Europeans and Americans Agree on Privacy Rules

The EU and USA have reached an agreement on rules that the US government and US business must follow when “requesting or handling the data” of EU citizens. The agreement is agreed in principle while the regulations have yet to be written. The old agreement, called Safe Harbor, was ruled unconstitutional last year by the European Court of Justice. The new agreement is called the Privacy Shield. The new law gives the U.S. Department of Commerce and American Federal Trade Commission the responsibility to make sure that American companies comply with European privacy laws. Obviously the American agencies are going to be more effective than Europeans ones at bringing sanctions against American companies since the regulators and regulated are in the same country. As for what to do when the US government does not follow the rules, of course no one can punish them for doing that. The understanding is that will simply not continue with indiscriminate spying as hey have in the past. They will obtain a warrant and otherwise following the rules set down in both countries when the target is a European person. In addition, the agreement says that Europeans will be given “redress” for violations. That means the EU citizens whose privacy has been violated can appeal to the FTC or Department of Commerce who can levy fines against the offending business. “Violating privacy” here means not following the rules, which are not all written down yet. The outline simply says, “U.S. companies wishing to import personal data from Europe will need to commit to robust obligations on how personal data is processed and individual rights are guaranteed.”


Regarding the NSA and other American agencies, the EU Commissioner said, “The U.S. has ruled out indiscriminate mass surveillance on the personal data transferred to the US under the new arrangement.” He also said, “In the context of the negotiations for this agreement, the US has assured that it does not conduct mass or indiscriminate surveillance of Europeans.” Obviously the second statement is false, given the Edward Snowden revelation, unless he meant that “in the future” they will not do that. But being a diplomat, he had to be diplomatic. The EU outlook on personal privacy is much different that the American view.

In the freewheeling capitalist US, tech companies have for a long time been vacuuming up private data of anyone who uses Facebook, reads The New York Times, buys items online, or whatever. There is some hypocrisy here as the same tech companies who cried foul over NSA wiretapping are recording every facet of our private lives and using it for advertising purposes. The only people who have complained about that, like a few rather impotent US Senators, do not carry sufficient weight to overcome the tech lobby. Plus Americans believe that government should not meddle with business too much. So no law has been passed prohibiting that.

But Europe is different.  Nazi and fascist rule in Spain, Germany, and Italy have left the Europeans leery of government tracking its citizens,  and certainly not business. And then there is centuries of custom and tradition.

privacy shield law

For several years the Europeans have been writing privacy rules the urgency of which increased in the wake of the Snowden revelations. Plus the EU courts also threw out their own government surveillance laws in Germany, Ireland, The Netherlands, and elsewhere. The European Parliament already passed tough privacy laws despite heavy lobbying from Google and other tech titans.  But the EU parliament is just one law-making body. There are several steps to follow to make that into actual law, none of which have gotten very far.

While politicians dither, European courts have moved more quickly. The European Court for Justice two years ago famously required Google to remove from its search results the case of a man whose bankruptcy from years ago was still listed on the internet. That violated the French concept of the “right to forget.” That means once someone has paid their debts - or in the case of criminals, their debt to society - they should have a clean slate and not be burdened with a label like “bankrupt” or “convict” for the rest of their lives.

This agreement will let the American tech companies sigh a breath of relief that more onerous privacy rules have not been put in place, at least not yet. The privacy regulations passed by the EU Parliament would have required that data on EU citizens be kept on EU soil. It also would have allowed reckless teenagers to delete reckless Tweets, sexting messages, and so forth once they grew older and realized how reckless posting that was. That of course is difficult to do when you have redundant data centers replicating data around the world. And you cannot delete a Tweet or Facebook post without deleting all the other comments and Tweets connected to that. That would have complicated database infrastructure and coding too. It would make for some messy code, if it was necessary to, for example, write logic to store records from, say, Person A in one country and records from Person B in another.

▼ Show Discussion

About the author:

Karolis Liucveikis

Karolis Liucveikis - experienced software engineer, passionate about behavioral analysis of malicious apps.

Author and general operator of PCrisk's "Removal Guides" section. Co-researcher working alongside Tomas to discover the latest threats and global trends in the cyber security world. Karolis has experience of over five years working in this branch. He attended KTU University and graduated with a degree in Software Development in 2017. Extremely passionate about technical aspects and behavior of various malicious applications. Contact Karolis Liucveikis.

PCrisk security portal is brought by a company RCS LT. Joined forces of security researchers help educate computer users about the latest online security threats. More information about the company RCS LT.

Our malware removal guides are free. However, if you want to support us you can send us a donation.

About PCrisk

PCrisk logo

PCrisk is a cyber security portal, informing Internet users about the latest digital threats. Our content is provided by security experts and professional malware researchers. Read more about us.

Malware activity

Global malware activity level today:

Medium threat activity

Increased attack rate of infections detected within the last 24 hours.

Virus and malware removal

This page provides information on how to avoid infections by malware or viruses and is useful if your system suffers from common spyware and malware attacks.

Learn about malware removal