Privacy groups urge renegotiation of US-EU data agreement

A group of privacy advocates and civil liberties organizations are urging European Union officials to reopen negotiations over a transatlantic data flow agreement struck last month.

{mosads}“Without more substantial reforms to ensure protection for fundamental rights of individuals on both sides of the Atlantic, the Privacy Shield will put users at risk, undermine trust in the digital economy, and perpetuate the human rights violations that are already occurring as a result of surveillance programs and other activities,” reads a Tuesday letter signed by 27 organizations.

Signees came from both sides of the Atlantic, including organizations from France, Germany and Denmark. U.S. signees included the American Civil Liberties Union and the Consumer Federation of America.

The so-called Privacy Shield agreement — which has yet to be approved by the EU’s privacy regulators — replaces a 2000 pact that allowed over 4,000 U.S. companies to legally handle European citizens’ data.

It was struck down by the European high court in October over privacy concerns, prompting a scramble from the U.S. and the European Commission to avoid a shutdown of transatlantic data transfers.

The text of the new deal was almost immediately attacked by privacy advocates for failing to satisfy the standards of the high court’s ruling. Critics argue that the new draft is not viable because it still permits U.S. intelligence agencies to conduct “mass surveillance” of European citizens.

The new agreement “manifestly fails” to meet a privacy standard that will satisfy regulators or the original ruling, the groups say, arguing that the U.S. government “continues to deny the relevance and application of the internationally-accepted standards of necessity and proportionality in its surveillance operations.”

“In order for the Privacy Shield to survive, the U.S. must formally commit to substantial reforms to respect human rights and international law in order to meet the standards set forth by the [high court],” Tuesday’s letter reads.

As part of the agreement, the U.S. agreed to provide “written assurances” at the Cabinet level that place limits on the government’s access to personal data for national security purposes.

A multi-page letter from Robert Litt, the general counsel of the Office of the Director of National Intelligence, said that the U.S. intelligence community “does not engage in indiscriminate surveillance of anyone, including ordinary European citizens.”

The European Commission has repeatedly backed up that assessment in its defense of the deal.

But in his letter, Litt described a carve-out in U.S. law that allows signals intelligence collected in bulk to be used for six national security purposes, including “detecting certain activities of foreign powers” and counterterrorism efforts.

The privacy advocate who brought down the original agreement has already indicated that even if the new deal is approved, it will likely face legal challenges.

“They tried to put ten layers of lipstick on a pig, but I doubt the Court and the [data protection authority regulators] now suddenly want to cuddle with it,” Max Schrems of Austria said in a statement.