Digital rights group the Electronic Frontier Forum (EFF) last week came out strongly against the Privacy Shield, the intended successor to the recently invalidated Safe Harbor agreement, which set official policy on how companies should handle the exchange of consumers' personal data from Europe to the US.
In a scathing blog post, the EFF asserted that the new agreement contains a “patchwork of concessions” that continue to leave the door open for the digital surveillance of hundreds of millions of Europeans by US government agencies. “It's unclear what, if anything, the new Privacy Shield is supposed to be shielding people from—except perhaps shielding US companies from the inevitable consequences of their country's mass surveillance programme,” the EFF wrote in its post yesterday.
The EFF piece takes exception to several major talking points advanced by the European Commission and the US Department of Commerce regarding this joint agreement.
For starters, the organisation objects to a 29 February release from the European Commission that states the US government has provided written assurances that there will be “no indiscriminate or mass surveillance by national security authorities.” The EFF suggests that use of the term “indiscriminate” is undefined and ambiguous; therefore, anyone espousing the most liberal interpretation of this policy might believe that “the data of hundreds of millions of people can be scanned by the government under broad categories, and that, somehow, this activity is discriminating.”
The new Privacy Shield offers European consumers several means of recourse when their digital privacy is violated. In alignment with this tenet, President Obama recently signed into law the Judicial Redress Act, which grants European citizens the same powers as US citizens to legally challenge companies that mismanage sensitive personal data. While this sounds promising, the EFF disputed the legislation's efficacy, noting that the law only applies to infringements of the Privacy Act of 1974, a law it claims is “riddled with exemptions.”
Citizens have other means of redress as well, such as by contacting EU Data Protection Authorities (DPAs) and through arbitration overseen by a Privacy Shield Panel.
However, EFF questioned the logic of establishing an independent ombudsman within the US State Department to handle redress from incidents specifically involving US national security. The organisation suggested there would be an inherent conflict of interest and bias toward US federal law enforcement, “especially when that department directly benefits from advice of the intelligence agencies.”
In light of these critiques, the EFF concludes that the Privacy Shield does not sufficiently remedy the flaws that resulted in Safe Harbour being struck down by the European Court of Justice. Rather, claims EFF, “It maintains the programme of mass surveillance against non-US persons that so disturbed the court, it denies Europeans effective remedy against a wide range of state surveillance programmes, and its proposed methods for dispute resolution are neither independent, nor reach sufficiently deeply into the intelligence agencies' practices.”
In stark contrast to the EFF's sentiments, US Secretary of Commerce Penny Pritzker effusively backed the new joint arrangement in a release earlier this week.
“Our US and EU negotiators worked around the clock to develop a new framework that underpins US $260 billion ($184 billion) in digital services trade across the Atlantic. The new EU-US Privacy Shield provides certainty that will help grow the digital economy by ensuring that thousands of European and American businesses and millions of individuals can continue to access services online,” said Pritzker in her statement. “In the end, we achieved a strong agreement that enables transatlantic commerce while safeguarding privacy."