Skip to main content

Max Schrems warns Privacy Shield deal between U.S. and Europe will fail

privacy shield max schrems
Image used with permission by copyright holder
Max Schrems, the Austrian privacy advocate and thorn in the side of tech companies, has stated that the newly-passed Privacy Shield will likely fail.

Privacy Shield is a new agreement between the U.S. and the EU that allows for legally protected data transfers across the Atlantic. It was officially passed by a vote last Friday and is expected to be formally announced tomorrow. It replaces the old agreement Safe Harbor, which was ruled invalid last year by the European Court of Justice in a case taken by Schrems.

The new agreement has been divisive. Schrems told Fortune that he does not expect it will last long. “It’s the same as Safe Harbor with a couple of additions, and it’s going to fail like the one before,” he said.

The main issue with Safe Harbor is U.S. bulk surveillance that impacts EU citizens’ data once it is transferred Stateside. One of the new additions includes an authority that will be set up by the U.S. to investigate any claims by EU citizens over surveillance or data privacy abuse. But critics of Privacy Shield note that these new provisions don’t address surveillance in any meaningful way.

It remains to be seen if the European Court of Justice will allow Privacy Shield to commence or if it will be struck down like its predecessor.

With this uncertainty in mind, Schrems believes that corporations and internet companies will be reluctant to sign up to the agreement immediately, in case it falls apart.

Vera Jourova, the EU’s justice commissioner, thinks otherwise, stating last week that Privacy Shield has “ruled out indiscriminate mass surveillance of European citizens’ data”.

She has one major supporter already — Microsoft. John Frank, the company’s vice president of EU government affairs, wrote that the agreement was an “important achievement for the privacy rights” or Europeans and that Microsoft will be signing up ASAP.

Jourova reiterated at a parliamentary hearing today that Privacy Shield comes with a suspension clause that can be triggered if U.S. companies or the government do not keep up their end of the arrangement. Privacy Shield will be also subject to an annual review, which will give critics an opportunity to voice concerns.

Last week four countries – Austria, Bulgaria, Croatia, and Slovenia – abstained from the vote. According to Jourova, the countries are willing to give the agreement a year but are keen to reassess it.

This approach too has been criticized. David Martin Ruiz, a digital policy lawyer in Brussels, tweeted that the general attitude toward the agreement is to just give it a chance rather than work out a new agreement now.

Jonathan Keane
Former Digital Trends Contributor
Jonathan is a freelance technology journalist living in Dublin, Ireland. He's previously written for publications and sites…
A dangerous new jailbreak for AI chatbots was just discovered
the side of a Microsoft building

Microsoft has released more details about a troubling new generative AI jailbreak technique it has discovered, called "Skeleton Key." Using this prompt injection method, malicious users can effectively bypass a chatbot's safety guardrails, the security features that keeps ChatGPT from going full Taye.

Skeleton Key is an example of a prompt injection or prompt engineering attack. It's a multi-turn strategy designed to essentially convince an AI model to ignore its ingrained safety guardrails, "[causing] the system to violate its operators’ policies, make decisions unduly influenced by a user, or execute malicious instructions," Mark Russinovich, CTO of Microsoft Azure, wrote in the announcement.

Read more