The replacement for the EU-U.S. Safe Harbor agreement that was ruled unlawful by a European court last year may well fail the same legal tests as its predecessor. The new agreement, called Privacy Shield, seems to be little more than a new name strapped onto what are largely the same data-sharing protections, or lack of them, contained in Safe Harbor.
Safe Harbor dated from 2000 and allowed U.S. and European companies to exchange data without officially conforming to the relatively strict requirements of European data protection legislation. The European Court of Justice has ruled it to be unlawful following a challenge brought against Facebook—but also in the light of Edward Snowden’s revelations about U.S. government mass surveillance programs. Safe Harbor provided firms with considerable leeway—considered a box-ticking exercise—with little if any real protection for individuals.
While mass surveillance is a concern, it is difficult to police due to the nature of national security as a secretive business with very little transparency or public accountability. But the terms under which firms do business is certainly within the realms of oversight.
