apple-prism

Get the latest on iPhone/iPad innovation: Ipads Advisor

The Irish Workplace of the Data Defense Commissioner (ODPC) has actually replied to 2 of the grievances filed last month by the European data security activists behind the Europe v Facebook (evf) campaign team against numerous UNITED STATE innovation companies for alleged collaboration with the NSA’s Prism data collection program. Responding specifically to problems against Apple and Facebook, the ODPC basically takes the view that there’s no problem to respond to, owing to a previous ‘Safe Harbor’ agreement between the E.U. and the U.S. which it says governs the transfer of personal data in this instance.

evf had been intending to obtain clearness on exactly what it argued were potentially clashing legal requirements, whereby – owing to their corporate structure – the companies in concern could’ve been unable to adhere to both European personal privacy laws and U.S. monitoring laws. However, in a letter (recreated right here) replying to evf’s problems, the ODPC takes the view that so long as ‘the U.S. based entity is ‘Safe Harbor’ licensed’ (which Apple and Facebook obviously are) there’s no source for Prism-based complaints, keeping in mind:

We think about that an Irish-based data controller has fulfilled their data defense responsibilities in relation to the transfer of personal information 10 the U.S. if the U.S. based entity is ‘Safe Harbor’registered. We further consider that the agreed ‘Safe Harbor’ Progamme envisages and addresses the access to personal information for police purposes held by a UNITED STATE based data processor.

While the U.S.-E.U. Safe Harbor agreement, which goes back to 2000, generally needs US companies to abide by a set of E.U. personal data protection principles – such as informing citizens that their data is being collected and how it’ll be made use of (which has actually clearly not been going on in the case of the NSA’s Prism program) – the ODPC’s letter keeps in mind that adherence to the principles ‘might be limited’ –

(a) to the level essential to meet national safety, public interest, or law enforcement requirements, Cb) by statute, government regulation, or case law that produce contrasting obligations or specific permissions, offered that, in exercising any such permission, a company can demonstrate that its non · compliance with the Fundamentals is restricted to the degree necessary to fulfill the oveniding legitimate interests advanced by such permission’.

As you ‘d anticipate, evf is unimpressed with the ODPC’s feedback – dubbing it ‘extraordinary’. The group says that while the Safe Harbor contract typically permits the transfer of information to the UNITED STATE ‘as a rule of thumb’, it does also include exceptions where Europeans’ information ‘isn’t properly secured’ – which evf says the ODPC’s feedback neglects.

Commenting on the letter in a statement, evf spokesperson Maximum Schrems stated: “The Irish authority seriously states that the EU has imagined and accepted the PRISM program 13 years back, when making the ‘Safe Harbor’ choice. They state that the EU has agreed to PRISM, efficiently blaming Brussels rather of taking action. This likewise means that the DPC believes that the PRISM program is in line with an ‘adequate defense’ of personal privacy under EU law. I question that the European Commission thinks so too, but a minimum of we got the Irish DPC to openly state for which team they’re playing.”

“This indicates that you can forward Europeans’ data to the NSA as much as you want, if you only put your parent company on a list,” he added.

It’s worth keeping in mind that the ODPC’s letter does likewise keep in mind that ‘the proportionality and oversight arrangements for programs such as PRISM are to be the subject of high-level discussions in between the EU and the UNITED STATE’ – so the overriding impression shared by the letter is of a local DP authority with close associated with the UNITED STATE tech titans which have actually sited head office on its dirt doing every little thing it can to avoid sticking its own neck over the parapet on Prism. And passing the buck up the chain to EU information defense regulators rather. (Contrast the Irish response to this local German DP agency’s trouble about a ‘massive risk’ connected with Prism data collection, for example, and the tonal variation is striking).

“We’ve the impression that the ODPC is trying to merely ignore the problems and the whole PRISM scandal. It appears like they’ve little interest in the rights they’re paid to safeguard. If there’s a means to appeal this in Ireland we plainly appeal it. Right now it looks like the ODPC is destroying Ireland’s reputation in this matter,’ added Schrems.

Ireland’s economy remains to take advantage of drawing in tech titans to set up worldwide headquarters there – with favourable corporate tax rates as one bait, and – as evf would doubtless argue – a ‘friendly’ data defense authority as another. As an example of the latter, the ODPC has actually formerly ruled in Facebook’s favor: last September, after a lengthy examination into individual data and privacy concerns – caused as soon as again by evf problems – the body declared itself delighted that Facebook had heard ‘the wonderful majority’ of its referrals.

We’ve actually reached out to the European Commission for discuss the ODPC’s stance and will upgrade this story with any feedback. The EC’s Neelie Kroes has actually been important of Prism, alerting earlier this month that the program dangers undermining rely on UNITED STATE cloud companies.