03.15.21

Gemini version available ♊︎

EPO and Microsoft Collude to Break the Law — Part VII: Lipstick on a Pig…

Posted in Europe, Law, Microsoft, Patents at 4:01 am by Dr. Roy Schestowitz

Previous parts:

Safe Harbour pig
The Privacy Shield was derided by its critics as “lipstick on a pig”

Summary: The Schrems II judgment has significant implications for “cloud computing” services

As we saw in the last part, following the invalidation of the Safe Harbour by the CJEU in its “Schrems I” judgment a revised framework for regulating transatlantic exchanges of personal data was pulled out of the hat in the form of the Privacy Shield.

From its very inception the robustness of this arrangement was questioned and it was derided by its critics as “lipstick on a pig”.

The hurried manner in which the Privacy Shield was cobbled together meant that it always smacked of being a flaky and legally unsound last minute political compromise between the EU and the Obama Administration.

In the eyes of its critics it was nothing more than a comfort blanket to calm post-NSA revelations nerves among non-US cloud services buyers, rather than a legally sound framework to protect data from intrusive examination by American intelligence services.

“The hurried manner in which the Privacy Shield was cobbled together meant that it always smacked of being a flaky and legally unsound last minute political compromise between the EU and the Obama Administration.”The first signs that the revised arrangement might not last very long came in January 2017 during the early days of the Trump Administration when the incoming POTUS signed off on a new Executive Order on “Enhancing Public Safety in the Interior of the U.S.”

Among other elements, this Executive Order directed US government agencies to “ensure that their privacy policies exclude persons who are not United States citizens or lawful permanent residents from the protections of the Privacy Act regarding personally identifiable information”.

This prompted certain commentators, such as MEP Jan-Philipp Albrecht, to express concerns about the tenability of the Privacy Shield and to call for its suspension pending clarification of the legal implications of Trump’s Executive Order.

The European Commission was quick to dismiss these concerns.

Others who remained sceptical about the tenability of the Privacy Shield arrangement confidently – and accurately – predicted that its days were numbered.

“The Schrems II judgment has significant implications for “cloud computing” services.”The final nail in the coffin came in 16 July 2020 when the CJEU delivered its judgment in the case of Facebook Ireland Ltd. v. Maximillian Schrems – known as “Schrems II” – which not only invalidated the Privacy Shield agreement but also put other data transfer mechanisms into significant doubt.

The CJEU found that due to the possibility of access to personal data of EU citizens by US authorities, the Privacy Shield infringed EU data protection regulations because it did not provide adequate GDPR‑compliant protection of personal data.

Privacy Shield
The Schrems II judgment has significant implications for “cloud computing” services

The Schrems II judgment has significant implications for “cloud computing” services.

Private companies and public sector bodies have increasingly started to make use of cloud services in recent years and this trend is likely to continue in future. The majority of cloud services are provided by vendors located in the US. The servers for the purchased services are partly located in the US, partly in Europe.

And this is where it gets interesting.

Even if a server is located in the EU, US authorities may access the stored data. This access is possible because of the FISA (Foreign Intelligence Surveillance Act) 702 and the EO (Executive Order) 12.333 which apply to all Electronic Communication Service Providers headquartered in the US.

“The majority of cloud services are provided by vendors located in the US. The servers for the purchased services are partly located in the US, partly in Europe.”Merely relocating the data to an EU-based region in these clouds is not sufficient, because the problem is not geographical in nature.

The decisive issue here is that US-owned cloud vendors are subject to US jurisdiction and US legislation can be used to them to hand out customer data to the US government, even if the servers storing that data happen to be located on foreign soil.

USA spying on EU
Even if a server is located in the EU, US authorities may access the stored data via FISA (Foreign Intelligence Surveillance Act) 702 and the EO (Executive Order) 12.333 which apply to all Electronic Communication Service Providers headquartered in the US.

In essence, the Schrems II judgment means that US-based cloud providers such as Google, Amazon Web Services (AWS), and Microsoft Azure cannot be used to store data about European citizens in a GDPR-compliant manner.

In December 2020 it was reported that the Swedish data protection authority had imposed the first GDPR-based fine for lack of adequate protection of sensitive data stored in a US‑based cloud platform after the Schrems II decision.

“In December 2020 it was reported that the Swedish data protection authority had imposed the first GDPR-based fine for lack of adequate protection of sensitive data stored in a US‑based cloud platform after the Schrems II decision.”In that case the Umeå University in Sweden was fined SEK 550,000 (approx. € 54,000) because it was found to have processed special categories of personal data concerning sexual life and health using storage in a cloud service of a US-based provider, without sufficiently protecting the relevant data.

The Swedish data protection authority referred to the Schrems II judgment and took the stance that per se a data transfer to the US triggers a high risk for personal data because data subjects are limited in protecting and enforcing their privacy rights.

In the next part we take a further look at the fallout from Schrems II in Europe and how the judgment has given new impetus to the discussion about European “data sovereignty”.

Share in other sites/networks: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Reddit
  • email

Decor ᶃ Gemini Space

Below is a Web proxy. We recommend getting a Gemini client/browser.

Black/white/grey bullet button This post is also available in Gemini over at this address (requires a Gemini client/browser to open).

Decor ✐ Cross-references

Black/white/grey bullet button Pages that cross-reference this one, if any exist, are listed below or will be listed below over time.

Decor ▢ Respond and Discuss

Black/white/grey bullet button If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

DecorWhat Else is New


  1. EPO Eating Its Own (and Robbing Its Own)

    António Campinos is lying to his staff and losing his temper when challenged about it; Like Benoît Battistelli, who ‘fixed’ this job for his banker buddy (despite a clear lack of qualifications and relevant experience), he’s just robbing the EPO’s staff (even pensioners!) and scrubbing the EPC for ill-gotten money, which is in turn illegally funneled into financialization schemes



  2. [Meme] EPO Budget Tanking?

    While the EPO‘s António Campinos incites people (and politicians) to break the law he’s also attacking, robbing, and lying to his own staff; thankfully, his staff isn’t gullible enough and some MEPs are sympathetic; soon to follow is a video and publication about the EPO’s systematic plunder (ETA midnight GMT)



  3. EPO.org (Official EPO Site) Continues to Promote Illegal Agenda and Exploit Ukraine for PR Stunts That Help Unaccountable Crooks

    epo.org has been turned into a non-stop propaganda machine of Benoît Battistelli and António Campinos because the EPO routinely breaks the law; it’s rather tasteless that while Ukrainians are dying the EPO’s mob exploits Ukraine for PR purposes



  4. [Meme] EPO Applicants Unwittingly Fund the War on Ukraine

    As we’ve just shown, António Campinos is desperately trying to hide a massive EPO scandal



  5. EPO Virtue-Signalling on the Ukrainian Front

    António Campinos persists in attention-shifting dross and photo ops; none of that can change the verifiable facts about the EPO’s connections to Lukashenko’s 'science park' in Minsk



  6. Links 19/05/2022: PostgreSQL 15 Beta 1 and Plasma 5.25 Beta

    Links for the day



  7. A Libera.Chat Anniversary and Happy Birthday (Maybe the Last) to 'Leenode'

    What became known as the so-called ‘Leenode’ is a cautionary tale, but maybe it is also a blessing in disguise because IRC as a whole seem to have become a lot more decentralised (as everything should be)



  8. Links 19/05/2022: The Gradual Fall of Netflix/DRM

    Links for the day



  9. IRC Proceedings: Wednesday, May 18, 2022

    IRC logs for Wednesday, May 18, 2022



  10. Links 18/05/2022: Qt Company Loses Chief; OpenSUSE Leap Micro 5.2 and RHEL 9 Final

    Links for the day



  11. Jim Zemlin's Wife is Funded by Puppies (Microsoft)

    Jim Zemlin — like his wife — is bagging millions from Microsoft, but that’s clearly a conflict of interest for the Linux Foundation



  12. Links 18/05/2022: More Defections From WordPress to Gemini

    Links for the day



  13. Links 18/05/2022: PikaScript and cURL's Annual User Survey

    Links for the day



  14. IRC Proceedings: Tuesday, May 17, 2022

    IRC logs for Tuesday, May 17, 2022



  15. Phoronix: Microsoft and Phoronix Sponsor (and Close Microsoft Partner) AMD All Over the Place

    When you’re taking massive 'gifts' from AMD (and also some from Microsoft) maybe it’s not surprising that editorial decisions change somewhat…



  16. EPO Has No F-ing Oversight

    Earlier today SUEPO mentioned this new article demonstrating that EPO President António Campinos can very obviously and blatantly violate the Code of Conduct of the Office without facing any consequences; there are translations too, so the report is now available in four languages



  17. [Meme] Linux-Rejecting Foundation

    The Linux Foundation never really leads by example; by default, it uses proprietary software



  18. Linux Foundation Almost Never uses Open Source

    The Linux Foundation uses proprietary software (look where they hire and take money from) and be sure they're probably not even aware of it



  19. Links 17/05/2022: Many More Games on GNU/Linux, YaST Development Report

    Links for the day



  20. Links 17/05/2022: Rocky Linux 8.6 and Budgie Desktop in Fedora

    Links for the day



  21. Patent Examiners Rising Up Against EPO Abuse

    Unhappy with the law-breaking autocracy (the EPO‘s management breaks the law as a matter of routine), fast-deteriorating working conditions and rapidly-decreasing quality of work (or lack of compliance with the law), workers have escalated further, topping off strikes and industrial actions with a large-scale petition



  22. [Meme] What Managers (Really) Mean by Acting Professionally

    The myth of 'professionalism' needs to die along with the façade of conformity as prerequisite for employment (Linus Torvalds can work just fine in a bathrobe in his own home)



  23. Internal Poll: 93% of European Patent Office (EPO) Workers Are Unhappy With the EPO

    On top of strike/s and industrial action/s there are now also petitions; at the EPO, almost all staff is "disgruntled" because of utterly corrupt and defunct leadership



  24. Links 17/05/2022: OpenSUSE Leap 15.4 Release Candidate

    Links for the day



  25. IRC Proceedings: Monday, May 16, 2022

    IRC logs for Monday, May 16, 2022



  26. Links 16/05/2022: FreeBSD 13.1 and Inkscape 1.2 Released

    Links for the day



  27. Archiving Latest Posts in Geminispace (Like a Dated Web Directory But for Gemini)

    Earlier today we saw several more people crossing over from the World Wide Web to Gemini; we're trying to make a decent aggregator and archive for the rapidly-expanding Geminispace, which will soon have 2,500 capsules that are known to Lupa alone



  28. Microsoft Vidal Does Not Want to Listen (USPTO is Just for Megacorporations)

    Microsoft Vidal knows her real bosses. They’re international corporations (multinationals like Microsoft), not American people.



  29. Links 16/05/2022: China Advances on GNU/Linux and Maui 2.1.2 is Out

    Links for the day



  30. Jim Zemlin: Chief Revenue Officer in 'Linux' Seat-Selling Foundation

    Board seats in the Linux Foundation are basically a product on sale, based internal documents


RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts