03.14.21

Gemini version available ♊︎

EPO and Microsoft Collude to Break the Law — Part VI: A Not-so-safe Harbour

Posted in Europe, Law, Microsoft, Patents at 12:28 pm by Dr. Roy Schestowitz

Previous parts:

Safe Harbour
Thanks to the efforts of Max Schrems, the Safe Harbour Agreement was invalidated in October 2015

Summary: Examining the so-called ‘Safe Harbour’ Agreement, which was neither safe nor a harbour

To ensure that the personal data of European citizens was protected in a manner complaint with EU data protection regulations after it had been transferred to the USA, deals such as the Safe Harbour Agreement and the EU-US Privacy Shield were drafted and implemented to address the shortcomings of nationwide data protection in the USA.

As it turned out, these agreements did not last very long. The Court of Justice of the EU (CJEU) overturned them both because in practice they did not live up to the agreed data protection standards.

These CJEU rulings were a slap in the face for the politicians in the European Parliament who had rubber-stamped the agreements despite warnings from data protection advocates.

The CJEU judgements also gave a clear indication that future agreements of this kind must deliver genuine data protection if they are to be upheld.

“On top of this, there is also the concern and suspicion that commercially lucrative data from the EU can (and will) be tapped on the American side.”This effectively creates an impasse because US providers are subject to American legislation such as the PATRIOT Act, the USA FREEDOM Act, and the CLOUD Act, which are designed to ensure that US authorities and intelligence agencies have access to personal data of EU citizens.

On top of this, there is also the concern and suspicion that commercially lucrative data from the EU can (and will) be tapped on the American side.

However, in July 2000, in the context of an examination of the adequacy of the protection of personal data transferred to other countries, the European Commission took the position that the “Safe Harbour” principles developed by the US were in compliance with Article 25 of the EU Data Protection Directive 95/56/EC and would provide “adequate protection” for the transfer of personal information from the EU to the US.

The European Commission thus gave approval for transfers of personal data to the US by means of executive decision no. 2000/520/EC, the so-called “Safe Harbour decision”.

However, in 2013 this decision was called into question by the Snowden revelations.

The game was over on 6 October 2015 when the CJEU delivered its judgment in the case of Maximillian Schrems v Data Protection Commissioner.

“…in 2013 this decision was called into question by the Snowden revelations.”In this judgment the Court invalidated the European Commission’s Safe Harbour Decision, because “legislation permitting the public authorities to have access on a generalised basis to the content of electronic communications must be regarded as compromising the essence of the fundamental right to respect for private life”.

Maximillian Schrems
Max Schrems in front of the office of the Irish Data Protection Commissioner in Dublin

This landmark judgment of the CJEU in data protection matters which is colloquially known as “Schrems I” was largely due to the efforts of one individual, the Austrian activist and author Maximilian “Max” Schrems who had initiated a legal action in his capacity as a Facebook user claiming that his Facebook data were insufficiently protected.

In essence Schrems argued that the Safe Harbor system would violate his fundamental right to privacy, data protection and the right to a fair trial under the Charter of Fundamental Rights of the European Union.

The striking down of the Safe Harbour Decision by the CJEU resulted in further talks between the EU Commission and the Obama Administration aimed at establishing “a renewed and sound framework for transatlantic data flows”.

The outcome of these talks was a revised framework for regulating transatlantic exchanges of personal data which became known as the EU-US Privacy Shield.

“…the Privacy Shield turned out to be rather porous and it was also struck down by the CJEU in July 2020 in the context of a further legal challenge mounted by Max Schrems.”The European Commission approved the Privacy Shield on 12 July 2016 and it entered into effect the same day.

However as we shall see in the next part, the Privacy Shield turned out to be rather porous and it was also struck down by the CJEU in July 2020 in the context of a further legal challenge mounted by Max Schrems.

Share in other sites/networks: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Reddit
  • email

Decor ᶃ Gemini Space

Below is a Web proxy. We recommend getting a Gemini client/browser.

Black/white/grey bullet button This post is also available in Gemini over at this address (requires a Gemini client/browser to open).

Decor ✐ Cross-references

Black/white/grey bullet button Pages that cross-reference this one, if any exist, are listed below or will be listed below over time.

Decor ▢ Respond and Discuss

Black/white/grey bullet button If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

DecorWhat Else is New

  1. Links 01/06/2023: Spleen 2.0.0 Released and Team UPC Celebrates Its Own Corruption

    Links for the day

  2. IRC Proceedings: Wednesday, May 31, 2023

    IRC logs for Wednesday, May 31, 2023

  3. Tux Machines Closing the Door on Twitter Because Twitter is Dead (for a Lot of People)

    Tux Machines recently joined millions of others who had already quit Twitter, including passive posting (fully or partly automated)

  4. Links 31/05/2023: Inkscape’s 1.3 Plans and New ARM Cortex-A55-Based Linux Chip

    Links for the day

  5. Gemini Links 31/05/2023: Personality of Software Engineers

    Links for the day

  6. Links 31/05/2023: Armbian 23.05 Release and Illegal UPC

    Links for the day

  7. IRC Proceedings: Tuesday, May 30, 2023

    IRC logs for Tuesday, May 30, 2023

  8. Gemini Protocol About to Turn 4 and It's Still Growing

    In the month of May we had zero downtime (no updates to the system or outages in the network), which means Lupa did not detect any errors such as timeouts and we’re on top of the list (the page was fixed a day or so after we wrote about it); Gemini continues to grow (chart by Botond) as we’re approaching the 4th anniversary of the protocol

  9. Links 31/05/2023: Librem Server v2, curl 8.1.2, and Kali Linux 2023.2 Release

    Links for the day

  10. Gemini Links 31/05/2023: Bayes Filter and Programming Wordle

    Links for the day

  11. [Meme] Makes No Sense for EPO (Now Connected to the EU) and Staff Pensions to be Tied to the UK After Brexit

    It seems like EPO staff is starting to have doubts about the safety of EPO pensions after Benoît Battistelli sent money to reckless gambling (EPOTIF) — a plot that’s 100% supported by António Campinos and his enablers in the Council, not to mention the European Union

  12. Working Conditions at EPO Deteriorate and Staff Inquires About Pension Rights

    Work is becoming a lot worse (not even compliant with the law!) and promises are constantly being broken, so staff is starting to chase management for answers and assurances pertaining to finances

  13. Links 30/05/2023: Orc 0.4.34 and Another Rust Crisis

    Links for the day

  14. Links 30/05/2023: Nitrux 2.8.1 and HypoPG 1.4.0

    Links for the day

  15. Gemini Links 30/05/2023: Bubble Version 3.0

    Links for the day

  16. Links 30/05/2023: LibreOffice 7.6 in Review and More Digital Restrictions (DRM) From HP

    Links for the day

  17. Gemini Links 30/05/2023: Curl Still Missing the Point?

    Links for the day

  18. IRC Proceedings: Monday, May 29, 2023

    IRC logs for Monday, May 29, 2023

  19. MS (Mark Shuttleworth) as a Microsoft Salesperson

    Canonical isn’t working for GNU/Linux or for Ubuntu; it’s working for “business partners” (WSL was all along about promoting Windows)

  20. First Speaker in Event for GNU at 40 Called for Resignation/Removal of GNU's Founder

    It’s good that the FSF prepares an event to celebrate GNU’s 40th anniversary, but readers told us that the speakers list is unsavoury, especially the first one (a key participant in the relentless campaign of defamation against the person who started both GNU and the FSF; the "FSFE" isn't even permitted to use that name)

  21. When Jokes Became 'Rude' (or Disingenuously Misinterpreted by the 'Cancel Mob')

    A new and more detailed explanation of what the wordplay around "pleasure card" actually meant

  22. Site Updates and Plans Ahead

    A quick look at or a roundup of what we've been up to, what we plan to publish in the future, what topics we shall focus on very soon, and progress moving to Alpine Linux

  23. Links 29/05/2023: Snap and PipeWire Plans as Vendor Lock-in

    Links for the day

  24. Gemini Links 29/05/2023: GNU/Linux Pains and More

    Links for the day

  25. Links 29/05/2023: Election in Fedora, Unifont 15.0.04

    Links for the day

  26. Gemini Links 29/05/2023: Rosy Crow 1.1.1 and Smolver 1.2.1 Released

    Links for the day

  27. IRC Proceedings: Sunday, May 28, 2023

    IRC logs for Sunday, May 28, 2023

  28. Daniel Stenberg Knows Almost Nothing About Gemini and He's Likely Just Protecting His Turf (HTTP/S)

    The man behind Curl, Daniel Stenberg, criticises Gemini; but it's not clear if he even bothered trying it (except very briefly) or just read some inaccurate, one-sided blurbs about it

  29. Links 29/05/2023: Videos Catchup and Gemini FUD

    Links for the day

  30. Links 28/05/2023: Linux 6.4 RC4 and MX Linux 23 Beta

    Links for the day

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts