for private life".

Maximillian Schrems
Max Schrems in front of the office of the Irish Data Protection Commissioner in Dublin



This landmark judgment of the CJEU in data protection matters which is colloquially known as "Schrems I" was largely due to the efforts of one individual, the Austrian activist and author Maximilian "Max" Schrems who had initiated a legal action in his capacity as a Facebook user claiming that his Facebook data were insufficiently protected.

In essence Schrems argued that the Safe Harbor system would violate his fundamental right to privacy, data protection and the right to a fair trial under the Charter of Fundamental Rights of the European Union.

The striking down of the Safe Harbour Decision by the CJEU resulted in further talks between the EU Commission and the Obama Administration aimed at establishing "a renewed and sound framework for transatlantic data flows".

The outcome of these talks was a revised framework for regulating transatlantic exchanges of personal data which became known as the EU-US Privacy Shield.

"...the Privacy Shield turned out to be rather porous and it was also struck down by the CJEU in July 2020 in the context of a further legal challenge mounted by Max Schrems."The European Commission approved the Privacy Shield on 12 July 2016 and it entered into effect the same day.

However as we shall see in the next part, the Privacy Shield turned out to be rather porous and it was also struck down by the CJEU in July 2020 in the context of a further legal challenge mounted by Max Schrems.

Recent Techrights' Posts

How Not to Build Software
code forges that need a Web browser perhaps fill some 'niche' demand
GAFAM and "MATA"
The use of dark humour there hopefully helps illuminate what a lot of "modern" technology became like and how it interacts with human civilisation (to what ends and whose gain)
Flying in 2025
worse than ever before
The UEFI 9/11 - Part III - Chaos is Scheduled to Happen Second Thursday of September (No Matter What the Microsofters Tell You)
The clock is ticking
Downplaying the Impact of "UEFI 9/11" is a Losing Strategy
we won't publish much whilst on holiday
 
Representing and Speaking for Animals
If I ever choose to take this matter to tribunal with animals-centric NGOs on my side, it'll get some press coverage for sure
The UEFI 9/11 - Part II - Campaign of Censorship and Defamation Against Critics
In dictatorships, humour serves an important role. It's tragic.
In Kazakhstan, Yandex Estimated to be 20 Times Bigger Than Microsoft
Bing is measured as down this month
Shutterstock Not Enough? The Register MS Uses Slop Images in Articles (Seemingly More and More Over Time)
Cost-saving trajectory amid office shutdown?
Gemini Links 30/08/2025: Games, PostmarketOS, and Slop
Links for the day
Links 30/08/2025: Imgur Uproar and Many Ukraine Updates (Mediazona Reports Over 200,000 Russians Died for Putin)
Links for the day
Birds Are Not "Pests and Vermin", Privacy is Not a Crime, and GNU/Linux is Not 'Hacking Platform'
I could not help but think of Free software analogies
The Sites Should Be Very Fast Again
That issue is now resolved
Activists, Including Technical Activists, Need Not Pursue Affirmation
Techrights doesn't play or participate in a "popularity contest"
Government Sites Should Run Free Software
Not proprietary bloatware with buzzwords
LLM Slopfarms Take No Breaks
When people run sites by bots they don't need to worry about "breaks"
GNOME Having a Meltdown Again
Thanks and farewell to Steven Deobald
Gemini Links 30/08/2025: Low Tech and Hunchbin 1.0.6
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, August 29, 2025
IRC logs for Friday, August 29, 2025
Financiers and Sponsors of the Slop Hype (Pyramid Scheme Waiting to End, Bubble That Will Inevitably Implode)
It's also burning the planet
Slopwatch: Fake Articles About "Linux", Google Helps Ponzi Schemes and Slopfarms in Google News
Slopfarms are a real pain
Gemini Links 29/08/2025: Retiring at 62 and URL Filtering HTTP(S) Proxy on Qubes OS
Links for the day
Links 29/08/2025: Lisa Cook Sues Convicted Felon and Backdoor Mandate in UK Resisted
Links for the day
Links 29/08/2025: Arti 1.5.0, War on Public Health (CDC), and Slop 'Bros' Made to Pay for Their Mass Plagiarism
Links for the day
No, 4Chan is Not Fighting for You by Lawyering Up Against Ofcom (UK)
Don't mistake proto-fascists for people who "fight for you". They don't.
In Many Places in the World Vista 11 "Market Share" is Going Down, Not Up
In some countries Windows is already down to third place or lower
More Microsoft-Connected Layoffs, at Least Third Time This Month! (Also Another Death on Campus)
Microsoft as a "gaming" company is where studios, projects, games, and even developers come to die
Slopwatch: Fake Articles About "Linux", Slop Images in VentureBeat, Linux Foundation Spam Made With LLM Slop and Slop Images
The only relief or upside - if any exists - is that the pace of slop was down a bit this week
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, August 28, 2025
IRC logs for Thursday, August 28, 2025
Gemini Links 29/08/2025: Poems, Games, and Java 25 Performance
Links for the day
Links 28/08/2025: Greenland 'Interferences' by US and Skinnerboxes to Get Banned in Korean Schools
Links for the day
Richard Stallman (RMS) Talk in Ethereum Cypherpunk Congress Will be Remote
This past week RMS received lots of accolades online
The Register MS (Run by Microsoft Operatives): Free Software is Putin, Hence Evil and Dangerous
The current editor in chief is an American Microsofter, the previous one went to work for Google (US)
Links 28/08/2025: Chatbots Distorting/Fabricating History and Also Driving Suicide
Links for the day
Gemini Links 28/08/2025: Back in Japan and Why "Hacker News" Sucks
Links for the day
A Much-Needed Wake-up Call to Users of Wordpress.com, Blogspot, Substack and All Those Other Outsourced (and Centralised) Platforms
There are several lessons in there
Open Source Initiative (OSI) Resists Software Freedom, Even by Attacking Its Own
The OSI is compromised
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Wednesday, August 27, 2025
IRC logs for Wednesday, August 27, 2025
Slopwatch: linuxsecurity.com, Slopfarms in Google News, and More
Some readers of ours end up sending us links that are from slopfarms, not realising those are slopfarms