Earlier this year, the EU-US Privacy Shield was enacted in place of the long-standing Safe Harbour agreement, which was challenged and struck down on the basis of intrusive US surveillance. Though the new treaty was an overall improvement, it didn’t come without its own set of weaknesses. That said, EU governments committed to watching the agreement for a full year before challenging it.
EU – US Privacy Shield
The Privacy Shield is the latest attempt to bridge the legal regimes of the United States and the European Union. The new data transfer deal established a framework for easy migration of personal data to home soil by American corporations and organizations, while at the same time ensuring that the integrity of the data is maintained – a point that has stemmed much skepticism and criticism.
To date, several hundred companies adopted the new agreement, including a number of tech giants like Facebook, Google, and Microsoft. Though international businesses have generally welcomed and embraced the new deal, critics remain wary of its scope and the potential for misuse.
While the EU agreed to test the Privacy Shield, it was widely expected that a third party would attempt to challenge the agreement in the interim. As of today, just a little over two months after coming into effect, the shield has officially received its first legal challenge.
A small Irish privacy advocacy group – Digital Rights Ireland, filed a case with the second-highest EU court – arguing that the agreement “doesn’t contain adequate privacy protections,” and that European data is not secure on American servers under the European Convention on Human Rights and other EU safeguards.
As of now, all we know is that the legal battle was initiated on September 16, under case number T-670/16. According to the documents published by Curia, the case is currently an “action for annulment.”
Though a legal challenge has been initiated, it will take at least a year (likely longer) for the ruling to come to light – assuming the case isn’t declared inadmissible before then. In the meantime, it’s hard to say what will come of it. The European Commission will not make a comment on any ongoing case, and so far, Digital Rights Ireland remained rather quiet.
That being said, the Irish advocacy group has quite a bit of experience when it comes to fighting legal battles dealing with privacy protections. The organization had quite a bit of success getting in front of higher courts and even managed to win a number of similar cases in the past – including one against the EU data retention directive that was struck down in 2014 as a result of their work.
Regardless of what the ruling may hold, the challenge by Digital Rights Ireland is just the beginning. The Privacy Shield has no shortage of critics, so it’s more than likely that other third parties will follow suit and file their own cases against the agreement in the coming months.
Until then, the data continues to flow across the Atlantic, and there isn’t much you can do with regards to how and where it’s being stored. It’s also unclear whether or not US spy agencies are able to easily access the incoming data, so in order to best maintain your personal privacy, you can, short of boycotting the internet altogether, focus on building safer browsing habits.
As always – the easiest and most effective first step is to implement the use of a VPN in your day to day. There are plenty of providers to choose from, and most of the big players will offer the same level of encryption. If you’re not sure where to start, check out one of Chris’ in-depth articles on the topic, or our VPN Comparison Guide.