The U.S. National Security Agency (NSA) has continuously been invading the online privacy of the American citizens and more people around the globe on the name of global surveillance programs. The US tech companies including the Facebook and Google are considered to be the facilitators of the surveillance programs of the NSA and other intelligence services. The personal data of the Americans, Europeans and the citizens of many other countries is gathered by these tech giants and transferred to the US authorities.
In 2000, the European Union established an agreement with the United States Department of Commerce to regulate the way the American companies could export and manage the personal information of the European citizens. According to this regulation, the companies that collect personal data must inform the person about the data collected and the purpose of this assortment.
Meanwhile, they would seek permission to pass on their data to a third party or make it accessible to others. The Safe Harbor agreement was aimed to protect the data of European citizens transferred by American companies to the US. It enabled the American companies to confirm that they would guard the personal data of European citizens when transmitted and stored in American data centers.
In 2013, it was revealed that the surveillance programs of the U.S. National Security Agency and other intelligence activities of the States are breaking the rules and the privacy of Americans and many other people worldwide is being invaded. The ex-NSA contractor Edward Snowden made revelations about US government surveillance programs and told that the technology companies are assisting these programs providing the personal information of the customers. The Snowden leaks showed that the NSA was tracking location of foreigners’, chats, emails, and other communications through services like Google and Facebook.
The majority of American tech companies involved in NSA’s mass investigation programs have their international or European headquarters in Ireland or Luxemburg. The Facebook Incorporation also has its international headquarter in Dublin, Ireland, which is responsible for over 83 percent of Facebook users worldwide. The data collected by the Facebook Ireland Ltd is transferred to Facebook Incorporation in the US. The data is further shared with US authorities for mass surveillance programs.
It was in the knowledge of the US government that the NSA’s global surveillance programs like PRISM could have international impacts. The American tech giants like Facebook and Google reported to the US officials that the NSA surveillance programs could put the integrity of the internet at risk. Unfortunately, no significant efforts were made to fix the international aspects of the mass surveillance programs. Further stories about NSA and other intelligence services collecting the data of European citizens shattered the users’ trust in the ability of US companies to protect their information according to European protection standards.
- This short infographic will explain you the real power of NSA spying
All this made the privacy campaigners question how Safe Harbor’s self-certification could be enough to protect the privacy of EU based users of the technology companies. On these revelations, the European Court of Justice declared the Safe Harbor agreement invalid saying that the U.S. companies cannot be trusted with the personal data of Europeans. The court ruled that the European Union countries should determine how the online information of the EU citizens can be gathered and used. However, the end of the Safe Harbor did not stop the data transfer from Europe to the United States.
An Austrian privacy activist, Max Schrems, commented on ECJ decision that it will not have widespread effects on the internet activities. The average consumers would not face any restrictions on the regular internet use and would hopefully be able to enjoy online services without being subject to global surveillance. There are still alternative options to transfer data from European countries to America. However, he said, the judgment clarifies that mass surveillance programs of NSA violate the fundamental privacy rights and the US businesses are violating the European data protection laws to assist US spying.
Given that almost 4500 American companies including Facebook, Google, and Yahoo were using Safe Harbor to legitimize the transfer of data from EU to the US, the judgment of European Court of Justice dismayed the US officials and entrepreneurs. The suspension of this agreement created legal uncertainty for many businesses because it could negatively impact the trade and investment ties between US and EU.
In 2016, the US and European officials revised Safe Harbor agreement giving it the name of Privacy Shield. They claimed that the new agreement contains stronger privacy protections related to the access of personal data by the US government. Contrary to Safe Harbor, the Privacy Shield contains commitments from the US security officials and letters from US government officials regarding the protection of EU citizens’ data. However, the majority of the European citizens are demanding a mechanism to lodge complaints about the use of their personal data, and a transparent system to hinder the data transfer to the US intelligence services.