European companies should stop sending data to the US, German privacy officials say

The exchange should stop because of NSA spying, privacy advocates said

The European Commission should suspend agreements that allow European companies to transfer personal data of European citizens to the U.S., the German Conference of Data Protection Commissioners has urged.

The Commission, meanwhile, is working on an assessment of the agreements that it will present before the end of the year.

Due to the mass surveillance of communications by the U.S. National Security Agency (NSA), U.S. companies can no longer fulfill European requirements for the exchange of personal data, said Germany's Conference of Data Protection Commissioners in a joint letter sent to German chancellor Angela Merkel that was published on Wednesday. The conference consists of the federal data protection commissioner and the data protection commissioners of the German states.

The European Commission's data protection directive prohibits the transfer of personal data to non-E.U. countries that do not meet E.U. standards for privacy protection. To allow exchange of personal data with U.S. organizations, the U.S. Department of Commerce and the European Commission developed a "Safe Harbor" framework, allowing E.U. companies to keep exchanging personal information within the bounds of the agreement.

Under the Safe Harbor conditions companies, for example, must show that they prevent penetration of their networks, Imke Sommer, the Bremen Commissioner for Data Protection and Freedom of Information said on Thursday. She added, however, that, "As we know by now there is no safe network, the NSA is watching."

Therefore, the German data protection authorities have asked the Commission to suspend the Safe Harbor agreements and review whether U.S. companies can still comply with them, she said. If the agreements are suspended, that would mean that no European company would be allowed to send personal data to the U.S., Sommer said.

"The Safe Harbor agreement may not be so safe after all," said Viviane Reding, vice president of the European Commission and the commissioner responsible for justice, fundamental rights and citizenship at the informal Justice Council in Vilnius last Friday. "U.S. data protection standards are lower than our European ones. I have informed ministers that the Commission is working on a solid assessment of the Safe Harbor Agreement which we will present before the end of the year."

The European Parliament and European industry have also been asking for a review, and the Commission will take note of the call from data protection and privacy advocates in Germany for an assessment, a Commission official said on Thursday.

Because German authorities have deemed the Safe Harbor principles violated, they have also urged companies in the country to stop the exchange of personal data with the U.S., Sommer said. If the companies are unable to prove that the data of German citizens sent to the U.S. is safe, the authorities can order them to stop sending data to the U.S., she said.

"All European data protection authorities can start doing this," Sommer added.

However, not all data protection authorities agree with the German authorities.

The Irish Office of the Data Protection Commissioner (ODPC) said on Tuesday that the exchange of personal data of Irish subsidiaries of Facebook and Apple with the U.S. is in line with Safe Harbor principles, according to documents published by the Austrian student group Europe-v-Facebook on Thursday.

In late June, student group Europe-v-Facebook filed a barrage of complaints against European subsidiaries of major technology companies, claiming their data collection runs afoul of European privacy laws. The complaints were filed in Ireland against Facebook and Apple, in Luxembourg against Skype and Microsoft, and in Germany against Yahoo.

The group said that companies such as Facebook Ireland should not be allowed to export Europeans' data to the U.S. if the data is then forwarded to the NSA for massive surveillance of personal information without probable cause, the group said in a news release.

The complaints were filed after former NSA contractor Edward Snowden leaked documents revealing NSA surveillance programs.

In a formal response to Europe-v-Facebook, however, Irish data protection authorities said that they see no breach of safe harbor protections.

"We consider that an Irish-based data controller has met their data protection obligations in relation to the transfer of personal data to the U.S. if the U.S. based entity is 'Safe Harbor' registered," wrote Ciara O'Sullivan, senior compliance officer of the Irish ODPC.

"I can advise that we do not consider that there are grounds for an investigation under the Irish Data Protection Acts given that 'Safe Harbor' requirements have been met and on that basis we cannot identify that a contravention of the Acts has taken place," she added in a follow-up email to the group on Wednesday.

"The Germans see a major breach of fundamental rights, while the Irish do not even see a reason for an investigation," said Max Schrems, a spokesman for Europe-v-Facebook. "We are very confident that the decision in Germany will be more substantial and very different than in Ireland."

On Thursday, a broad coalition of mainly German civil rights organizations published a list of 12 demands directed at policy makers in reaction to the NSA surveillance program.

The open letter was signed by groups including the German digital rights group Digitale Gesellschaft, Greenpeace Germany, the German Journalist Association, the Electronic Frontier Foundation and the Chaos Computer Club.

The groups called on governments, national parliaments and European institutions for a consistent implementation and defense of the fundamental rights to privacy and data protection. They also want an obligation to individually notify affected persons after every act of digital surveillance or inspection and called for the disclosure of every agreement, law and action that has an adverse effect on the right to informational self determination.

Loek is Amsterdam Correspondent and covers online privacy, intellectual property, open-source and online payment issues for the IDG News Service. Follow him on Twitter at @loekessers or email tips and comments to loek_essers@idg.com

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags privacyMicrosoftGoogleFacebookAppleskypelegalYahoo

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Loek Essers

IDG News Service
Show Comments

Brand Post

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Luke Hill

MSI GT75 TITAN

I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Laura Johnston

MSI GS65 Stealth Thin

If you can afford the price tag, it is well worth the money. It out performs any other laptop I have tried for gaming, and the transportable design and incredible display also make it ideal for work.

Andrew Teoh

Brother MFC-L9570CDW Multifunction Printer

Touch screen visibility and operation was great and easy to navigate. Each menu and sub-menu was in an understandable order and category

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Featured Content

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?