The European Commission was able to find an agreement in time to fill the legal vacuum created by the cancellation of the Safe Harbor. At stake is maintaining the ability for US companies to manage and exploit the personal data of EU citizens. But the text itself has not been disclosed to the public, nor even presented to the guarantors of the respect of the private life … A lack of transparency which arouses already much skepticism.
The European Commission announced on February 2 have reached an agreement with the government of the United States to manage the exchange of personal data after the invalidation of the previous agreement, Safe Harbor, by the Court of Justice of the European Union in October . The key is the possibility for US providers ( Google , Facebook , Amazon , Microsoft …) to continue to support personal data from the European Union.
BEAUTIFUL PROMISES …
Called the “EU-US Privacy Shield”, this new agreement must tighten the regulatory framework for US companies when they import data from European citizens to the United States. The Department of Commerce and the Federal Trade Commission (in charge of consumer law and business practices in the United States) will guarantee the commitments of these companies.
In particular, they committed to increased transparency (with an annual joint EU-US audit leading to a report) and to establishing clear limits on access to these data by US government agencies (such as the NSA or the US). FBI). European citizens will also be able to assert their rights by filing a complaint with either the companies themselves or responsible national bodies (such as CNIL). Finally, an Ombudsman will act as a mediator for complaints and other requests.
… BUT NOTHING IS DONE
If the agreement was welcomed by the European CNIL because it has met the deadline imposed, its adoption is far from done, and its legality is not guaranteed. The text has not been made public, and the only known details are those contained in the press release of the European Commission. The Commission has appointed two members of its college, Andrus Ansip and Vera Jourovà, to take care of its establishment over the next three months. It will then be submitted to the Commission as a whole, then presented to the G29, the consolidation of all the European CNILs, and finally proposed to the United States Government.
Beyond the vagueness that reigns over the details, it is worth remembering that the Safe Harbor (“safe haven”), agreement passed in 2000, was very similar to this new “shield”. It was already an agreement between the Commission and the Department of Commerce, which was based here on a principle of self-regulation and voluntary declaration on the part of the companies concerned, and subject to American law. It remains to be seen how the Privacy Shield will differ from its predecessor in practice, and whether these distinctions will be sufficient to ensure legality in the European Court of Justice.
No “sovereign” public cloud in Europe?
Nice success for Numergy. The CTA consortium, led by the SFR subsidiary , won the European Commission’s call for tenders for the provision of cloud computing services. In addition to Numergy, it includes three European providers of on-demand computing: Portugal Telecom Portuguese, Gigas Spanish and Italian Enter. The contract, signed in November 2015, is just starting to deliver online processing, storage and network services to 56 European entities.