Before we start disassembling that headline, let’s do a little bit of review.
Privacy Shield was introduced earlier this year as a replacement for the recently struck down International Safe Harbour Privacy Principles which were in place for more than 15 years. The new agreement is somewhat similar, at least in the sense that it allows American companies to transfer private data out of the EU and into the US.
Those that’ve kept up with the developments surrounding Safe Harbour will likely remember its controversial end. About a year ago, the European Court of Justice ruled to abolish the treaty as a direct result of legal action against Facebook.
The lawsuit, filed by Max Schrems, an Austrian law student, called out the social network for breaching EU law, by not protecting Europeans’ data to adequate standards. Amid the Snowden scandal and the disclosures of NSA’s surveillance programs like PRISM, Schrems managed to make enough noise to get the lawsuit into Europe’s highest court.
Needless to say, Safe Harbour was eventually scrapped and several of Silicon Valley’s biggest players, including Google and Microsoft, had to make some changes in order to continue their operations. The response from western tech giants was mainly to play it cool, and a number of corporations along the likes of Microsoft quickly submitted to the ruling, while claiming that it had little to no impact on their consumer services.
Interestingly enough, they were also among the first to sign up for the new data treaty once Privacy Shield came into effect back in August. To date, several hundred companies have adopted the new agreement, and Facebook is among the latest to join the party.
Yesterday, The Telegraph broke the news regarding Facebook’s adoption of the Privacy Shield, and the social media giant was quick to confirm their enrollment:
We have signed up two important parts of our business to the EU-US Privacy Shield Framework – Facebook at Work and our relevant Ads and Measurement services.
Though the story broke just last night, it’s been more than two weeks since Facebook quietly signed up for the treaty. In Facebook’s public comment to The Telegraph, their spokesperson made a point to clarify which aspects of the social network the Privacy Shield will apply to. Apparently, the agreement will be applied to just two factions of the social media empire – Facebook at Work (the company’s new service for businesses), and certain advertising data.
Although the EU-US Privacy Shield was designed to protect the digital rights and the privacy of European Union citizens, Facebook’s adoption of the treaty will likely add more fuel to the privacy fire, and also contribute to further scrutiny of the new treaty.
That being said, Facebook’s biggest critic – Max Schrems, doesn’t seem too concerned. The lawyer responsible for the abolishment of the last EU-US data treaty, says that Privacy Shield is also going to be thrown out on the same grounds as Safe Harbour was a year ago.
In a recent interview he also suggested that the social media giant had purposely limited the scope of the treaty’s application – likely playing it safe as not to “affect a renewed challenge in the Irish courts.”
While Schrems may be right about us not knowing Facebook’s true motivation for limiting the scope of Privacy Shield’s application, there’s not much we can do other than speculate.
The social network may either try to quietly enroll other aspects of its operations in the agreement as time goes on, or they may choose to leave it as is. But regardless of how the company chooses to proceed, the fact remains – Facebook will still be able to move your data across the Atlantic, if not through the Privacy Shield then under secondary legal measures.