“Safe Harbor” becomes “Privacy Shield”

• But for Europeans it's not so private and not much of a shield
• But hey, that’s the way the cookie crumbles
• Remember, data is like people. Interrogate it hard enough and it'll tell you whatever you want to hear

Yesterday, the EU and the US signed the "Privacy Shield" agreement that will permit a myriad of online data to be transferred freely back and forth across the Atlantic. The pact allows some 4,500 companies and organisations that have made the appropriate registration with the US Department of Commerce (including the likes of Facebook and Google) to shuttle digital information across The Pond - as and when they want.

The registered companies claim that the transfer of data between the European and American continents is vital to their continued business interests and success. However, last year the European High Court ruled that "Safe Harbor", the earlier iteration of Privacy Shield, was anything but safe as far as the protection of the privacy rights of European citizens was concerned.

So it was back to the drawing board for a review and now, more than a year later, the EU has signed-up to a new deal and is claiming that data pertaining to European citizens will now be better protected when it is moved back-and-forth across the ocean.

It has been a hard-sell and many Europeans remain sceptical about protestations by politicians that European data will henceforth be safe from eavesdropping and sequestration by agencies of the US government and corporations. However, as usual it is money that makes the most noise and US companies say that trans-Atlantic digital traffic has a commercial worth of at least $260 billion a year - and that's what counts.

According to those that negotiated Privacy Shield the new deal is a good one because Europeans now have some say as to how their personal private data gets used Stateside and have the rights to go to law in the US if they have evidence that either US companies or even the government has taken, manipulated and misused their data.

To prove their bona fides the US administration has now created a special (but rather small) section within the State Department to deal with and pursue any complaints from Europeans and European organisations and businesses that US corporations, the intelligence agencies and other government departments of varying secrecy and opacity have illegally viewed, collected, manipulated and used European digital data. Furthermore, an official declaration has been signed that promises agencies of present and future American administrations will not "indiscriminately collect and monitor Europeans’ data without cause". However, there is no oversight of what that "cause" might be and, of course, it will change with time and political circumstance.

Since, in 2013, the whistle-blowing US intelligence agency contract worker Edward Snowden leaked massive tranches of data showing, unequivocally, that the US National Security Agency routinely made mass interception of private data and spied on individuals all over the world seemingly with and minimal policing or oversight, Europeans have been worried about what the US has been doing with the data it has purloined.

Since then the European establishment, government, policy makers and legal system has been focused on how to protect the privacy of European data whether relating to individuals, businesses or governments. Meanwhile, a slew of US technology companies are being sued in Europe, accused of complicity with US agencies in sequestering European digital data.

Despite historical, recent and any future terrorist atrocities, Europe's attitude to the privacy of data, (where it is regarded as a fundamental human right along with freedom of expression), is very different to what now pertains in the post-9/11 US and although the US government says that foreign nationals are afforded exactly the same privacy rights as US citizens, it is, as Hamlet said, a principle "more honoured in the breach than the observance".

So, the deal is done and Privacy Shield is now in place but privacy campaigners and lobbying bodies in Europe, as well as several European national data protection agencies, remain dissatisfied with the new "guarantees". Furthermore, the European Court of Justice (the body that struck-down Safe Harbor) is to review the provisions and working of Privacy Shield and could again rule that the new agreement has too many loopholes to be accepted in its current form. However, the mills of European justice grind slow and any case to change or negate either aspects or all of Privacy Shield will not be heard until the beginning of 2018.

Meanwhile corporations are building-up their defences and are spending massive sums to demonstrate and assure that their data privacy regimes and systems fully conform with the requirements of Privacy Shield.

And finally, a quote from the renowned Finnish security guru Mikko Hypponen. "Foreigners like me have no privacy rights whatsoever. Yet we keep using US-based services all the time, making us a legal target for gathering and storing our private information. Other countries do surveillance as well. But nobody has the global visibility that United States does."

You can see our recent Berlin interview with Mikko Hypponen here on the TelecomTV website.