Posted in Transborder Data Flows

Opinion

Getting Practical and Thinking Ahead: “Interoperability” Is Gaining Momentum

In a world of disparate privacy regimes, pragmatic privacy professionals, experts and regulators have in recent years championed “interoperability” as the way forward for providing consistent privacy protections for global data flows. Of course, many in the privacy and data protection community continue to pursue the ideal of a global privacy standard and have made various recommendations to that effect over the years. Witness the recent “Resolution on anchoring data protection and the protection of privacy in international law” adopted by the International Conference of Data Protection and Privacy Commissioners in Warsaw, Poland, last September.

More from Markus Heyder

Opinion

How Will Obama’s NSA Plans Impact European Data Protection Requirements?

By Eduardo Ustaran, CIPP/E

The recently revealed plans by President Barack Obama to reform the way in which the U.S. intelligence services gather and use data throughout the world have had a lukewarm reception by European politicians. The rhetoric by members of the European Parliament in particular suggests that Obama’s proposed reforms stopped short of what would have been comforting enough for them. Such reforms are a work in progress that will extend over months and years, but Obama’s stance is bound to have a very direct effect on existing and forthcoming EU data protection requirements.

More from Eduardo Ustaran

Opinion

The Questionable Legality and Practicality of the EU’s Proposed “Anti-FISA” Clause

As it has been noted on these pages one of the tangible results of the Snowden revelations has been the (re)introduction of a provision in the EU’s proposed General Data Protection Regulation aiming to limit and control the transfer of personal data to authorities in third countries, the main concern motivating this initiative clearly being concerns regarding the transfer of personal data to U.S. intelligence and law enforcement authorities.

Originally, the European Commission had intended for such a provision to be included in Article 42 of the data protection reform proposal tabled in January 2012, but—if one chooses to believe the many press reports one the matter—due to intense lobbying pressure from the U.S. government, the provision was removed. That is, of course, not the full picture.

Opinion

The Plain Truth About Safe Harbor

By Eduardo Ustaran, CIPP/E
The European Commission

The stance adopted by the European Commission in the report on the functioning of Safe Harbor published today was probably one of the worst kept secrets of the privacy world. It was patently obvious to anyone close enough to the controversy around the ability of Safe Harbor to live up to the expectations of EU policy makers and regulators that the Commission would be critical about it but would stop short of delivering a fatal blow to the scheme.

More from Eduardo Ustaran

Opinion

Has the LIBE Committee Torpedoed the Safe Harbor?

The committee of the European Parliament charged with shepherding the proposed EU Data Protection Regulation—the LIBE Committee—finally has reported out an amended version of the Regulation. And despite the fact that a Commission-initiated review of the EU-U.S. Safe Harbor is pending, it appears the LIBE Committee effectively has called for the end of the Safe Harbor.

More from Christopher Wolf

Opinion

Galileo’s Problem and How Legislation Won’t Stop the Orbit of Technology

Like the Catholic Church’s Congregation of the Index of 1616, which outlawed the movement of the Earth around the sun, so too will the European Parliament restrict transborder data flows by legislative fiat this week.

Of course, the flow of data across borders will not cease or even diminish. Individuals will continue to carry iPhones on cross-Atlantic flights, “transferring data” (whatever that means) about their employers’ customers to “non-adequate” countries; and European individuals and businesses will access non-EU based websites and services, including banking, telecom, retail and cloud. Lawyers will be paid to produce paperwork, which bureaucrats will read; businesses continue to operate as before.

As Galileo said, “And yet it moves”.

More from Omer Tene

Opinion

The Impact of PRISM on International Data Flows

By Eduardo Ustaran, CIPP/E

An exasperatingly awkward challenge affecting the current data globalisation process is the prohibition on exports of data that is present in a number of the world’s data privacy laws.  This is something that European organisations have had to live with since the mid-90s, and frustratingly, the trend is being extended to other jurisdictions. Disregarding the reality of Internet and mobile communications, some policy-makers and regulators insist on building some sort of physical or at least digital fortress around the data within their jurisdiction with the aim of preventing unwanted interferences. In the most extreme cases, international data flows are only allowed under the express authorisation of a national regulator that will seek to scrutinise the safeguards in place to the finest detail.

More from Eduardo Ustaran

From the Toolbelt

The ABCs of BCRs

By K Royal, CIPP/US, CIPP/E

Prior to commencing my employment in 2012, my employer decided to enhance their data protection program with the EU-U.S. Safe Harbor certification, but then the European Commission published new privacy reforms. Upon hire, my primary directive was to decide between Safe Harbor and Binding Corporate Rules (BCRs).

More from K Royal