The US «culture of surveillance» received a major EU push back today, with the European Court of Justice ruling against the legitimacy of the EU’s Standard Contractual Clauses as a way of transferring data to legal regimes outside of the Union. As we wrote 2 years ago, the Austrian Max Schrems, responsible for the previous dismissal of the ‘Safe Harbour’ agreement between the US and EU, stated that its successor «Privacy Shield goes down as soon as EU Courts deliberate». It seems he was right.
Schrems’ concern is that Section 702 of the US Foreign Intelligence Surveillance Act (FISA), permits the National Security Agency to collect foreign intelligence belonging to non-Americans located outside the US, by way of obtaining their data stored with electronic communications services providers, such as Facebook.
Today, the CJEU Judgement invalidates «Privacy Shield» in a US Surveillance case. The first statement from Max Schrems’ NOYB organization on the CJEU ruling can be read here.
Their statement notes that the EU Commission gave in to US pressure, not undertaking a deep assessment of US surveillance laws but quickly passing Privacy Shield to protect the business of US businesses to the detriment of the privacy and security of EU citizens. Quoting Herwig Hofmann, law professor at the University of Luxembourg and one of the lawyers arguing the Schrems cases before the CJEU:
The CJEU has invalidated the second Commission decision violating EU fundamental data protection rights. There can be no transfer of data to a country with forms of mass surveillance. As long as US-law gives its government the powers to vacuum-up EU data transiting to the US, such instruments will be invalidated again and again. The Commission’s acceptance of US surveillance laws in the Privacy Shield decision left them without defence.
US cloud firms like Microsoft are already regularly shown to flaunt European privacy laws, as was shown again recently in an extensive Data Protection Impact Assessment of Office 365 by the Dutch government exposing dozens of GDPR violations.
With this latest ruling, the ECJ puts another major roadblock in the way of US cloud services, challenging the basic premise that they are a viable solution for use with any privacy-sensitive data. Businesses, schools and government organizations putting data from their employees, customers, students and citizens on Office 365, Google G Suite or one of the dozens of other US-based SaaS services now risk massive fines under the GDPR.
DPIA commisioned by the Dutch government mid 2020 shows a series of issues in Office 365
Retoma el control de tu tiempo con Hub 8: mejoras en todo Hub, nuevas aplicaciones, nuevas funciones de IA, nuevo nivel de rendimiento y comodidad. Descubre la nueva generación de colaboración.
The Nextcloud Conference is not your average event - it's a community meetup that brings together Nextcloud enthusiasts, contributors, developers, users and industry experts from all over the world.
Minor Nextcloud updates are released, carrying multiple stability and security improvements. As always, the upgrade process is designed to be safe and quick
Guardamos algunas cookies para contar los visitantes y facilitar el uso del sitio. Esto no sale de nuestro servidor y no es para rastrearte personalmente. Consulta nuestra política de privacidad para obtener más información. Personalización
Las cookies estadísticas recopilan información de forma anónima y nos ayudan a comprender cómo utilizan nuestro sitio web nuestros visitantes. Utilizamos Matomo en nuestras instalaciones
Matomo
_pk_ses*: Cuenta la primera visita del usuario
_pk_id*: Ayuda a no contar dos veces las visitas.