Power

Tech companies are ‘scrambling’ after the EU’s top court shot down the EU-US Privacy Shield

More than 5,000 companies rely on the shield. Now they have some work to do.

Tech companies are ‘scrambling’ after the EU’s top court shot down the EU-US Privacy Shield

A complaint filed by Austrian data protection activist Max Schrems led a top EU court to strike down the EU-US Privacy Shield.

Photo: Alex Halada/AFP via Getty Images

Tech companies across the U.S. are scrambling to figure out how they can remain in compliance with international privacy laws after Europe's highest court struck down the EU-US Privacy Shield.

In a win for privacy activists, the Court of Justice of the European Union invalidated the Privacy Shield on Thursday, saying the framework does not adequately protect European users from the U.S. government's far-reaching surveillance laws. The decision will force the 5,384 companies that currently rely on the EU-US Privacy Shield to recalibrate their privacy policies, particularly when it comes to how and why they collect data on EU users.

"Like many businesses, we are carefully considering the findings and implications of the decision of the Court of Justice in relation to the use of Privacy Shield and we look forward to regulatory guidance in this regard," Facebook lawyer Eva Nagle said in a statement.

While Facebook, Google, Amazon and Microsoft all partially rely on the EU-US Privacy Shield to transfer data on EU users, 70% of the companies that have been certified under the framework are small- to medium-size businesses, according to the Computer and Communications Industry Association. And those companies, which have fewer resources and likely don't have established servers in the EU, will likely face the greatest challenges as they seek to comply with the decision, said Omer Tene, a vice president with the International Association of Privacy Professionals.

Tene said the privacy professionals he's speaking to are "scrambling," although the decision was not shocking to those watching the case closely.

Eleven U.S.-based companies reached by Protocol on Thursday said they are reviewing the decision with their legal advisers, poring over complicated and extensive agreements and contracts to ensure their current data transfer agreements are still in compliance with the law. Several said they are waiting on further guidance from European and U.S. regulators and might have to make some changes to how they do business.

"Discord is reviewing the ECJ decision and looks forward to regulatory guidance from the European Commission and the Department of Commerce," said a spokesperson for Discord, a popular chat site with users around the world.

Dave Koslow, the chief operating officer of electronic agreements company DocSend, said "there's some work to do" for the company in the immediate term. "We'll need to review our agreements and make any adjustments necessary to accommodate the change in regulations," Koslow said.

While the court struck down the Privacy Shield, its opinion upheld "standard contractual clauses," shorter-term agreements that allow American companies to handle EU data. The court called on data authorities in Europe to ensure those clauses provide an "adequate level of protection" for EU users, which will likely lead to heightened EU scrutiny of those clauses.

Tech firms including Fitbit, Ancestry.com, Box, cloud software company Domo and Akami Technologies all said they will rely on those agreements in lieu of the EU-US Privacy Shield.

"We rely on multiple legal bases to lawfully transfer personal data around the world," said a Fitbit spokesperson. (EU regulators are currently investigating Fitbit's acquisition by Google.) "These include your consent, the EU-US and Swiss-US Privacy Shield, and EU Commission approved model contractual clauses, which require certain privacy and security protections."

Rafi Azim-Khan, the head of data privacy at Pillsbury, said the "seismic" court case is only the latest reminder for companies that privacy is now a "board-level issue."

Correction: This story was updated at 4:51 p.m. to correct where Dave Koslow works.

Protocol | Fintech

How European fintech startup N26 is preparing for U.S. regulations

"There's a lot more scrutiny being placed on fintech. We are definitely mindful of it."

In an interview with Protocol, Stephanie Balint, N26's U.S. general manager, discussed the company's approach to regulations in the U.S.

Photo: N26

N26's monster $900 million funding round announced Monday underlined the German startup's momentum in the digital banking market.

Stephanie Balint, N26's U.S. general manager, said the funding will be used for expansion and also to improve "our core offering to make this the most reliable bank that our customers can trust," she told Protocol.

Keep Reading Show less
Benjamin Pimentel

Benjamin Pimentel ( @benpimentel) covers fintech from San Francisco. He has reported on many of the biggest tech stories over the past 20 years for the San Francisco Chronicle, Dow Jones MarketWatch and Business Insider, from the dot-com crash, the rise of cloud computing, social networking and AI to the impact of the Great Recession and the COVID crisis on Silicon Valley and beyond. He can be reached at bpimentel@protocol.com or via Signal at (510)731-8429.

The way we work has fundamentally changed. COVID-19 upended business dealings and office work processes, putting into hyperdrive a move towards digital collaboration platforms that allow teams to streamline processes and communicate from anywhere. According to the International Data Corporation, the revenue for worldwide collaboration applications increased 32.9 percent from 2019 to 2020, reaching $22.6 billion; it's expected to become a $50.7 billion industry by 2025.

"While consumers and early adopter businesses had widely embraced collaborative applications prior to the pandemic, the market saw five years' worth of new users in the first six months of 2020," said Wayne Kurtzman, research director of social and collaboration at IDC. "This has cemented collaboration, at least to some extent, for every business, large and small."

Keep Reading Show less
Kate Silver

Kate Silver is an award-winning reporter and editor with 15-plus years of journalism experience. Based in Chicago, she specializes in feature and business reporting. Kate's reporting has appeared in the Washington Post, The Chicago Tribune, The Atlantic's CityLab, Atlas Obscura, The Telegraph and many other outlets.

Apple’s new MacBooks are the future — and the past

After years of reinventing the wheel, Apple's back to just building really good ones.

Apple brought back the ports.

Photo: Apple

The 2015 Pro was, by most accounts, one of the best laptops Apple ever made. It was fast and functional, and it had a great screen, a MagSafe charger, plenty of ports, a great keyboard and solid battery life. If you walked around practically any office in Silicon Valley, you'd see Pros everywhere.

Many of those users have been holding on to their increasingly old and dusty 2015 Pros, too, because right about when that computer came out was when Apple seemed to lose its way in the laptop market. It released the 12-inch MacBook, an incredibly thin and light computer that made a bunch of changes — a new keyboard and trackpad design chief among them — that eventually made their way around the rest of the MacBook lineup. Then came the Touch Bar, Apple's attempt to build an entirely new user interface into a laptop.

Keep Reading Show less
David Pierce

David Pierce ( @pierce) is Protocol's editorial director. Prior to joining Protocol, he was a columnist at The Wall Street Journal, a senior writer with Wired, and deputy editor at The Verge. He owns all the phones.

Protocol spoke to founders and tech execs who've embraced async and have tips on how to get started.

Image: Christopher T. Fong/Protocol

Imagine a company where there are no meetings — just time for deep, focused work punctuated by short conversations on Slack and project updates on Trello.

Now imagine a company where the no-meeting ethos is so ingrained that it's possible to work there for 10 years without ever speaking face-to-face with a single coworker, and for your boss to not even recognize the sound of your voice.

Keep Reading Show less
Michelle Ma
Michelle Ma (@himichellema) is a reporter at Protocol, where she writes about management, leadership and workplace issues in tech. Previously, she was a news editor of live journalism and special coverage for The Wall Street Journal. Prior to that, she worked as a staff writer at Wirecutter. She can be reached at mma@protocol.com.
Protocol | Workplace

#AppleToo activist says Apple fired her for deleting apps from her devices

Janneke Parrish says she was dismissed after deleting Robinhood, Pokemon Go and Google Drive from her work devices during an investigation inside the company.

The Apple Too movement is trying to organize Apple workers into a collective movement.
Photo: Bloomberg via Getty

Unlike most other companies, Apple asks that its employees use their work phones like personal ones — and for five years, Apple program manager Janneke Parrish did as she was told. But last week, when Apple asked Parrish for her devices in an internal investigation, she was afraid Apple would see her personal and private information. She disobeyed orders and deleted apps like Robinhood, Pokemon Go and Google Drive. Then Apple fired her.

Keep Reading Show less
Anna Kramer

Anna Kramer is a reporter at Protocol (Twitter: @ anna_c_kramer, email: akramer@protocol.com), where she writes about labor and workplace issues. Prior to joining the team, she covered tech and small business for the San Francisco Chronicle and privacy for Bloomberg Law. She is a recent graduate of Brown University, where she studied International Relations and Arabic and wrote her senior thesis about surveillance tools and technological development in the Middle East.

Latest Stories