In the latest decision in a long-running campaign by European privacy advocates, the European Court of Justice in Luxembourg ruled that an agreement, known as Privacy Shield, does not comply with EU protections around personal data.
Privacy Shield isn’t an app or a server. It’s a set of legal rules for moving information between the EU and the U.S. It is relied on by thousands of companies to move digital information seamlessly. The dispute over whether the U.S. would protect European data goes back to 2013, when Edward Snowden’s leaks exposed how American government surveillance programs were collecting information from private businesses. I spoke with Adam Satariano, a European technology correspondent at The New York Times. He says it’s hard to tell exactly what happens next. The following is an edited transcript of our conversation.
Adam Satariano: It creates a lot of uncertainty for thousands of businesses. It’s unlikely that there’s going to be any big breakdown in internet service, or that companies are going to suddenly face some really drastic consequences. But it creates a lot of legal uncertainty and a lot of business opportunities for lawyers, because they now have to come up with a new legal mechanism for sending data back and forth between the EU and the United States.
Jack Stewart: Does this fit with Europe’s previous stances with data privacy, which it does take very seriously, or is this a separate issue?
Satariano: The core elements of this are an important one, which is that Europeans view data privacy as a fundamental human right. They have recently, back in 2018, passed another law called the General Data Protection Regulation, which enshrined a lot of other privacy rights and that served as a model for laws passed in California, for instance. This just fits within that tradition in which the Europeans hold privacy very dearly, and often that can conflict with some American intelligence programs and the way that some American intelligence laws are written.
Stewart: So, who really wins here?
Satariano: The lawyers are definitely one of the big winners in this. There are scores of companies [that] closed down their office and were complying with the law, and they woke up and they’re no longer complying with the law. So they need to come up with a new way of sending data back and forth between the United States and Europe. There is talk of providing a grace period. There’s another question of how tightly this will be enforced, particularly because of the difficult position it puts in lots of businesses. There’s a lot of uncertainty and some scrambling going on within businesses big, small and everywhere in between.
Stewart: How have tech companies responded to this?
Satariano: They were disappointed that Privacy Shield was invalidated because it’s something that they use. But they were happy to see that some of these alternative contracts were allowed, because many of the companies use those. Big tech companies have big legal departments and have resources that they can throw at the problem, but there are lots of other companies who potentially don’t. Privacy Shield, for instance, has more than 5,000 companies who are signed up to use that legal mechanism to transfer the data. And if you scroll through the list of companies, many of them are ones you never heard of. They’re small to medium-sized businesses.
Related links: More insight from Jack Stewart
Microsoft was one of several tech companies to respond. It posted a letter from Julie Brill, who has the great title of “corporate vice president for global privacy and regulatory affairs and chief privacy officer.” She explains that Microsoft has used overlapping legal protections for years, both Privacy Shield and one of the alternatives, called Standard Contractual Clauses. The company says it’ll work with EU and U.S. regulators to address the issues raised by the ruling.
Just as the EU says it’s not satisfied that data is safe from surveillance by the U.S. government, the U.S. is stepping up its complaints against China’s state surveillance. U.S. Atty. Gen. William Barr on Thursday accused big tech companies of collaborating with China. In a speech, he called out Apple for removing apps at the request of the Chinese government and for transferring some of its data to servers based in the country. Barr suggested that Apple iPhones “wouldn’t be sold [in China] if they were impervious to penetration by Chinese authorities.” He added that Hollywood has routinely caved into pressure and censored their films “to appease the Chinese Communist Party.”
Another target of the U.S. government, Huawei, was banned this week from the U.K.’s 5G network buildout. The U.S. has long said that Huawei’s equipment can be used by Beijing for espionage. The U.S. imposed sanctions on the firm in May, disrupting its supply chain, which led to the U.K.’s decision to not use it — a decision that will apparently add $2 billion to the cost of the U.K.’s new network and delay the 5G rollout by at least two years.
The future of this podcast starts with you.
Every day, Molly Wood and the “Tech” team demystify the digital economy with stories that explore more than just “Big Tech.” We’re committed to covering topics that matter to you and the world around us, diving deep into how technology intersects with climate change, inequity, and disinformation.
As part of a nonprofit newsroom, we’re counting on listeners like you to keep this public service paywall-free and available to all.