Amsterdam, City of Privacy Bridges?

By Peter Schaar, chairman of the EAID, former German Federal Commissioner for Data Protection and Freedom of Information (2003-2013)

Amsterdam is a city of famous bridges. These days Amsterdam as well might become the city of privacy bridges. The Dutch data protection authority has been hosting the 37th International Privacy Conference. Almost 100 Privacy Commissioners and Data Protection Authorities from more than 60 countries have convened in Amsterdam from the 26th to 29th of October 2015. Last week the University of Amsterdam organized the Amsterdam Privacy Conference with a lot of distinguished lecturers, most of them with a high academic profile, and numerous interesting sessions.

The first part of the conference is limited to the representatives of data protection authorities. They are dealing with different issues, like the protection of genetic data, the oversight upon law-enforcement authorities and intelligence services and trans border co-operation in the field of data protection. I cannot report on the internal discussions, because I am not belonging anymore to this exclusive circle. So we have to wait for statements of the hosting Dutch authority and the Executive Committee of the conference on resolutions and other results.

The public part of the conference, starting this Wednesday has the motto “building bridges”. The discussions shall be focused on the results of the “Privacy Bridges” project, which was initiated by the chairman of the Dutch DPA Jacob Kohnstam. The project, that was jointly organized by the University of Amsterdam and the MIT, recently has published it’s results. The project’s mission was to identify ways to overcome the gap between the US and the European Union on the field of data protection and privacy without changing the respective legal systems. I joined the project on invitation of Jacob Kohnstam although I was aware that the project’s mission could be misunderstood as a simple interoperability approach, as it has been fostered by the US administration. From the beginning I and other members of the project clarified that we see a pressing need for legal changes, in particular after Edward Snowden’s revelation on global surveillance. But we accepted that these changes not have been subject to the project focused on practical improvements.

Wikipedia defines a bridge as „a structure built to span physical obstacles such as a body of water, valley, or road, for the purpose of providing passage over the obstacle”. The privacy bridges project has not been dealing with such physical obstacles but with legal and practical problems in the field of processing and transferring personal information between the EU and the US. Bridge building requires a more or less equal levels of grounds on both sides. Without meeting this requirement bridges might break down and even umbrellas could not prevent users from becoming wet.

Without adequate levels of data protection on both sides, in the US as well as in Europe, privacy bridges might be unstable and will not function. This must be emphasized in particular after the ruling of the Court of Justice of the European Union (CJEU) of 6th of October 2015 on the “Safe Harbour” arrangement.

Nevertheless the project identified several “bridges” which may help to improve the protection of individuals who’s data are subject to transfers between the EU and the US. Some of the bridges are more technical, as the proposed standards for de-identification of personal data. Others are organizational, like the proposed “bridge” of a closer and more structured co-operation between the oversight authorities . Some bridges refer to best practice approaches, as for user access to personal data or improved complaint handling.

Although legal changes were outside of the project’s scope, the bridges identified might contribute to a better understanding that there is a need to improve safeguards and guarantees for personal data transferred internationally. Bridges are necessary to enable the passage over obstacles. But they will be used only if the passengers using them could be sure, that their rights are respected and protected on the other side.

Verwandte Beiträge:

  • Internationale Datenschutzkonferenz fordert “neue Metrik” im Datenschutz

    Die Vertreter von Datenschutzbehörden aus aller Welt haben sich bei ihrer 38. Konferenz in Marokko mit Fragen der Künstlichen Intelligenz, des “social roboting” und der Kryptographie befasst. Sie beschlossen Entschließungen zur Messung des Datenschutzniveaus, zur digitalen Bildung, zur Bedeutung der Menschenrechte und zur grenzüberschreitenden  Kooperation der Datenschutzbehörden. Alle Ergebnisse sind abrufbar...

  • America First: Datenschutz nur noch für (US-)Inländer

    Die amerikanischen Technologie-Giganten Google, Facebook, Microsoft, Twitter und Amazon  werden womöglich die ersten Opfer der von Präsident Trump verfolgten „America First“- Politik sein. Trump unterzeichnete  am 25. Januar  2017 die Anordnung (Executive Order)  zur Verbesserung der öffentlichen Sicherheit. Schon jetzt ist deutlich, dass die Politik der Trump-Administration  einem gemeinsamen Datenschutz-Verständnis ...

  • Doppelschlag beim Europäischen Datenschutz

    Europäisches Parlament beschließt Datenschutzreform – „Privacy Shield“ fällt bei Datenschützern durch Um Europa ist es derzeit nicht besonders gut bestellt – so kann man es in den letzten Monaten fast täglich in der Presse lesen. Allerdings gibt es einen Bereich, für den dies derzeit nicht gilt: Den Schutz personenbezogener Daten....

Schreibe einen Kommentar