Bonum Certa Men Certa
Links 14/3/2021: KDE Gear 21.04 Branches, Anger Over EPO Statement on EQE | The (e-)EQE Statement From the EPO Makes Things Even Worse as Victims of the Catastrophic Exam Feel Offended and Angry

EPO and Microsoft Collude to Break the Law -- Part VI: A Not-so-safe Harbour

Previous parts:



Safe Harbour
Thanks to the efforts of Max Schrems, the Safe Harbour Agreement was invalidated in October 2015



Summary: Examining the so-called 'Safe Harbour' Agreement, which was neither safe nor a harbour

To ensure that the personal data of European citizens was protected in a manner complaint with EU data protection regulations after it had been transferred to the USA, deals such as the Safe Harbour Agreement and the EU-US Privacy Shield were drafted and implemented to address the shortcomings of nationwide data protection in the USA.



As it turned out, these agreements did not last very long. The Court of Justice of the EU (CJEU) overturned them both because in practice they did not live up to the agreed data protection standards.

These CJEU rulings were a slap in the face for the politicians in the European Parliament who had rubber-stamped the agreements despite warnings from data protection advocates.

The CJEU judgements also gave a clear indication that future agreements of this kind must deliver genuine data protection if they are to be upheld.

"On top of this, there is also the concern and suspicion that commercially lucrative data from the EU can (and will) be tapped on the American side."This effectively creates an impasse because US providers are subject to American legislation such as the PATRIOT Act, the USA FREEDOM Act, and the CLOUD Act, which are designed to ensure that US authorities and intelligence agencies have access to personal data of EU citizens.

On top of this, there is also the concern and suspicion that commercially lucrative data from the EU can (and will) be tapped on the American side.

However, in July 2000, in the context of an examination of the adequacy of the protection of personal data transferred to other countries, the European Commission took the position that the "Safe Harbour" principles developed by the US were in compliance with Article 25 of the EU Data Protection Directive 95/56/EC and would provide "adequate protection" for the transfer of personal information from the EU to the US.

The European Commission thus gave approval for transfers of personal data to the US by means of executive decision no. 2000/520/EC, the so-called "Safe Harbour decision".

However, in 2013 this decision was called into question by the Snowden revelations.

The game was over on 6 October 2015 when the CJEU delivered its judgment in the case of Maximillian Schrems v Data Protection Commissioner.

"...in 2013 this decision was called into question by the Snowden revelations."In this judgment the Court invalidated the European Commission's Safe Harbour Decision, because "legislation permitting the public authorities to have access on a generalised basis to the content of electronic communications must be regarded as compromising the essence of the fundamental right to respect for private life".

Maximillian Schrems
Max Schrems in front of the office of the Irish Data Protection Commissioner in Dublin



This landmark judgment of the CJEU in data protection matters which is colloquially known as "Schrems I" was largely due to the efforts of one individual, the Austrian activist and author Maximilian "Max" Schrems who had initiated a legal action in his capacity as a Facebook user claiming that his Facebook data were insufficiently protected.

In essence Schrems argued that the Safe Harbor system would violate his fundamental right to privacy, data protection and the right to a fair trial under the Charter of Fundamental Rights of the European Union.

The striking down of the Safe Harbour Decision by the CJEU resulted in further talks between the EU Commission and the Obama Administration aimed at establishing "a renewed and sound framework for transatlantic data flows".

The outcome of these talks was a revised framework for regulating transatlantic exchanges of personal data which became known as the EU-US Privacy Shield.

"...the Privacy Shield turned out to be rather porous and it was also struck down by the CJEU in July 2020 in the context of a further legal challenge mounted by Max Schrems."The European Commission approved the Privacy Shield on 12 July 2016 and it entered into effect the same day.

However as we shall see in the next part, the Privacy Shield turned out to be rather porous and it was also struck down by the CJEU in July 2020 in the context of a further legal challenge mounted by Max Schrems.

Links 14/3/2021: KDE Gear 21.04 Branches, Anger Over EPO Statement on EQE | The (e-)EQE Statement From the EPO Makes Things Even Worse as Victims of the Catastrophic Exam Feel Offended and Angry

Recent Techrights' Posts

Real Security Elusive, Microsoft Layoffs to Coincide With Certificate Apocalypse
July 1
2026 is a Year of Strikes at the European Patent Office (EPO)
As it stands at the moment, to many people the EPO represents crime, not law
Only 1.5% Oppose the European Patent Office's (EPO) Strikes and Other Industrial Actions Until 2027
Among those polled/surveyed (in a ballot)
 
5 Years After Release of Vista 11 Not Even One in 5 People Use It (in the US)
It doesn't look like Vista 11 will ever be adopted like prior versions and announcing a Vista 12 will mostly upset companies/organisations that only recently "upgraded" to 11
Gemini Links 21/06/2026: Boca Raton, Perfect Summer Day, and LLM Doing Things Poorly
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Saturday, June 20, 2026
IRC logs for Saturday, June 20, 2026
Microsoft Insiders - Not Limited to XBox - Expect a 'Bloodbath' (Their Own Word)
This isn't limited to XBox
Reports of "PIP" as Means of Mass Layoffs at IBM This Year
some insights into the PIPs
SLAPP Censorship - Part 112 Out of 200: Strangles Women, Then Refuses to Even Attend Any of His Own Hearings About It
It is meanwhile very apparent that Brett Wilson LLP is becoming a "mench sphere"
Gemini Links 20/06/2026: "There Was Never Supposed to Be a Camera" and "What Is A Programming Language"?
Links for the day
Geminispace Reaches Its 8th Year, Today It Has Turned 7
Gemini Protocol 'went live' 7 years ago, just before the COVID-19 pandemic
Links 20/06/2026: "Full Page Paralysis" and "Hopes For Xbox’s Future Might Be Over Before It Even Begins"
Links for the day
European Patent Office's (EPO) Strikes "at a Scale not Seen Since Battistelli", European Patent Grants Down by Over 25% in Past 3 Months
The actions are effective
Links 20/06/2026: Microsoft's "Year of Shame" and "Feed the Writers"
Links for the day
Web Browsers Are Technically Bloatware (No Matter What Runs in Them)
Don't make it a society that shames people into using a Web browser where none should be needed
Fedora Has Changed a Lot Since I Last Used It (IBM Dominates Almost Everything, IBM Agenda Displaces Community Goals)
"It is effectively 100% run by Red Hat/IBM employed people... even when they are community-elected representatives."
Andy (Cyber Show) on His Teacher Who "Squeezed Every Last Drop Out of Life, With Gratitude, Humility, Generosity and Mettle"
Some call them "eccentric" and are dismissive about what they have to offer
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, June 19, 2026
IRC logs for Friday, June 19, 2026
Gopher/Gemini Links 20/06/2026: Slop With Tcl/Tk and Nokia 770 Perishes
Links for the day
SLAPP Censorship - Part 111 Out of 200: Garrett and Graveley (the Latter Arrested for Strangling Women) Keep Ousting Their Collaboration in Litigation, Lawfare in a Foreign Continent
it's not law, it's just warfare disguised as "law"
European Patent Office (EPO) Series: Lobbying in Lisbon...
reappointment campaign lobbying has not been restricted to the "home front" in Portugal
Slop Making Its Way Into Terms Where It Does Not Belong
Hopefully by year's end Google News can successfully cull (and deprive of traffic) almost all slopfarms
Links 19/06/2026: Microsoft Patent Troll Intellectual Ventures in Europe, "World Cup of Internet Resilience"
Links for the day
Links 19/06/2026: Salesforce Data Thefts and GAFAM's Conspiracy Theories That Data Center Opposition is a Foreign Plot
Links for the day
Links 19/06/2026: The Retweeting Class and Data Centres as National Security Risk
Links for the day
Don't Attack the Wives (or Spouses) of Pundits/Activists/Journalists
We will be writing several series about this in the future
Society Will Only Improve Owing to People Who Push Boundaries
Push boundaries with ideas and facts, not with forbidden language
Internet Relay Chat (Shorthand IRC) is Still Growing
Contrariwise, social control media is waning
The Register MS Published a New Page With "AI" 21 Times in It. It Was Paid SPAM.
The former editor of the The Register MS admitted to me (directly) that he knew all this "AI" stuff was stupid hype
Murdoch's Wall Street Journal (WSJ) Associates Dependence on a Ponzi Scheme With "the Future"
Those ludicrous ads (disguised as rankings) from WSJ deserve scorn and ridicule
The XBox Story is Still Fast-Developing, the Layoffs Are Confirmed to be Happening Already (Mid-June), Just Not "Officially"
Workers have Microsoft have long braced for what is happening this summer and will accelerate further in two weeks' time
Fake News From Rupert Murdoch's WSJ Could Not Keep IBM From Sinking
"2026 Best Companies for the Future"?
To GNU, AV2 Adoption May be a Year If Not Years Away
The leap between versions means that there is fertile ground for incompatibilities
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, June 18, 2026
IRC logs for Thursday, June 18, 2026
Gemini Links 19/06/2026: "Born and Raised by the Internet", Fifteen Years in Gopher
Links for the day