Skip to main content
  1. Home
  2. Computing
  3. News

Germany fights back as lawsuit against the U.S.-EU Privacy Shield heats up

By

privacy shield lawsuit germany logo
Image used with permission by copyright holder
Privacy Shield, the new data transfer agreement between the U.S. and the European Union, was officially passed in July but it continues to face its fair share of legal challenges and critiques that could derail the trans-Atlantic pact before it ever truly takes off.

A lawsuit originally filed by Digital Rights Ireland (DRI), a digital rights nonprofit, is challenging the efficacy of the protections promised by Privacy Shield. It claims that the agreement, which replaced the longstanding Safe Harbor deal, is still inadequate in protecting citizens’ data and privacy.

DRI is now facing a significant kickback, though. The Irish Times reports the German federal government and the Czech government filed papers lodging their support for the agreement and the European Commission, the EU’s executive branch. The Commission brokered the deal with the U.S. Department of Commerce.

Monday was the deadline for interested parties to lodge their support on either side of the case, which is being filed in the General Court of the European Union, one of the lower courts.

DRI wants the agreement declared “null and void” as it has been a “manifest error of assessment by the commission.”

Privacy Shield took several months to hammer out. In October 2015, the European Court of Justice ruled Safe Harbor invalid, which had been in place for several years. This agreement allowed for companies, such as Facebook or Google, to transfer user data legally across the Atlantic. However, a legal challenge by Austrian lawyer and activist Max Schrems led to the court finding the agreement did not safely protect Europeans from U.S. mass surveillance.

As a result, Privacy Shield was born but privacy advocates and digital rights groups have taken a skeptical view, in some cases dubbing it Safe Harbor just with a different name. They maintain that the deal fails to address mass surveillance.

One of the new provisions made in Privacy Shield is the establishment of a U.S. ombudsman that will investigate alleged abuses of Europeans’ data by the U.S. but the independence and influence of this ombudsman has been called into question. Schrems has said the new agreement won’t stand up to scrutiny in the courts.

Nevertheless, more than 500 companies have signed up to the agreement, which will allow them to transfer data with legal protections, including Microsoft and Cisco.

Topics
Jonathan Keane
Jonathan Keane
Former Digital Trends Contributor
Jonathan is a freelance technology journalist living in Dublin, Ireland. He's previously written for publications and sites…
A dangerous new jailbreak for AI chatbots was just discovered
the side of a Microsoft building

Microsoft has released more details about a troubling new generative AI jailbreak technique it has discovered, called "Skeleton Key." Using this prompt injection method, malicious users can effectively bypass a chatbot's safety guardrails, the security features that keeps ChatGPT from going full Taye.

Skeleton Key is an example of a prompt injection or prompt engineering attack. It's a multi-turn strategy designed to essentially convince an AI model to ignore its ingrained safety guardrails, "[causing] the system to violate its operators’ policies, make decisions unduly influenced by a user, or execute malicious instructions," Mark Russinovich, CTO of Microsoft Azure, wrote in the announcement.

Read more