Supreme European Court: Due to the NSA, US companies are not self-agency to accept Privacy Obligations

10:17:00 PM
Supreme European Court: Due to the NSA, US companies are not self-agency to accept Privacy Obligations -

This week, the European Court of justice - the highest court of the European Union - said that American companies can not transmit sensitive private personal data out of Europe to United States for treatment because they have so far. It was a cancellation of the so-called Safe Harbor, where the self-declared US companies that meet certain European privacy standards. But the European Court (ECJ) the reason of Justice to declare Safe Harbor void goes well beyond the cancellation as such - it is said that US companies do not have to Agency such promises of any kind in the first place, contractual or unilateral, not now, not ever, as long as the NSA works.

most have focused on this this verdict, which is positively huge in itself. But even more interesting is the why , that nobody seems to have mentioned, which is downright thermonuclear. It becomes clear when you read the detail of the verdict summary, preferably on a good coffee, as I have done:

The verdict from the ECJ, and a large cup of coffee.

The summary of the verdict is just three pages, but will well beyond what has been reported so. far

verdict regarding the Safe Harbor provision, which is a way for US companies to self-report that they meet European requirements for the protection of data concerning individual persons - these data are considered sensitive and worthy of legal protection under European law. However, the verdict name Edward Snowden (!) And what he revealed, saying that companies can promise all they want, but that such promises without effect, that the US authorities (see National Security Agency) and can not replace those promises constantly. The court said that U.S. companies lacking body to contractually guarantee the privacy, US essentially equivalent to minors taken in this regard, unable to contract.

Citing the summary of the verdict, the Court wrote that all on confidentiality contract, promise, or policy "... is only applicable to US companies acceding States and public US authorities are not themselves subject. further requirements, national security, public interest and application of US law outweigh the shelter system, so that US companies are related to a contempt, not limited protection rules under this scheme where they conflict with such requirements. the shelter system for US and allows interference by the US government, with the fundamental rights of individuals ... "

Highlighted part of verdict summary

This piece is thermonuclear .

you see how this will greatly beyond the question at the center of Facebook and Google data need to store their data, which was the result reported so far this verdict ?

the full verdict, which was not mentioned at all in the media reports, goes further on this point. It is detailed in paragraphs 73 and forward, with some quotations:

  1. Thus, [it is established in Decision 00/520] that "national security, public interest, or the application of laws requirements "take precedence over the principles of the safe harbor, the rule under which the US independent certified organizations receiving personal data from the European Union are required to ignore these principles, but are limit, as they are contrary to these requirements and thus be incompatible with them.
  2. In light of the general nature of the derogation provided for in the fourth paragraph of Annex I to Decision 00/520, that decision thus enables interference, based on the requirements of national security and of public interest or the US national legislation with the fundamental rights of persons whose personal data is or could be transferred from the EU to the United States. To establish the existence of an interference with the fundamental right to respect for private life, it does not matter whether the information in question relating to privacy is sensitive or if the persons concerned have suffered consequences negative because of this interference.
  3. In particular, the legislation allowing public authorities to have access on a widespread basis the content of electronic communications should be considered as an attack on the essence of the fundamental right to respect for private life guaranteed section 7 of the Charter [of Fundamental Human Rights].

Now, this does not mean that the court has invalidated all contracts between a European entity and a US entity when the US entity has a commitment to privacy. But because the courts do not work like that - they can decide on the very specific matter before them, or they would have legislative power. In that verdict, they declared the Safe Harbor agreement null and void. But the court made clear his reasoning, reasoning that will be applicable to other cases brought before it.

So in practice, the European Court stated that US entities have any agency to promise anything with respect to the confidentiality safeguards, as long as the NSA is operating. Essentially, it held that U.S. companies do not enjoy freedom of contract in the area of ​​privacy, insofar European jurisdiction is concerned.

And it is enormously further than just the Safe Harbor being declared null and void.

Privacy remains in effect your own responsibility. This demonstrates why "trust" should not be a factor of privacy in the first place -. The preferred way is the case with companies that do not need all your data, so no confidence necessary

Previous
Next Post »
0 Komentar