All good things come in threes, you might think. In the case of the proposed data protection agreement between the European Union and the United States, the first two attempts were a flop. The European Court of Justice struck down the two previous agreements, Privacy Shield and Safe Harbor, on the grounds that the level of data protection in the United States was not compatible with European standards. The European Commission would have been wise to learn from past mistakes, strive for real change, and end the legal uncertainty for businesses.
This obviously did not happen, and the new agreement, like the first two attempts, does not go beyond lip service and sells old wine in new bottles. In particular, the core issue of data access by intelligence services has created another large gray area. Access should only take place if it is necessary and proportionate – in the eyes of the Americans. In addition to the obvious legal loopholes, these formulations reveal one thing above all: So far, the U.S. has been accessing the personal data of European citizens to an unknown extent. European and U.S. privacy experts are also likely to differ sharply on the definition of what constitutes reasonable access and what does not.
So, nothing new in the West. Although the European Court of Justice has not yet made its decision, there are many indications that the new agreement will not stand up in court either – the corresponding lawsuits are certainly already in the drawers of European data protection experts. For its next attempt, the European Commission should consistently focus on the real problem: the lack of a “no spy” agreement with its American partners that would fundamentally put a stop to unauthorized access to sensitive European data.
Until then, the bitter reality remains that U.S.-based clouds are not a legally secure place for personal data. Fortunately, there are alternatives, such as sovereign software and technologies that aim to avoid dependencies on external providers or countries. Hopefully, the market will recognize the need and develop more such solutions in the future – after all, it’s about nothing less than the control and autonomy of our data.
Interested in learning more about how ownCloud can ensure a high level of data security and 100% data control for your enterprise? Get in touch with us.
This blog post is based on this article (German) published in IT Daily.