For the third time in seven years, Washington and Brussels have shaken hands on a deal to keep customer data flowing—and to keep a certain American social network afloat—across the Atlantic.
新的跨大西洋数据隐私框架的eu。规定在欧洲,寻求反对美国情报收集过度的补救的人可能会或可能无法在法院的审查中幸存下来。但是关于这种安排的很多事情似乎很清楚:美国对隐私的无所作为使E.U.优先考虑先例。美国人仍在获得隐私升级(例如,在情报机构搜索海外通信的搜索中无意中扫除数据的几率较低的几率),但是任何手写的感谢卡都需要以国际邮寄方式发送。
The U.S. and the E.U. inked the deal, announced Fridayby the White House和the European Commission, to solve a problem that’s been festering for U.S. firms—Facebook foremost—since Edward Snowden揭示了国家安全局的9/11后大量通信数据.
扫描在线监视计划的那些披露导致奥地利隐私活动家Maximillian Schrems向监管机构提出投诉,称国际“安全港”数据传输政策使他的Facebook数据与NSA有关,但没有足够的追索权。在多次上诉之后,欧盟法院同意,破碎的安全港2015年10月ruling.
The U.S. and the E.U. tried again witha 2016 arrangement called Privacy Shield- 但施雷姆斯(Schrems)再次起诉并赢得了胜利裁决于2020年7月这项较新的交易仍然无法为欧洲人的数据提供足够的保护。
那“Schrems II”续集西装现在已经产生了周五宣布的框架。一种White House outline分解主要规定:
- U.S. intelligence agencies may only collect signals intelligence when “legitimate national security objectives” require it, may not “disproportionately” hurt privacy and civil rights in the process, and must upgrade its oversight of these stronger standards.
- If E.U. individuals find their data has been collected, a new Data Protection Review Court comprised of people outside the U.S. government can hear their appeal and direct remedial action.
- 公司将继续遵守隐私盾牌规则,要求他们证明其对商务部的遵守情况,并在联邦贸易委员会的执法委员会中签署。
The immediate effect here should be to fill the regulatory void that led to Meta warning in a2月3日申请that without a replacement data-transfer agreement, it would have to yank Facebook and Instagram from Europe.
“It feels to me like privacy professionals have been holding their breath for a year and a half,” says Caitlin Fennessy, vice president and chief knowledge officer at theInternational Association of Privacy Professionals,一个非营利性的隐私。
去年10月,国际隐私专业人员协会发现,对其调查的回应中有10%的成员表示,他们的公司停止了数据传输,该公司停放了欧盟。欧洲服务器上的用户数据,或从欧盟提取服务由于Schrems II诉讼。
But the announced framework is not a full set of rules—and the E.U. court might still find the finished product doesn’t offer enough safety for E.U. citizens against the curiosity of the U.S. intelligence community.
Schrems现在必须成为Facebook最不喜欢的欧洲用户,他说a statement Fridaythat he or like-minded activists “will likely challenge” the framework in court; Monday, E.U. competition commissioner Margrethe Vestagertold Reuters她还看到了另一项法庭考试。
The framework’s data-protection court for Europeans looks to be its biggest and trickiest change.
“The idea that a country would offer such a mechanism for people outside their country to seek redress is significant,” says Amie Stepanovich, vice president of U.S. policy at theFuture of Privacy Forum. “However, challenging U.S. government surveillance activity has proven difficult even by U.S. citizens even in our established courts.”
朱利安·桑切斯(Julian Sanchez),高级研究员Cato Institute, wrote in an email that if this new court is sufficiently empowered to pass E.U. court scrutiny, it would invite a politically-awkward reaction along the lines of “Hey, wait a minute, E.U. citizens now have a more practically effective means of getting FISA [外国情报监视法] grievances addressed than Americans do.”
同时,由于这个框架遏制了欧洲的NSA数据收集,美国人仍然应该获得一些隐私,这通常会铲起有关美国人的数据。桑切斯写道:“实际上,减少欧洲人广泛收藏的任何事情都将减少与美国国家安全局数据库中遇到的美国人的“偶然收集”信息的数量。”
由于在隐私保护下,美国客户也可能会受益于FTC惩罚不受自称隐私承诺的公司的能力。
“When the Federal Trade Commission brings a privacy case against a U.S. company, they often use Privacy Shield commitments as a hook,” Fennessy says. For example, that regulator has used that hook in recent cases againstCafePress,NTT全球数据中心Americas Inc., 和Flo Health.
Meanwhile, even as negotiators on opposite sides of the Atlantic have crafted three different privacy agreements in seven years, elected representatives in Washington have然而,同时通过了任何全面的隐私立法.
在这里和其他情况下,例如EU’s General Data Protection Regulation,这导致美国格雷格·诺耶姆(Greg Nojeim)的政策外包,Center for Democracy & Technology该非营利组织的安全和监视项目的代言指导说:“许多公司将简单地将其在国外压力下采用的更改应用于所有用户。”
那’s not necessarily bad, but it is weird, and privacy advocates still hope that developments overseas andstates here passing their own privacy lawswill coax Congress to act.
“I do think it’s coming,” says Stepanovich. “I don’t think that this is something that is going to be several years.”
那将是一个受欢迎的发展。但这并不是我写的第一个有关隐私政策未来的乐观报价的第一个隐私政策。