US Surveillance Changes not Addressed in New Safe Harbor Framework, Access Now Says
The new EU-U.S. Privacy Shield that replaces the annulled safe harbor agreement with stronger privacy protections of Europeans' personal data (see 1602020040) "will be a mere political solution to a legal problem" without key surveillance law reforms on both sides…
Sign up for a free preview to unlock the rest of this article
Communications Daily is required reading for senior executives at top telecom corporations, law firms, lobbying organizations, associations and government agencies (including the FCC). Join them today!
of the Atlantic, said Access Now's Estelle Massé, Amie Stepanovich and Drew Mitnick in a long blog post Thursday. They said "robust substantive changes" to the Foreign Intelligence Surveillance Act Amendments Act's Section 702, which permits surveillance of non-U.S. persons, and executive order 12333, which governs spying outside the U.S., haven't been implemented. Instead, EU negotiators relied on "written assurances" from the U.S. that "indiscriminate surveillance" of EU citizens would not take place, which the three described as "word games." Even "overbroad" surveillance programs in some EU member states like France and the U.K. need to be changed, they said (see 1512240011). The activists also said more needs to be done to strengthen transparency, oversight and data protection, which can be achieved through enacting baseline privacy legislation such as the proposed consumer privacy bill of rights in the U.S., plus strong data breach notification laws and vulnerability disclosure frameworks on both sides of the Atlantic. If concerns of the European Court of Justice, which invalidated the old safe harbor framework in October, aren't addressed, the new one will likely be nullified, creating more uncertainty (see 1602030001) for companies, they concluded.