So is this the big one? After years of courts cases and appeals and treaties and Austrian campaigners, are we finally on the brink of digital war between the EU and the US?
Everyone agrees that the Irish data protection commissioner’s preliminary order to Facebook to stop transferring EU citizen data to the US brings us a much bigger step closer to it. More importantly, we can now see an imminent situation where you can’t legally use your cloud provider or video conference services.
We’re not there yet. As I write, you can still upload images to US services and host your small business with an American cloud provider.
But make no mistake we’re closer to a major, fundamental breakdown in how the internet works – and who’s allowed to send what to who – than we’ve ever been.
And by ‘internet’, I mean some of the normal services used every day, like social media or online shopping.
For those who haven’t been following why this has come about, here’s a quick recap of where we are.
Since the US was caught tapping into services like Facebook, Gmail and other services we all use in the 2013 Edward Snowden scandal, EU courts have increasingly warned the US is no longer a trustworthy country for data privacy.
The US refuses to change its surveillance laws, citing “proportionate” security concerns.
So the EU responded this summer, with its highest court – under which we’re all bound – striking down the main transatlantic agreement underpinning legal data transfers. Furthermore, it told national data regulators they had to start taking action to tighten up on transatlantic data transfers.
So it’s in that context that Helen Dixon has just informed Facebook it can no longer send personal data across the Atlantic as it has been doing with what are called standard contractual clauses.
Most of the industry relies on these clauses, too.
For Ireland, the stakes are pretty high. As well as being the seminal regulatory presence involved in all of this, quite a few of the companies at stake have large, important industrial bases here.
So now we’re coming to a genuine crunch. Either the US changes its surveillance laws – and somehow convinces we Europeans that it’s serious about it this time – or EU law will stop large chunks of personal data being directly transferred there.
And it will do it through European regulators such as Helen Dixon.
We’re talking about Amazon, Google, Facebook, Microsoft and lots more. Think of almost any digital or online service you use and it’s probably intertwined.
“Yes, but we’ve heard all of this before,” you might respond. “We always manage to come up with some new treaty or legal way around it.”
We did try to come up with a “good faith” arrangement which the US called “Privacy Shield”. But that was a failure as the Americans didn’t take it seriously. That’s the one the European Court of Justice just struck down.
Unfortunately, we may now have come to the end of our ability to fudge the core issue. Will we accept occasional US surveillance of our communications? If not, will the US formally agree to stop doing that?
Right now, it looks overwhelmingly like the answer to both questions is no. So this time it may be for real – we may be facing a serious disruption sooner rather than later. It may soon be illegal for large numbers of organisations to send data transfers to the US.
Is it possible that it is merely some technical challenge that can be sorted by clever engineers in the tech companies? Might it be dealt with using European data centres or the determination to somehow contain the “processing” of EU citizens’ data in European servers?
But there’s no early suggestion from the likes of Facebook, Google and Microsoft this is easily done, let alone the tens of thousands of other European online companies (or millions of European customers of US online companies).
It’s possible, though, some flavour of this is what we’ll eventually see offered as a solution to the problem. If legal precedent is anything to go by, it can take years to properly parse a claimed technical setup when it comes to regulators, injunctions, local cases and European appeals.
Whatever the proposed fix, the issue is likely to inflame cross-Atlantic tensions with just two months left until the US presidential election, already one of the most divisive in recent history.
But there seems no escape. We’ve danced around the core issue for years, hoping it would somehow be smoothed away with diplomacy or clever treaties. But that has now failed. The US and the EU do not agree on what a reasonable level of internet surveillance is.
And we have now run out of ways to square what seems to be an impossible legal circle.
Article Source: Click Here