It’s no breaking news: we live in a digital world. Anyone not using a smartphone or even the internet can still make it on Planet Earth, but will miss out on the greatest topic of our time: digitization is everywhere. But being a “geek” does not mean that one wouldn’t care about ones personal data. We facebook, twitter, instagram and google, however we are very aware of privacy matters: “Yes, I want to use this service, but no, I won’t give away my personal data.” As a matter of fact most users aren’t technically able to ensure that their personal data will not be used for marketing purposes or disclosed to intelligence officials. We are the most exposed when messaging with friends, family, even colleagues – our digital fingerprint is all over. Services like “Telegram” or “Threema” try to bridge this market gap and offer safer messaging. For instance Telegram messages are heavily encrypted and can self-destruct. From a user’s perspective absolute privacy is the non plus ultra, however service providers also need to comply with the legal framework and authorities’ requests.
In February 2016 the FBI urged Apple to unlock the iPhone of the San Bernardino shooter, which Apple refused to do, precisely because they feared their customer’s reactions. The FBI had asked Apple to build a new version of the iPhone operating system, circumventing several important security features, which would mean a “backdoor” to enter any iPhone. In a public letter to its customers, Apple’s CEO Tim Cook justified their refusal with the following words: “The government suggests this tool could only be used once, on one phone. But that’s simply not true. Once created, the technique could be used over and over again, on any number of devices.” In the end Apple’s help wasn’t needed: the FBI managed to unlock the phone, leaving the question open how big this “backdoor” to any phone could be.
Similarly, media reported on October 4th, 2016 that Yahoo has been scanning hundreds of millions of users’ email accounts looking for a digital signature at the request of U.S. intelligence officials. Although Yahoo denied the report by calling it “misleading” but without calling it false, it could severely damage its reputation. After all, it stands in one line with the repeatedly reported hacking of Yahoo accounts that had already led to user’s distrust. Yahoo’s weak and unclear denial of the scanning allegations has shown that yielding in to U.S. authorities will often make both worldwide customers and EU regulators unpleased.
If U.S. customers are exposed to this type of requests and loopholes, where does that leave E.U. citizens? We also use iPhones, Whatsapp, Facebook, Yahoo-emails. In a globalized world, borders do not stop you from being a user. Borders primarily imply disadvantages for customers, because data security or other consumer rights cannot be guaranteed after crossing them. Data security is therefore only possible by cooperation beyond borders, implying the enforcement of fair and up-to-date legal bases.
Transatlantic cooperation is indispensable for data protection because this matter affects businesses and people with an unprecedented intensity. Buying or selling goods online, using social media or cloud storage – that’s the daily business in today’s global digital economy. Does Privacy Shield achieve this common goal? Experts acknowledge that it meets the fundamental requirements of data protection after the ECJ judgment on Safe Harbor. From a customer’s perspective, it could be much more protective. So far, only the right to be informed has effectively been regulated, whereas using data for different purposes is still subject to an excessively wide interpretation by the data collecting party and therefore only warrants protection if one objects. Nevertheless, Privacy Shield grants an urgently needed legal certainty for companies dealing with personal data. After one year of uncertainness, companies processing customer data now know on which requirements they have to meet under the new agreement. It might possibly also protect the companies themselves, as we can see in Apple’s case. Moreover, Privacy Shield and similar mechanisms are essential to rebuild mutual trust in the transatlantic partnership and restore people’s trust in the system, partly lost after Snowden’s revelations. Setting common rules in a global market is not an obstruction, it’s bridging the gap between opening up new market opportunities and guaranteeing a universal right to data security.