Données personnelles : les USA et l’UE promettent un super accord, mais il risque encore de voler en éclats

Données personnelles : les USA et l’UE promettent un super accord, mais il risque encore de voler en éclats

Advertisements

Advertisements

The European Union and the United States announce a political agreement on a new framework authorizing the transfer of personal data between the two shores of the Atlantic. But without fundamental reform in the USA, it risks going wrong, like the Safe Harbor and the Privacy Shield.

White smoke between the European Union and the United States. During a press briefing held this Friday, March 25 between Ursula von der Leyen, President of the European Commission, and Joe Biden, US President, it was announced that a transatlantic agreement has been reached on the transfer of personal data between the two continents.

Happy that we have reached an agreement in principle on a new framework for transatlantic data flows », wrote on Twitter Ursula von der Leyen. ” It will enable predictable and trustworthy data flows, balancing security, privacy rights and data protection. This is a new step in strengthening our partnership. »

Joe Biden Ursula von der Leyen
Joe Biden and Ursula von der Leyen. // Source: European Commission

To understand what it is all about, we must first start from an observation: the web is today largely dominated by large American groups, in the sector of social networks and online services in particular. Just look at the nationality of some of the Internet giants to be convinced: Amazon, Google, Facebook, Twitter, Netflix, Microsoft, etc.

But on the web, everything revolves around personal data, or almost. This has acquired a lot of value, for example for advertising targeting, but also to understand more precisely the behavior of the Internet user, and to learn from it. This information can be used to transform a product to better meet needs, for example.

The role of personal data — which is sometimes described as black gold in the digital world — and the nationality of the main groups on the Internet have therefore had the effect of leading to a transfer of this information to the United States, since Internet users Europeans favor the American service offer more than the European alternatives.

From this observation, and because European legislation prohibits the transfer of personal data to third countries which do not protect them as well as in the EU, a specific framework has been put in place: the Safe Harbor. This was to allow the transfer of data from one side of the Atlantic to the other, if certain requirements were met in terms of protection.

The Safe Harbor explodes in 2015, the Privacy Shield in 2020

All was well in the brave new world until the turn of the 2010s. Revelations made by whistleblower Edward Snowden in 2013 suggest that the United States does not offer an adequate level of protection for European Internet users, given the activity of their intelligence services on the Internet.

The thunderclap occurs in 2015. The Court of Justice of the European Union invalidates the Safe Harbor. Panic in Washington and Brussels, given the economic stakes – digital technology being already at the time an engine for growth and irrigating many sectors of activity. It was therefore necessary to find an alternative solution as soon as possible.

Real Captain America Shield That Actually Bounces Back!  –  OVER 100 FT BOUNCE!!!  12-30 screenshot
The Privacy Shield was meant to be a shield for privacy. But the CJEU found it insufficient for Europeans. // Source: Jlaservideo / YouTube

A new framework was then put in place in 2016: the Privacy Shield. The European Commission then considers that this is a good, more protective response. But not everyone shares this opinion: the regulatory authorities of the Old Continent, the European Parliament, the National Digital Council, civil society associations are much more severe.

And there is another who is not happy. This is Maximilian Schrems. His name may not be well known, but he was the one behind the invalidation of Safe Harbor. You see it coming: it is also he who caused the disappearance of the Privacy Shield in 2020, with another successful action before the Court of Justice of the European Union.

Essentially, European justice considered that the USA did not supervise its surveillance programs enough to protect the interests of Europeans. US regulations does not confer on the persons concerned rights enforceable against the United States authorities in court “, noted in particular the CJEU.

Will the third attempt be the right one?

So here we are: two legal frameworks supposed to set the rules of the game between the two shores of the Atlantic have been shattered: the Safe Harbor in 2015 and the Privacy Shield in 2020. Will the third attempt be the good ? We will have to wait to judge on documents, with the presentation of the text supposed to better manage the transfer of personal data this time.

But if the United States has not since carried out adequate reforms to satisfy the European rules of the game, it does not take a great cleric to assume that this third attempt will once again fail. This is the prediction made by, for example, Ashley Gorskya lawyer with the American Civil Liberties Union, on March 23.

If the Biden administration and the European Commission announce a new Privacy Shield agreement without US legislative reforms, it is almost certain that the agreement will (again) be struck down by the EU’s highest court, leaving American companies in the lurch “, she wrote on Twitter.

Schrems
Maximilian Schrems // Source: Noyb

If the legal details are not yet known – the agreement being political for the moment – ​​Maximilian Schrems is already playing a little threatening music. The one who has become in a few years a pet peeve for the giants of the net, the lawyers of Washington and Brussels, predicts a disastrous fate for the text in the event of a new procedure.

It seems that we are doing another PrivacyShield especially in one respect: politics at the expense of law and fundamental rights. It has already failed twice. What we hear is another ‘tinkering’ approach but no substantial reform from the US side. Let’s wait for a text, but I bet in the first place it will fail again. »

Leave a Comment

Your email address will not be published.