The European Commission has published its Privacy Shield decision together with a Communication. The Privacy Shield will govern the transatlantic commercial flow of personal data from Europe. The European Commission follows up of its previous Safe Harbour decision that was turned down by the European Court of Justice in its Schrems decision. The core of Privacy Shield is hidden in provision 61:
(61) In the light of the information in this section, the Commission considers that the Principles issued by the U.S. Department of Commerce as such ensure a level of protection of personal data that is essentially equivalent to the one guaranteed by the substantive basic principles laid down in Directive 95/46/EC
Earlier published drafts of the document stated “as a whole”. Unpublished Commission drafts previously unlawfully obtained by Politico.eu and made available to their paid subscribers also contain the “as such” wording.
Investment lawyer Pratyush Nath Upreti argues that investors will be able to use investor-to-state dispute settlement (ISDS) to challenge decisions of the Unified Patent Court (UPC).  Investors could for instance use a Dutch bilateral investment treaty to challenge UPC decisions. Upreti identifies Dutch investment treaties as suitable for treaty shopping and warns for more frivolous IP litigation in investor-to-state dispute settlement. This raises a question. Who would bear the litigation costs and damages awards?
ECORYS has published a draft human rights assessment (sustainability impact assessment) on the trade agreement being negotiated between the EU and the United States (TTIP). Today the Foundation for a Free Information Infrastructure (FFII) has sent an email to ECORYS noting issues regarding intellectual property rights, investor-to-state dispute settlement (ISDS / ICS), data protection, and openness. Footnotes per section, text continues after footnotes. Intellectual property rights
The word “ACTA” does not appear once in the draft report. ACTA analysis has shown that intellectual property rights enforcement may seriously threaten fundamental rights at various levels.
This is the fourth in a series of blogs on the EU-Canada trade agreement (CETA) and data protection. In earlier blogs we saw that under the CETA text Canada can give our personal data related to financial services, transfered to Canada, a lower protection than under the standard set by the Court of Justice of the EU in the Safe Harbour ruling. This is relevant as Canada is a member of the “Five Eyes”, a group of countries committed to (suspicionless) mass surveillance. We also saw that CETA does not allow data protection measures based on a higher data protection standard than agreed in CETA. Textual shortcomings especially become clear in conflict situations.
In February 2016 the European Commission and Canadian government published the final draft text of the EU – Canada trade agreement (CETA). This final draft includes an investment chapter with investor-to-state dispute settlement (ISDS). ISDS is one of the most controversial elements of proposed EU trade agreements as it gives foreign investors the right to challenge government decisions outside local courts. The ISDS section in CETA is based on the 12 November 2015 ISDS proposal for TTIP. According to Germany’s largest association of judges and public prosecutors (original in German) and the European association of judges the adjudicators would not be independent.
This is the third in a series of blogs on the EU-Canada trade agreement (CETA) and data protection. (Prior blogs: CETA and mass surveillance, CETA places itself above EU Charter of Fundamental Rights)
In this blog I will show CETA provides less data projection than the EU Charter of fundamental rights. Under CETA article 13.15 the EU has to allow cross border data transfers to Canada; the related data protection standard is not compatible with the Court of Justice of the EU (CJEU) Safe Harbour ruling. Chapter 13 Financial Services, article 13.15 Transfer and processing of information, page 103, reads:
“1. Each Party shall permit a financial institution or a cross-border financial service supplier of the other Party to transfer information in electronic or other form, into and out of its territory, for data processing if processing is required in the ordinary course of business of the financial institution or the cross-border financial service supplier.
This is the second in a series of blogs on CETA and privacy. (blog one: CETA and mass surveillance)
The draft EU-Canada trade agreement CETA contains a general exception that is supposed to be a safeguard for policy space. However, this safeguard places CETA above the Charter of Fundamental Rights of the EU. CETA final draft Chapter 28 Exceptions, article 28.3 (2), page 212, reads:
“For the purposes of Chapters Nine (Cross-Border Trade in Services), Ten (Temporary Entry and Stay of Natural Persons for Business Purposes), Twelve (Domestic Regulations), Thirteen (Financial Services), Fourteen (International Maritime Transport Services), Fifteen (Telecommunications), Sixteen (Electronic Commerce), and Sections B (Establishment of investments) and C (Non- discriminatory treatment) of Chapter Eight (Investment), subject to the requirement that such measures are not applied in a manner which would constitute a means of arbitrary or unjustifiable discrimination between the Parties where like conditions prevail, or a disguised restriction on trade in services, nothing in this Agreement shall be construed to prevent the adoption or enforcement by a Party of measures necessary:
(a) to protect public security or public morals or to maintain public order; 31
(b) to protect human, animal or plant life or health; 32 or
(c) to secure compliance with laws or regulations which are not inconsistent with the provisions of this Agreement including those relating to:
(i) the prevention of deceptive and fraudulent practices or to deal with the
effects of a default on contracts;
(ii) the protection of the privacy of individuals in relation to the processing and dissemination of personal data and the protection of confidentiality of individual records and accounts; or
(iii) safety.” (emphasis added)
Measures the EU would take to protect the public interest can go against CETA (“nothing in this Agreement”).
In February 2016 the European Commission and Canadian government published the final draft text of the EU – Canada trade agreement (CETA). Before that the Court of Justice of the EU in October 2015 invalidated the Safe Harbour framework that allowed the transfer of European citizens’ data to the United States. The Court confirmed that cross border data transfer frameworks need robust privacy safeguards. However, during the legal scrub the European Commission did not make the CETA text compatible with the Court’s Safe Harbour ruling. This incompatibility exposes our privacy to interference.