Bonum Certa Men Certa

EPO and Microsoft Collude to Break the Law -- Part VI: A Not-so-safe Harbour

Previous parts:



Safe Harbour
Thanks to the efforts of Max Schrems, the Safe Harbour Agreement was invalidated in October 2015



Summary: Examining the so-called 'Safe Harbour' Agreement, which was neither safe nor a harbour

To ensure that the personal data of European citizens was protected in a manner complaint with EU data protection regulations after it had been transferred to the USA, deals such as the Safe Harbour Agreement and the EU-US Privacy Shield were drafted and implemented to address the shortcomings of nationwide data protection in the USA.



As it turned out, these agreements did not last very long. The Court of Justice of the EU (CJEU) overturned them both because in practice they did not live up to the agreed data protection standards.

These CJEU rulings were a slap in the face for the politicians in the European Parliament who had rubber-stamped the agreements despite warnings from data protection advocates.

The CJEU judgements also gave a clear indication that future agreements of this kind must deliver genuine data protection if they are to be upheld.

"On top of this, there is also the concern and suspicion that commercially lucrative data from the EU can (and will) be tapped on the American side."This effectively creates an impasse because US providers are subject to American legislation such as the PATRIOT Act, the USA FREEDOM Act, and the CLOUD Act, which are designed to ensure that US authorities and intelligence agencies have access to personal data of EU citizens.

On top of this, there is also the concern and suspicion that commercially lucrative data from the EU can (and will) be tapped on the American side.

However, in July 2000, in the context of an examination of the adequacy of the protection of personal data transferred to other countries, the European Commission took the position that the "Safe Harbour" principles developed by the US were in compliance with Article 25 of the EU Data Protection Directive 95/56/EC and would provide "adequate protection" for the transfer of personal information from the EU to the US.

The European Commission thus gave approval for transfers of personal data to the US by means of executive decision no. 2000/520/EC, the so-called "Safe Harbour decision".

However, in 2013 this decision was called into question by the Snowden revelations.

The game was over on 6 October 2015 when the CJEU delivered its judgment in the case of Maximillian Schrems v Data Protection Commissioner.

"...in 2013 this decision was called into question by the Snowden revelations."In this judgment the Court invalidated the European Commission's Safe Harbour Decision, because "legislation permitting the public authorities to have access on a generalised basis to the content of electronic communications must be regarded as compromising the essence of the fundamental right to respect for private life".

Maximillian Schrems
Max Schrems in front of the office of the Irish Data Protection Commissioner in Dublin



This landmark judgment of the CJEU in data protection matters which is colloquially known as "Schrems I" was largely due to the efforts of one individual, the Austrian activist and author Maximilian "Max" Schrems who had initiated a legal action in his capacity as a Facebook user claiming that his Facebook data were insufficiently protected.

In essence Schrems argued that the Safe Harbor system would violate his fundamental right to privacy, data protection and the right to a fair trial under the Charter of Fundamental Rights of the European Union.

The striking down of the Safe Harbour Decision by the CJEU resulted in further talks between the EU Commission and the Obama Administration aimed at establishing "a renewed and sound framework for transatlantic data flows".

The outcome of these talks was a revised framework for regulating transatlantic exchanges of personal data which became known as the EU-US Privacy Shield.

"...the Privacy Shield turned out to be rather porous and it was also struck down by the CJEU in July 2020 in the context of a further legal challenge mounted by Max Schrems."The European Commission approved the Privacy Shield on 12 July 2016 and it entered into effect the same day.

However as we shall see in the next part, the Privacy Shield turned out to be rather porous and it was also struck down by the CJEU in July 2020 in the context of a further legal challenge mounted by Max Schrems.

Recent Techrights' Posts

GNU/Linux Rises to All-Time High in Chile
sharp rise for GNU/Linux in Chile
Why We Still Love Gemini Protocol
Gemini Protocol may seem like something "old" (it's actually very new) and something "nobody would use", but many people use it
 
Links 09/02/2025: Coffee, Toxic Productivity, and Programming
Links for the day
Debian's Human Rights violations & Swiss women Nazi symbolism
Reprinted with permission from Daniel Pocock
Links 09/02/2025: Software Patents on MP3 and Another Scam Dressed Up as "Crypto"
Links for the day
Links 09/02/2025: Russian Energy Cut Off, LLM Pushers Show Signs of Desperation
Links for the day
Richard Stallman (RMS) Does Not Have Media Companies and Lobbyists on His Side, But His Message Spreads Regardless
The message of RMS is spreading in spite of all the smears
Links 09/02/2025: Hottest January on Record, Panama Blackmailed
Links for the day
Gemini Links 09/02/2025: "Died as a Mineral" and Game Interface for a Non-Game
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Saturday, February 08, 2025
IRC logs for Saturday, February 08, 2025
Links 08/02/2025: UK Back Doors and Religious Fundamentalists in Positions of Higher Power
Links for the day
Today's IBM (Red Hat) Isn't the Company That Fought a Microsoft-Sponsored SCO in Court
IBM is nowadays in a state of rapid disintegration
When You Simply Rebrand Almost Everything as "Hey Hi" ("AI"), "Hey Hi Workloads", "Hey Hi Datacentres" and Whatnot
The "growth" has been a growing lie for years if not decades
Microsoft Windows Falls to 12% in Myanmar
Remember that Microsoft is virtually 0% in mobile
This is the Man Who's Attacking Linus Torvalds et al in "a Disease" (Social Control Media)
One thing that Richard M. Stallman and Torvalds can agree on is that Social Control Media should be avoided
Gemini Links 08/02/2025: "Thought Leaders" and Returns to Gemini Protocol
Links for the day
Links 08/02/2025: MElon Coup, Mass Layoffs at Facebook, and PlayStation Network Down
Links for the day
Unlike GAFAM, Free Software Serves You, It Does Not Serve Governments and MElons (Overlapping Forces)
Tired of oligarchy controlling your life through gadgets and "apps"?
On Wars Against Founders
We need to insist that founders remain
When It Comes to Social Control Media, Linus Torvalds is Channeling Techrights
GAFAM workers know exactly who to aim at
New EPO Paper: Promoting (Rewarding) People Who Grant Many Illegal European Patents to Make More Money (at Europeans' Expense) While Patent Courts in the EU Are Themselves Illegal
now the coup is sort of complete and even the "courts" are part of the corruption
Slopwatch: Carnival of LLM Slop and FUD Spewed by Bots, Pasted in by MaKenna Hensley and Day
Welcome to the Web in 2025. Articles about "Linux", "Security", and the Web (e.g. "Firefox") are fake.
Links 08/02/2025: News Corp Admits Traffic Declines, Wildlife Trafficking Tackled
Links for the day
Gemini Links 08/02/2025: Lamp and Notions
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, February 07, 2025
IRC logs for Friday, February 07, 2025
Links 07/02/2025: Amazon’s Stock Collapses and US Government Being Dismantled (Still)
Links for the day
Gemini Links 07/02/2025: Mid-level Details and Simple Code
Links for the day
Links 07/02/2025: US 'Demolition Crew', e-ID Loopholes, and Sanctions
Links for the day
Professor Eben Moglen on How Social Control Media Metabolises Humans and Constrains Freedom of Thought
Nothing of value would be lost if all these data-harvesting giants (profiling people) vanished overnight
Social Control Media is Narcissism
Nowadays there's a lot more literature and even press coverage explaining the harms of Social Control Media
Debian Left Twitter (MElon "X"), We Think the Free Software Foundation (FSF) Should Do the Same
What would the FSF really lose if it stopped posting there?
statCounter Sees GNU/Linux Share Doubling in China Over the Past Year
It'll be interesting to see what data in the coming months shows
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, February 06, 2025
IRC logs for Thursday, February 06, 2025
Richard Stallman (RMS) Confirms Next Week's Talk in Europe
He gave at least 2 talks in Europe last month
Nationalism As A Service (NaaS) by Microsoft Azure, Gutting the US Government for Profit
Will Microsoft be receiving bailouts as a reward for all this?
Rumours of IBM Layoffs Apparently Confirmed Yesterday, IBM Canada Consulting Impacted (as Rumoured)
when IBM has layoffs we must also read it as Red Hat layoffs