(THIS ARTICLE IS MACHINE TRANSLATED by Google from Norwegian)
Today, US authorities can find out who you are, what your preferences are and what you believe in. They can read your private email correspondence, gather information from you about the dating site you use, your health app and where you last shop. The list is long. Neither we nor the Data Inspectorate know what the information about you and me is used for. Privacy Shield Agreement (see fact box) should be our shield against surveillance. It is intended to protect the privacy of European citizens.
“There will be a large number of people challenging this deal if it looks like it does now. I am also likely to be one of them, ”says Austrian internet activist Maximillian Schrems.
He describes the new draft as "the same old pig under ten layers of new makeup". The "pig" he refers to is the 15-year-old predecessor Safe Harbor, who he himself helped to topple when he sued the giant group Facebook to get his personal data.
Confirms monitoring. "In the draft, the United States declares that data collection will be used for six purposes. "Counter-espionage, terrorism, cyber security, weapons of mass destruction, threats against US armed forces and transnational crime," said a statement from Schrems' organization Europe versus Facebook.
The organization believes none of the points in the new contract text addresses the fundamental flaws of US surveillance laws, nor the lack of privacy protection in US law.
"The United States confirms that they violate fundamental rights in at least six cases," comments Schrems.
He is not alone. The agreement harbors massive opposition from US NGOs and a large majority of consumer organizations in Europe. Among other things, Amnesty International USA writes in a letter to the President of the Article 29 Group, which is the EU's privacy advisory body, that US state authorities still have the powers they had before the European Court of Justice ruling that invalidated Safe Harbor.
"What will be exciting is how strong the mechanisms the Americans have promised to put in place will be – and whether they will then be able to guarantee good appeal opportunities for European citizens," says department director and lawyer Kim Ellertsen in the Data Inspectorate.
He believes that Privacy Shield is better than its predecessor, and that it repairs the weaknesses that the Schrems ruling revealed and emphasized.
"There is a large amount of information going back and forth between Europe and the United States. Many of the major commercial players are based in the United States – Google, Facebook, Microsoft, Yahoo, Twitter – and I do not envisage it being an easy task to stop such a transfer of information. "
Know little. According to the Norwegian Data Protection Authority, information about us today is transferred to the USA in two ways. Through our private use of online services and social media, and through Norwegian companies. The latter uses services from US companies such as social media, cloud services, personnel management and server operations. According to the audit, the Privacy Shield shall protect our privacy in the event of transfers of both types.
"When it comes to cloud services, you can imagine that everything that will be in an email correspondence can be available. Then it's about everything possible, everything that people talk about together. Many Norwegian companies that use cloud services and digital services from American companies transfer personal data to the USA, »says senior legal adviser Jørgen Skorstad in the Norwegian Data Protection Authority.
As our personal data is transferred on our way into the United States, legal protection disappears. The reason is that the United States does not have the same privacy rules as Europe.
"It has been too late to intervene in this monitoring. The regulations in Europe are quite old. I probably agree that personal data is collected over a low shoe. The authorities have been slow to react, but things are starting to happen, "says Skorstad.
He thinks it is a problem that we know so little about what happens to the personal data.
"If people knew what was happening to them, they might have had a different view of this as well," he emphasizes.
Fear discrimination. If we as consumers do not get more predictable terms and real control over the information collected about us, it can be misused, the Consumer Council believes.
"I fear that the amount of information can be used for discrimination – in that people, for example, do not have access to equal loan terms at the bank or when they want health insurance," says Finn Myrstad, director of the Consumer Council for digital services.
Myrstad is also the European leader in the digital committee of the Transatlantic Consumer Dialogue (TACD), and is concerned that in the near future we may notice potentially serious and direct consequences of lack of privacy.
"We can also imagine the same form of discrimination in working life. In that some applicants are virtually excluded on the basis of inferences drawn about them based on years of digital traces that they have left behind, without being aware of it or given the opportunity to access the information collected about them, He explains.
He believes the Privacy Shield agreement must involve a fundamental reform in the United States in order for the rules to be more in line with European legislation.
"In the TACD, where the Consumer Council chairs the digital committee, we will make our recommendations during April. Here we will be specific on what changes should take place in the US and the EU in order to have a more balanced approach to the processing and use of consumer data. "
"I do not think we should ask ourselves what we as internet users can do. There is little we can do. "
Big Business. Today, data exchange generates greater value globally than physical trade, according to the consulting company McKinsey's report "Digital globalization: The new era of global flows".
The majority of Norwegian companies and organizations will be affected by the Privacy Shield agreement and possible outcomes of it, says director Torgeir Waterhouse, who is director of the internet and new media in the ICT industry's interest organization ICT-Norway.
If the Privacy Shield agreement does not come to fruition and standard agreements are declared invalid, it will be difficult, according to the Data Inspectorate, to be able to transfer personal data across the Atlantic.
"Many services are completely dependent on being able to transfer information to third parties if the user has given consent," says Kjetil Thorvik Brun, head of ICT and digital industries at Abelia, NHO's association for knowledge and technology companies. The association has more than 1700 member companies and 44 employees.
"As far as I know, it is currently permitted to transfer information to third parties if the user has given his consent. For example, I'm glad that the ads I'm shown meet my preferences better. I prefer to see advertisements for bicycles and fishing equipment rather than walkers or tampons, "says Thorvik Brun.
He emphasizes that he has not read the content of the Privacy Shield agreement, but believes that it should safeguard fundamental rights for Norwegian and European citizens. At the same time, he fears financial consequences for the companies.
"We are concerned that the desire for – and the need for – better legal protection of the data transmission will lead to disadvantages that will burden the ability to innovate and scaling opportunities for the ICT industry and Norwegian business and industry in general," says Thorvik Brun.
One possible outcome is that strict requirements are set for comprehensive third-party certifications.
"This is a financial burden that the big ones do not want to have much trouble with, but which can be very demanding for small businesses," he says.
It will take time to put in place a new agreement, Waterhouse emphasizes. Like Schrems, he believes it will be challenged, regardless of whether it is approved by the Data Protection Authority in Europe.
"In the meantime, it is important to have a sensible transitional regime, and we have to make sure that our use of data can continue. If not, we must stop sharing data with the United States as it works today. This will mean that, for example, user services such as social media and the underlying systems on which companies depend today may become illegal. Everything will lock up, "says Waterhouse.
«Plague or cholera." Maximillian Schrems still logs on to Facebook, even though he believes the group is a monopoly. Because, as he points out, the alternative is to use services where he shares his photos with himself because no one else uses the services.
"At best, you have a duopoly, and the choice is between plague or cholera. An example is the choice between smartphones – where you have Google or Apple. The technologies are built to be a closed network. So I still use them, and I guess most others do too. "
As internet users, we are powerless. Although most people use services and technologies, we should be concerned about the enormous amount of personal data that exists about me and you, Schrems believes.
"I do not think we should ask ourselves what we as internet users can do. There is little we can do. We have to ask why companies do not follow the laws, and why European authorities do not enforce them, "says Schrems.
Lejon writes for Ny Tid,
and works as a news substitute at NTB.
