Power

Tech companies are ‘scrambling’ after the EU’s top court shot down the EU-US Privacy Shield

More than 5,000 companies rely on the shield. Now they have some work to do.

Tech companies are ‘scrambling’ after the EU’s top court shot down the EU-US Privacy Shield

A complaint filed by Austrian data protection activist Max Schrems led a top EU court to strike down the EU-US Privacy Shield.

Photo: Alex Halada/AFP via Getty Images

Tech companies across the U.S. are scrambling to figure out how they can remain in compliance with international privacy laws after Europe's highest court struck down the EU-US Privacy Shield.

In a win for privacy activists, the Court of Justice of the European Union invalidated the Privacy Shield on Thursday, saying the framework does not adequately protect European users from the U.S. government's far-reaching surveillance laws. The decision will force the 5,384 companies that currently rely on the EU-US Privacy Shield to recalibrate their privacy policies, particularly when it comes to how and why they collect data on EU users.

"Like many businesses, we are carefully considering the findings and implications of the decision of the Court of Justice in relation to the use of Privacy Shield and we look forward to regulatory guidance in this regard," Facebook lawyer Eva Nagle said in a statement.

While Facebook, Google, Amazon and Microsoft all partially rely on the EU-US Privacy Shield to transfer data on EU users, 70% of the companies that have been certified under the framework are small- to medium-size businesses, according to the Computer and Communications Industry Association. And those companies, which have fewer resources and likely don't have established servers in the EU, will likely face the greatest challenges as they seek to comply with the decision, said Omer Tene, a vice president with the International Association of Privacy Professionals.

Tene said the privacy professionals he's speaking to are "scrambling," although the decision was not shocking to those watching the case closely.

Eleven U.S.-based companies reached by Protocol on Thursday said they are reviewing the decision with their legal advisers, poring over complicated and extensive agreements and contracts to ensure their current data transfer agreements are still in compliance with the law. Several said they are waiting on further guidance from European and U.S. regulators and might have to make some changes to how they do business.

"Discord is reviewing the ECJ decision and looks forward to regulatory guidance from the European Commission and the Department of Commerce," said a spokesperson for Discord, a popular chat site with users around the world.

Dave Koslow, the chief operating officer of electronic agreements company DocSend, said "there's some work to do" for the company in the immediate term. "We'll need to review our agreements and make any adjustments necessary to accommodate the change in regulations," Koslow said.

While the court struck down the Privacy Shield, its opinion upheld "standard contractual clauses," shorter-term agreements that allow American companies to handle EU data. The court called on data authorities in Europe to ensure those clauses provide an "adequate level of protection" for EU users, which will likely lead to heightened EU scrutiny of those clauses.

Tech firms including Fitbit, Ancestry.com, Box, cloud software company Domo and Akami Technologies all said they will rely on those agreements in lieu of the EU-US Privacy Shield.

"We rely on multiple legal bases to lawfully transfer personal data around the world," said a Fitbit spokesperson. (EU regulators are currently investigating Fitbit's acquisition by Google.) "These include your consent, the EU-US and Swiss-US Privacy Shield, and EU Commission approved model contractual clauses, which require certain privacy and security protections."

Rafi Azim-Khan, the head of data privacy at Pillsbury, said the "seismic" court case is only the latest reminder for companies that privacy is now a "board-level issue."

Correction: This story was updated at 4:51 p.m. to correct where Dave Koslow works.

Workplace

The tools that make you pay for not getting stuff done

Some tools let you put your money on the line for productivity. Should you bite?

Commitment contracts are popular in a niche corner of the internet, and the tools have built up loyal followings of people who find the extra motivation effective.

Photoillustration: Anna Shvets/Pexels; Protocol

Danny Reeves, CEO and co-founder of Beeminder, is used to defending his product.

“When people first hear about it, they’re kind of appalled,” Reeves said. “Making money off of people’s failure is how they view it.”

Keep Reading Show less
Lizzy Lawrence

Lizzy Lawrence ( @LizzyLaw_) is a reporter at Protocol, covering tools and productivity in the workplace. She's a recent graduate of the University of Michigan, where she studied sociology and international studies. She served as editor in chief of The Michigan Daily, her school's independent newspaper. She's based in D.C., and can be reached at llawrence@protocol.com.

Sponsored Content

Foursquare data story: leveraging location data for site selection

We take a closer look at points of interest and foot traffic patterns to demonstrate how location data can be leveraged to inform better site selecti­on strategies.

Imagine: You’re the leader of a real estate team at a restaurant brand looking to open a new location in Manhattan. You have two options you’re evaluating: one site in SoHo, and another site in the Flatiron neighborhood. Which do you choose?

Keep Reading Show less

Elon Musk has bots on his mind.

Photo: Christian Marquardt/Getty Images

Elon Musk says he needs proof that less than 5% of Twitter's users are bots — or the deal isn't going ahead.

Keep Reading Show less
Jamie Condliffe

Jamie Condliffe ( @jme_c) is the executive editor at Protocol, based in London. Prior to joining Protocol in 2019, he worked on the business desk at The New York Times, where he edited the DealBook newsletter and wrote Bits, the weekly tech newsletter. He has previously worked at MIT Technology Review, Gizmodo, and New Scientist, and has held lectureships at the University of Oxford and Imperial College London. He also holds a doctorate in engineering from the University of Oxford.

Policy

Nobody will help Big Tech prevent online terrorism but itself

There’s no will in Congress or the C-suites of social media giants for a new approach, but smaller platforms would have room to step up — if they decided to.

Timothy Kujawski of Buffalo lights candles at a makeshift memorial as people gather at the scene of a mass shooting at Tops Friendly Market at Jefferson Avenue and Riley Street on Sunday, May 15, 2022 in Buffalo, NY. The fatal shooting of 10 people at a grocery store in a historically Black neighborhood of Buffalo by a young white gunman is being investigated as a hate crime and an act of racially motivated violent extremism, according to federal officials.

Photo: Kent Nishimura / Los Angeles Times via Getty Images

The shooting in Buffalo, New York, that killed 10 people over the weekend has put the spotlight back on social media companies. Some of the attack was livestreamed, beginning on Amazon-owned Twitch, and the alleged shooter appears to have written about how his racist motivations arose from misinformation on smaller or fringe sites including 4chan.

In response, policymakers are directing their anger at tech platforms, with New York Governor Kathy Hochul calling for the companies to be “more vigilant in monitoring” and for “a legal responsibility to ensure that such hate cannot populate these sites.”

Keep Reading Show less
Ben Brody

Ben Brody (@ BenBrodyDC) is a senior reporter at Protocol focusing on how Congress, courts and agencies affect the online world we live in. He formerly covered tech policy and lobbying (including antitrust, Section 230 and privacy) at Bloomberg News, where he previously reported on the influence industry, government ethics and the 2016 presidential election. Before that, Ben covered business news at CNNMoney and AdAge, and all manner of stories in and around New York. He still loves appearing on the New York news radio he grew up with.

We're answering all your questions about the crypto crash.

Photo: Chris Liverani/Unsplash

People started talking about another crypto winter in January, when falling prices had wiped out $1 trillion in value from November’s peak. Prices rallied back in March, restoring some of the losses. Then crypto fell hard again, with bitcoin down more than 60% from its all-time high and other cryptocurrencies harder hit. The market’s message was clear: Crypto winter was no longer coming. It’s here.

If you’ve got questions about the crypto crash, the Protocol Fintech team has answers.

Keep Reading Show less
Latest Stories
Bulletins