A new deal reached between the United States and European Union Tuesday would allow American companies like Facebook to continuing collecting personal data from people who live across the Atlantic.
While this might make business easier for corporations, experts are worried that without reform of surveillance laws in the United States, the new arrangement — known as the EU-U.S. Privacy Shield — could still leave people vulnerable to the prying eyes of the American government.
“While the agreement should provide some increased privacy protections for the personal data of EU citizens, ultimately without reform of U.S. surveillance law, Privacy Shield will not be enough,” Jens-Henrik Jeppesen, the director for European affairs at the nonprofit Center for Democracy & Technology, told The Huffington Post in an email.
The deal is supposed to prevent “indiscriminate mass surveillance” of the data transferred to the U.S. from Europe. In other words, a European citizen using Facebook in Germany should feel confident that the U.S. government won’t be able to access their photos and posts.
European citizens didn’t have that confidence until last fall, when the EU struck down the “Safe Harbor” agreement. The terms of Safe Harbor allowed the free exchange of data between the U.S. and Europe, which the EU ultimately wasn’t cool with. The whole kerfuffle started because an Austrian citizen named Maximilian Schrems sued Facebook for holding on to his data in the U.S. even after he’d deleted it in his home country — which in turn meant it could be accessed by U.S. public authorities.
If your head is spinning, you’re not alone. This exchange of data is a complicated mess in part because the policies governing the old Safe Harbor agreement originated in the 1990s, before the Internet was a) in everyone’s pocket and b) full of multinational companies trying to make money off your status updates and photo uploads. Schrems essentially helped officials realize how much the world had changed.
In theory, the Privacy Shield agreement should protect European citizens from having their data picked apart by government agencies across the Atlantic. But there’s concern that the pact won’t be upheld without an actual overhaul of U.S. surveillance law.
“Both the U.S. Congress and EU Member States should act quickly to reform their surveillance laws and practices to be more aligned with international human rights norms,” Jeppesen told HuffPost.
He wasn’t alone in expressing skepticism. Edward Snowden, the famous whistleblower behind the 2013 National Security Agency leaks, blasted the move on Twitter.
— Edward Snowden (@Snowden) February 2, 2016
The Privacy Shield agreement rests on “written assurances” about surveillance given to Europe by the U.S. There’s a new “joint review” process to help ensure that everything’s aboveboard. European citizens will be able to file formal complains, and there will be a “new ombudsperson” to manage it all.
You’d think privacy advocates would be elated, but it’s unclear what any of this will mean in practice, as U.S. law still allows the surveillance of foreigners.
Given that, you can probably expect the deal to be challenged, if not rejected altogether.