Connect with us

Business

What U.S. companies should consider following the bombshell EU Privacy Shield ruling

Published

on

Our mission to help you navigate the new normal is fueled by subscribers. To enjoy unlimited access to our journalism, subscribe today.

If you’re an American company with European users or customers, and you transfer their personal data to the U.S. for company use, you need to be aware of what just went down at the EU’s top court today.

That’s because the Court of Justice (CJEU) just made a huge ruling. The upshot: it’s possible you will no longer be able to serve people in the EU—if not now, then in the not-too-distant future.

You can read our full story on that ruling separately, but here’s a quick run through the implications. And again, those implications could be immediate, depending on your circumstances.

Privacy Shield

U.S. companies using Europeans’ personal data need some sort of legal justification for doing so. That’s because the U.S. lacks an EU-strength federal privacy law (or indeed any comprehensive federal privacy law at all.)

By far the easiest way to keep things legal was to sign up to the so-called Privacy Shield register—essentially, self-certifying that the company will stick to EU rules. This register was created under a trans-Atlantic deal of the same name, struck between the U.S. and EU in 2016.

That deal is now dead. The CJEU on Thursday cancelled it with immediate effect, basically for two reasons: it didn’t stop U.S. intelligence from poking around companies’ data even if they were on the list; and there was no effective way for EU citizens to file a complaint about this in the U.S.

The U.S. Department of Commerce reacted by indicating it would be, in a sense, business as usual. In a statement expressing disappointment with the ruling, the department said it would “continue to administer the Privacy Shield program, including processing submissions for self-certification and re-certification to the Privacy Shield Frameworks and maintaining the Privacy Shield List.”

“Today’s decision does not relieve participating organizations of their Privacy Shield obligations,” it added.

The Europeans beg to differ. To paraphrase Monty Python’s Dead Parrot sketch, Privacy Shield has passed on; it has kicked the bucket; it has shuffled off its mortal coil, run down the curtain and joined the bleeding choir invisible. It is an ex-agreement.

So you can continue to abide by the register’s obligations—essentially, respecting EU privacy law as best you can—but that no longer means your EU-U.S. data transfers are legal in European eyes. Which was the whole point of the register to start with.

(There may still be a legal reason to keep those promises over in the U.S., though. “Companies that have made privacy promises under Privacy Shield could be subject to enforcement for deceptive practices if they do not live up to those privacy promises,” said Peter Swire, a senior counsel at law firm Alston & Bird.)

Eline Chivot, senior policy analyst at the Center for Data Innovation, described the impact well in a statement Thursday: “The decision delivers a severe blow to the operations of over 5,000 European and American companies who use the EU-U.S. Privacy Shield as the legal basis for transatlantic data transfers. It will immediately upend, and in many cases even halt, data transfers between the EU and the United States, leaving many businesses with no suitable alternative.”

Standard contractual clauses

But what if Privacy Shield isn’t your only legal basis for those transfers?

Some U.S. companies such as Facebook (the firm involved in this particular case) and Microsoft have for years also been relying on a mechanism called “standard contractual clauses,” or SCCs. These are, as the name suggests, oven-ready clauses that the European Commission wrote, again outlining a range of rights and responsibilities in line with the EU’s strict GDPR privacy law.

The court did not strike down SCCs, though it had the option to do so.

It said SCCs were fine in general because an EU privacy regulator can still invalidate them on a case-by-case basis if a company is breaking the clauses’ terms or is unable to stick to them—because, say, it can’t stop the intelligence services back home from conducting mass surveillance on the data.

This is where the striking-down of the Privacy Shield becomes a problem for Facebook and any other big American tech company relying on SCCs to send Europeans’ data over to the U.S.

Although the Snowden revelations of 2013 led to some limited reforms in U.S. surveillance law, Section 702 of the Foreign Intelligence Surveillance Act (FISA) still allows for the mass collection of non-Americans’ personal data from Big Tech firms.

Some in the U.S. argue that surveillance only starts when the agencies actually look at the data—which is a more restricted activity. But the Europeans see surveillance as starting at the point of collection. So in European eyes, the U.S. regularly conducts mass surveillance on Europeans’ data—and there’s nothing the U.S. companies handling that data can do about it.

That’s serious enough to have scuppered Privacy Shield (and its predecessor, Safe Harbor) so it is difficult to see how the SCCs used by a company like Facebook can survive if challenged before an EU privacy authority.

“Although the system of standard contractual clauses will remain in principle and the standard contracts concluded will initially remain in force, they will have to be reviewed and, if necessary, suspended by the data protection authorities in the light of the [CJEU] ruling,” wrote former German data protection chief Peter Schaar in a blog post.

So what now?

Of course, not every American company serving Europeans is a Facebook or Google. If you don’t have U.S. agencies scrutinizing your data under Section 702 of FISA—if, for example, you’re an airline or a retailer—then SCCs could still work for you.

The big difference now is that you’ll first have to convince EU privacy regulators that European customers’ data isn’t subject to surveillance in the U.S.

“Data exporters and importers using the standard contract clauses must verify the level of protection in the [country where the data is going] first.  The importer also has a duty to report any issues to the exporter,” said Tony Vitale, a partner at JMW Solicitors, in a statement.

And if your processing of Europeans’ personal data is “necessary” for the fulfillment of your user contracts—if you’re an email provider handling emails, for example—then that’s also automatically kosher under EU law.

“The court explicitly highlighted that the invalidation of the Privacy Shield will not create a ‘legal vacuum’ as crucially necessary data flows can be still undertaken,” said Max Schrems, the litigant who brought the case, said in a statement after the ruling came through.

But an awful lot of U.S. companies, big and small, are still likely to be flailing around now, looking for a legal solution to a problem that abruptly landed in their laps on Thursday morning.

The only reliable, long-term solution would be changes in U.S. privacy and surveillance law. Expect to see Silicon Valley’s lobbying efforts step up on that front very soon.

More must-read international coverage from Fortune:

Continue Reading
Comments

Business

Today is Malbec World Day. This is how it is celebrated in Mexico

Published

on

Wines of Argentina celebrates the eleventh edition of Malbec World Day with a Mexico online store. The festivities run from April 15 to May 15.

Continue Reading

Business

Vegan Fried Chicken Entrepreneur Rejected $1 Million Shark Tank Offer; Acquired Multi-Million Dollar Facility to Expand Company Vision

Published

on

California entrepreneur Deborah Torres pitched her vegan fried chicken on season 11 of ABC’s hit TV show “Shark Tank.”

Torres offered the Sharks a $500,000 investment opportunity in exchange for a 10% stake in the company. Instead, billion-dollar investor Mark Cuban decided to partner with guest shark Rohan Oza and offer $1 million for 100% of the company. Torres would receive a 10% royalty.

Torres rejected the offer. Recently, her company acquired a multi-million dollar former food production warehouse in a San Diego Opportunity Zone to expand their vision.

“We are so blessed and excited to acquire our own warehouse facility while still maintaining 100% ownership of the company. I have God, my family, our team, and our awesome fans and customers alike to really thank for the incredible support. Dreams really do come true when you don’t give up or let someone steal your imagination. This is only the beginning,” said Torres told Times of San Diego.

Vegan Fried Chicken Entrepreneur Turned Down Shark Tank Offer

When Torres introduced her fried vegan chicken to the Sharks, they immediately fell in love with it. “This batter is extremely tasty,” shark Lori Greiner said. “It’s got some zip to it.”

“You fooled me,” Barbara Corcoran said.

The Sharks bought into the idea of fried vegan chicken but challenged the financials that Torres delivered.

“On [Shark Tank] there were many edits of conversations to make it appear that I wasn’t intelligent enough for obvious dramatic effects of the ‘shocking’ ending,” Torres told VegNews.

She felt that her appearance on Shark Tank did not accurately portray her business acumen. Torres graduated from high school at 15 and received her first degree at 17.

“I think God works in mysterious ways because what was meant to harm me propelled me to where I am today—the proud and sole owner of the world’s largest vegan fried chicken manufacturing company and 100-percent owner of a multi-million dollar manufacturing facility.”

Torres felt that the Shark Tank offer was not a reflection of the true value of her company. In 2019, she declined the offer and now she projects exponential growth for the company going forward.

Giving Birth to a Plant-Based Brand

Deborah Torres is the founder of Atlas Monroe. The plant-based company specializes in fried vegan foods. According to VegNews, Atlas Monroe is on track to become the largest manufacturer of deep-fried vegan chicken in the world.

What motivated the creation of vegan fried chicken? Her father’s type 2 diabetes diagnosis. Torres decided to experiment with a vegan diet. One of her main priorities was to develop delicious foods that were healthy.

“My whole family and I went on a raw, vegan and organic diet for 90 days. We grew really ‘hangry’ at each other from just eating salads and fruit salads,” Deborah told CNBC. “After the 90 days, [my father] was completely healed. We vowed to stay organic, plant-based and natural. We continued to experiment, and Atlas Monroe was born.”

Continue Reading

Business

Memorial Service for DMX Will Be Held at the Barclays Center in Brooklyn

Published

on

A memorial for late rapper DMX will take place at the Barclays Center in Brooklyn on Saturday, April 24th. According to TMZ, the memorial will only be open to close friends and family. Due to Covid-19 restrictions, the Barclays Center can only accommodate 10% capacity. The memorial will be live-streamed to give the public a chance to honor DMX with family and friends.

“My brother would take care of everybody before he would take care of himself. I never seen a human like him. The closest I’ve ever seen to a prophet,” Swizz Beatz shared during a heartfelt video tribute to DMX. “His humanitarian work should be celebrated.”

DMX Memorial at Barclays Center 

According to sources, DMX’s family decided to hold the memorial at the Barclays Center instead of DMX’s home county at Yonkers Raceway.

Opened in 2012, Barclays is an indoor arena in New York City that is home to the Brooklyn Nets. The venue can seat 19,000 people. In June 2019, DMX made his last stage appearance at the Barclays Center. He was a part of the Masters of Ceremony alongside 50 Cent, Snoop Dogg, and other hip-hop artists. He also performed at the arena in 2017 as part of the Ruff Ryders reunion show.

The details of the memorial service are still being ironed out. TMX reported that a church service for DMX’s close family and friends will take place on Sunday, April 25th.

Remembering DMX

DMX, whose birth name was Earl Simmons, died on Friday, April 9th. He was 50 years old.

The iconic rapper was admitted to the hospital on April 2nd after a drug overdose. He suffered a heart attack and was taken off life support while at White Plains Hospital. DMX was surrounded by family during his final days.

“Earl was a warrior who fought till the very end. He loved his family with all of his heart and we cherish the times we spent with him. Earl’s music inspired countless fans across the world and his iconic legacy will live on forever.”

Continue Reading

Trending

Copyright © 2020 Black Biz Daily News