Anti-F.I.S.A.-Klausel

Anti-Foreign Intelligence Surveillance Act clause.

E.U. justice commissioner Viviane Reding has had trouble passing her data protection reform. Years of debates, thousands of amendment proposals, successful lobbying by U.S. companies and successful pressure from U.S. governments. But now everyone’s mad.

On 21 Oct 2013 the European Parliament passed data protection reforms. They updated 18-year-old rules that were obsolete and also loose enough to let the lawscape vary from country to country, enabling internet companies such as Facebook to shop for Member States with laxer data protection laws such as Ireland.

The so-called “anti-F.I.S.A. clause,” which regulates sharing of E.U. burgher data with so-called third-party countries, had actually been politely deleted in response to pressure from the U.S. government and lobbying from large U.S. companies, according to a June 2013 Spiegel.de article. Because everyone’s mad, the responsible “Libe” civil liberties committee put the anti-F.I.S.A. clause back into the proposed reform and it has now been passed by the European Parliament.

Spiegel.de summarized the key points:

  • Sanctions for violating European data protection rules have been “drastically” raised, to up to 5% of a company’s annual worldwide gross. Earlier this year Frau Reding had had to accept a compromise of a 2% maximum fine, but no more!
  • “Privacy by design,” which means, Spiegel.de wrote, “Companies must design their [websites] to be as [data-frugal] as possible, with the most data-protection-friendly default settings. They must also give their users the option of using their services anonymously and pseudonymously.”
  • “Explicit consent” by users to processing and sharing of their data. The explicit consent cannot be given in small print such as an end-user license agreement. Standardized easily recognized symbols must be included in the request for consent. Companies will not be allowed to create a user profile of users who forbid them to create one.
  • More guardians. Companies dealing with data from more than 5000 people will have to hire a data protection officer.
  • A European Union data protection council will be created to watch over these rights and abuses. To submit a complaint, burghers will only have to contact their country’s data protection office and will be able to submit complaints in their own language. The national data protection offices will escalate and forward.
  • The Libe committee was unable to get a majority vote in favor of the “right to be forgotten” this time, settling instead on a “deletion right” under which E.U. burghers will be able to force companies to tell them what data they have collected on them and then to delete it. The companies will not be responsible for ensuring that data do not appear anywhere else in the internet however, which is what a “right to be forgotten” would have meant. Spiegel.de said German data protection law is stronger here.

It’s not over yet. The European Parliament must now agree on a final version of the reform with all 28 countries in the E.U. Council and in the E.U. Commission. If the reform is not done and dusted before European Parliament elections in April 2014, it may be delayed for ridiculous lengths of time again.

(Auntie   FIE zah   cl OW! zell.)

Sicherer-Hafen-Abkommen

“Safe Harbor accord.”

After years of discussion, on 19 Jul 2013 E.U. ministers reached an agreement on reforming their outdated data protection principles at their Lithuania meeting, agreeing inter alia that any companies wishing to do business with one of the E.U.’s 500 million citizens will have to obey the E.U.’s privacy regulations or pay fines of “up to 2% of world income,” said justice commissioner Viviane Reding.

She called into question the E.U. and U.S.A.’s current pre-millennial “Safe Harbor” personal data transfer agreement, which companies join voluntarily and in which they verify their own compliance. About a thousand companies joined the agreement, including companies that shared customers’ personal data with the N.S.A. Commissioner Reding said the U.S.A.’s Patriot Act had annulled the Safe Harbor agreement anyway. “I have already told the parliament that if [the Safe Harbor agreement] is in fact what I think it is, namely a loophole, then we’re done with it.” She is counting on German and French support for the new data protection reforms.

Update on 27 Nov 2013: E.U. interior commissioner Cecilia Malmström (Swedish Liberal People’s Party, conservative-liberal, liberal with the non-U.S.A meaning of libertarianesque) announced the E.U. Commission was not going to change the toothless self-policing “Safe Harbor” data protection agreement for now. E.U. justice commissioner Viviane Reding (Luxemburger Christian Social People’s Party and European People’s Party, center and center-right) has given the U.S. a 13-point data protection homework assignment to implement by summer 2014, after which the Commission will re-examine torpedoing “Safe Harbor.”

(ZICHH ah ah   HAW fen   OB come en.)

Blog at WordPress.com.