The US and EU have published a big pile of documents that spill the beans on the pair’s replacement for Safe Harbor. The new provision is known as the EU-US Privacy Shield and is designed to limit how much personal data the NSA (amongst others) can access. The files also call for the creation of an independent regulator that’ll handle complaints from users which will be funded by contributions from internet companies. The most interesting factoid we’ve spotted so far is that firms like Facebook can choose if it wants to be subject to American or European data protection law — although it’ll default to the former.
If you’re not caught up, Safe Harbor was (essentially) a deal that made life easy for tech companies that operated in the US and Europe. It meant that outfits like Facebook could treat data about its users as movable, bouncing it between servers when it had to. So, for instance, it could take information about a German user, stored in a data center in Ireland, and push it to California for long-term storage. Except, when that data crossed the Atlantic, it became fair game for pushy surveillance agencies like the NSA.
Privacy campaigner Max Schrems was so annoyed at the idea that he launched a lawsuit in Ireland to force a decision. Unfortunately, the courts batted away his claim, so he took the case to the European Court which examined both the decision and Schrems’ claim. Shortly afterward, courts ruled that the Safe Harbor provisions did not protect local citizens, and declared them to be invalid. These new rules are expected to be formalized across the next few months, ending the potential headaches for almost every social network in the country.