Bonum Certa Men Certa

EPO and Microsoft Collude to Break the Law -- Part VI: A Not-so-safe Harbour

Previous parts:



Safe Harbour
Thanks to the efforts of Max Schrems, the Safe Harbour Agreement was invalidated in October 2015



Summary: Examining the so-called 'Safe Harbour' Agreement, which was neither safe nor a harbour

To ensure that the personal data of European citizens was protected in a manner complaint with EU data protection regulations after it had been transferred to the USA, deals such as the Safe Harbour Agreement and the EU-US Privacy Shield were drafted and implemented to address the shortcomings of nationwide data protection in the USA.



As it turned out, these agreements did not last very long. The Court of Justice of the EU (CJEU) overturned them both because in practice they did not live up to the agreed data protection standards.

These CJEU rulings were a slap in the face for the politicians in the European Parliament who had rubber-stamped the agreements despite warnings from data protection advocates.

The CJEU judgements also gave a clear indication that future agreements of this kind must deliver genuine data protection if they are to be upheld.

"On top of this, there is also the concern and suspicion that commercially lucrative data from the EU can (and will) be tapped on the American side."This effectively creates an impasse because US providers are subject to American legislation such as the PATRIOT Act, the USA FREEDOM Act, and the CLOUD Act, which are designed to ensure that US authorities and intelligence agencies have access to personal data of EU citizens.

On top of this, there is also the concern and suspicion that commercially lucrative data from the EU can (and will) be tapped on the American side.

However, in July 2000, in the context of an examination of the adequacy of the protection of personal data transferred to other countries, the European Commission took the position that the "Safe Harbour" principles developed by the US were in compliance with Article 25 of the EU Data Protection Directive 95/56/EC and would provide "adequate protection" for the transfer of personal information from the EU to the US.

The European Commission thus gave approval for transfers of personal data to the US by means of executive decision no. 2000/520/EC, the so-called "Safe Harbour decision".

However, in 2013 this decision was called into question by the Snowden revelations.

The game was over on 6 October 2015 when the CJEU delivered its judgment in the case of Maximillian Schrems v Data Protection Commissioner.

"...in 2013 this decision was called into question by the Snowden revelations."In this judgment the Court invalidated the European Commission's Safe Harbour Decision, because "legislation permitting the public authorities to have access on a generalised basis to the content of electronic communications must be regarded as compromising the essence of the fundamental right to respect for private life".

Maximillian Schrems
Max Schrems in front of the office of the Irish Data Protection Commissioner in Dublin



This landmark judgment of the CJEU in data protection matters which is colloquially known as "Schrems I" was largely due to the efforts of one individual, the Austrian activist and author Maximilian "Max" Schrems who had initiated a legal action in his capacity as a Facebook user claiming that his Facebook data were insufficiently protected.

In essence Schrems argued that the Safe Harbor system would violate his fundamental right to privacy, data protection and the right to a fair trial under the Charter of Fundamental Rights of the European Union.

The striking down of the Safe Harbour Decision by the CJEU resulted in further talks between the EU Commission and the Obama Administration aimed at establishing "a renewed and sound framework for transatlantic data flows".

The outcome of these talks was a revised framework for regulating transatlantic exchanges of personal data which became known as the EU-US Privacy Shield.

"...the Privacy Shield turned out to be rather porous and it was also struck down by the CJEU in July 2020 in the context of a further legal challenge mounted by Max Schrems."The European Commission approved the Privacy Shield on 12 July 2016 and it entered into effect the same day.

However as we shall see in the next part, the Privacy Shield turned out to be rather porous and it was also struck down by the CJEU in July 2020 in the context of a further legal challenge mounted by Max Schrems.

Recent Techrights' Posts

Ubuntu Slop and FUD Manufactured With LLMs and Funded (by Oneself) 'Studies'
Slop and FUD are ruining the Web
Gemini Links 01/04/2025: Games and More
Links for the day
Why We're Reporting Brett Wilson LLP for Apparently Misusing Their Licence to Protect American Microsofters Who Attack Women
For those who have not been keeping abreast
Stefano Maffulli and His Microsoft-Funded OSI Staff Are Killing the OSI and Killing "Open Source" (All for Money!)
This is far from over
Techrights Headlines as Semaphore
"If you are hearing this, thank you"
 
The U.S. Patent and Trademark Office Hijacked Again by Patent Litigation Industry, as President Cheeto Prioritises Aggressors
The "mafia" has taken over the "industry" and the Federal system (justice and constitutions trampled upon)
Links 01/04/2025: Apple Fined $162M for Privacy Abuses, Disinformation Online a Growing Concern
Links for the day
Newer Press Reports Confirm That Microsoft Shuts Down 'Hey Hi' (AI) Labs Despite All the Hype
The "hey hi" (AI) bubble is not sustainable
Links 01/04/2025: Mass Layoffs at Eidos and "Microsoft Pulls Back on Data Centers" (Demand Lacking); "Racist and Sexist" Slop From Microsoft
Links for the day
Gemini Links 01/04/2025: XKCDpunk and worldclock.py
Links for the day
50 Years of Sabotage and a Gut Punch to Computer Science (and Science in General)
Will we get back to science-based computing rather than cult-like following?
3 Months in 2025, 4 Waves of Mass Layoffs at Microsoft, Now Offices Shut Down Permanently
"A recent visit by the South China Morning Post confirmed that the office was dark, unoccupied, and had its logo removed."
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Monday, March 31, 2025
IRC logs for Monday, March 31, 2025
Links 31/03/2025: China Tensions, Bombs Falling in Myanmar After Earthquake
Links for the day
Gemini Links 31/03/2025: Falling Out of Love With Tech, Sunsetting openSNP
Links for the day
R.T.O. at IBM in Texas and Atlanta (State of Georgia) Expected as "Soft Layoffs" Catalyst This Coming Year
It also sounds like more IBM layoffs are in the making
Law Firms Can Also Lose Their Licence for Clearly Misusing It
The bottom line is, never made the false assumption that because you can pile up SLAPPs in a docket you will not suffer from bad reputation or even get disbarred
Link between institutional abuse, Swiss jurists, Debianism and FSFE
Reprinted with permission from Daniel Pocock
LLM Slop Piggybacking News About GNU/Linux and Distorting It
new examples
Links 31/03/2025: Press and Democracy Under Further Attacks in the US, Attitudes Towards Slop Sour
Links for the day
Open Source Initiative (OSI) Privacy Fiasco in Detail: The OSI Does Not Respect Anybody's Privacy
The surveillance mafia that bans dissent or key people (even co-founders) with dissenting views
Gemini Links 31/03/2025: More X-Filesposting and Dreaming in Emacs
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, March 30, 2025
IRC logs for Sunday, March 30, 2025