Trojan horse
© alittlebitbunny.blogspot.comHvad er chancerne for at denne "hest" virkelig er den dataoverførselsaftale de forventer?
EU har accepteret en ny version af den såkaldte Private Shield lov, som ville tillade amerikanske firmaer at overføre europæernes private data til servere på den anden side af atlanten. EU gik imod den tidligere opnåede aftale på grund af bekymringer om USA's datasikkerhed.

"I dag har medlemsstater givet deres solide støtte til EU-US Privacy Shield, det fornyede sikre rammeværk for transatlantiske dataoverførsler," bekendtgjorde kommissionens Vicepræsident Andrus Ansip og retskommissær Vera Jourova i en udtalelse og sagde at aftalen sikrer "et højt niveau af beskyttelse for individer og legal sikkerhed for erhvervslivet."

Størstedelen af EU's medlemsstater stemte for Privacy Shield aftalen med USA som er blevet designet til at erstatte sin forgænger, Safe Harbor systemet, som EU's højesteret dømte "ugyldig" i oktober 2015 efter Edward Snowdens afsløringer om USA's masseovervågning.

"Dette [Privacy Shield] er grundlæggende forskelligt fra den gamle Safe Harbour: Den pålægger klare forpligtigelser på firmaer som håndterer data og sikrer, at disse regler følges i praksis", sagde Ansip og Jourova. Imidlertid undlod adskillige lande, heriblandt Østrig, Slovenien, Bulgarien og Kroatien sig fra at stemme som følge af bekymringer over sikringen af private data. Den nyligt vedtagne aftale vil træde i kraft fra tirsdag den 12. juli.

Aftalen, som siges at være målrettet til at beskytte Europæiske borgeres private data, definerer regler for, hvordan delingen af private data skal håndteres. Den giver retsligt grundlag for hvordan teknologiske firmaer som Google, Facebook og MasterCard kan flytte Europæernes personlige data til amerikanske servere og derigennem omgå EU's forbud mod at flytte personlig information ud af den 28 lande store blok. Aftalen dækker alt fra private data om ansatte til detaljerede optegnelser over, hvad folk foretager sig online.


Kommentar: Delvist oversat af Sott.net fra EU agrees to 'renewed' data transfer deal, move Europeans' private info to US servers


"For the first time, the US has given the EU written assurance that the access of public authorities for law enforcement and national security will be subject to clear limitations, safeguards and oversight mechanisms and has ruled out indiscriminate mass surveillance of European citizens' data," the statement said.

The Privacy Shield was first introduced and agreed upon in February, but its implementation was then delayed by European data protection regulators. They demanded more "security guarantees" while expressing concerns over "the possibility that is left in the Shield for bulk collection which if massive and indiscriminate is not acceptable."

The new deal now grants greater guarantees to European customers and provides "accessible and affordable redress mechanisms" in case any disputes concerning US spying arise. An ombudsman will also be created within the US State Department to review complaints filed by EU citizens.

Major US and UK tech companies applauded the agreement. Among those supporting the move was Industry group DIGITALEUROPE which represents Apple, Google and IBM. "Our members are ready to implement the new framework and meet the compliance challenge that the strengthened provisions demand from companies," said John Higgins, director general of the group. TechUK, which represents 900 firms in the UK called Privacy Shield a "restoring a stable legal footing".

"The coming months will see much discussion on future options for the UK's data environment in a post-Brexit world, today's agreement underlines the importance of data flows to transatlantic trade," said Charlotte Holloway, the group's associate director of policy.

Privacy Shield, however, has also faced sharp criticism. Concerns about extensive US spying activity were raised in Europe after whistleblower Edward Snowden released a trove of controversial material on Washington's surveillance practices.

Digital rights group Privacy International (PI) said the newly-adopted pact had been drawn up on a "flawed premise" and "remains full of holes and hence offers limited protection to personal data".