In a Dutch interview, Max Schrems, the Austrian lawyer who successfully sued Facebook and got the Safe Harbour agreement between US and Europe thrown out, said he is convinced Privacy Shield will “encounter the same fate.”
The successor does not change that the standards of the European Court are very high while the protection standards in the US are low
according to Schrems. He sees is a fundamental clash between European privacy protection and US surveillance legislation.
We reported earlier on the legal issues of Privacy Shield due to the upcoming EU General Data Protection Regulation. Privacy Shield allows the transfer of personal data from EU citizens to the US by allowing companies to self-certify. It assumes that the US private data protection regime is roughly similar to that in Europe. This assumption is hardly realistic, which is what Schrems alluded to when talking about European privacy protection and US surveillance legislation.
Foto by Manfred Werner, CC BY-SA 3.0
It is unclear when Privacy Shield will end up at the European Court of Justice. Two lawsuits by the Irish Digital Rights Ireland and the French La Quadrature du Net are expected to be deflected for procedural reasons, but these and other organizations will try again. The GDPR will vastly expand the abilities for third parties to sue companies and government for privacy violations, something Schrems is interested in exploiting.
“It is an organization that primarily focuses on enforcing European privacy regulations,” he explains in the interview. The upcoming General Data Protection Regulation must serve as a ‘weapon’. Schrems: “The regulation offers various interesting options for dealing with privacy violators, for example, it is possible to receive cash compensation for a data breach.” If enough people are affected, the amounts can quickly increase. That should lead companies to take the new rules seriously. “Until now, due to the lack of enforcement for companies, it was an economic decision to not comply with the rules. This will change.”
To get the organization of the ground, a crowdfunding campaign aims to collect a minimum of 250K euros, with a month to go. Starting May of this year, Schrems sees a huge opportunity for lawsuits to force companies into compliance. One could simply buy any product or service from a business that isn’t in compliance to get started. “If they do not comply with the new rules when you buy them you can basically start a case that same day. There is a lot of low-hanging fruit from May on, so lawsuits have to be filed and won.”
Will your company be sued?
With noyb and other organizations stepping up to protect the privacy of EU citizens, businesses should think about their handling of data. Storing them in a US based public cloud is an obvious mistake but there are much more intricacies and challenges we touched on earlier in an article about GDPR compliance. It is recommended reading.
Today, US-based file sync & share vendor Kiteworks announced their acquisition of ownCloud and Dracoon. Kiteworks points out that their customers now have access to their file-sharing application. It is to be expected they will not maintain 3 similar products, but customers will have to migrate to the US firms’ platform or look for another […]
As part of Schleswig-Holstein's state digitization strategy, the state chancellery has announced they will work with Nextcloud to develop AI for working with government documents. This comes just after we announced the first private AI assistant last weekend with Hub 6. The German state already uses Nextcloud and their AI strategy aligns with our work on ethical, local AI technologies.
Over the last year, AI has become a popular topic. Some is hype, some is substance. Some is good, some is bad. We want to give you the good, not the bad, and ignore the hype! AI has a ton of opportunity – but also risk. So we put you in control – off by […]