2016-02-02 19:51 GMT+01:00 Stefano Quintarelli <stefano@quintarelli.it>:

non riesco a capire bene cosa lamenti edri

probabilmente hanno piu' info di quante siano pubbliche

On 02/02/2016 19:33, Alberto Cammozzo wrote:

Il primo commento di EDRI è negativo:

<https://edri.org/european-commission-defence-of-european-rights-sinks-in-unsafe-harbour/>

Following the decision of the European Court of Justice to overturn the
EU/US “Safe Harbor” Agreement last year, EU/US negotiations have been
ongoing to reach a new deal, which would facilitate transfer of data
across the Atlantic. Having failed to reach an agreement before 1
February, the European Commission today announced plans to back down
from defending the European Court’s ruling and to accept a new badly
flawed arrangement.

The emperor is trying on a new set of clothes. Today’s announcement
means that European citizens and businesses on both sides of the
Atlantic face an extended period of uncertainty while waiting for this
new stop-gap solution to fail.
said Joe McNamee, Executive Director of European Digital Rights.

Among the proposals are an “exchange of letters” to permit Europe to
receive assurances from the outgoing US President that non-US data will
be processed in ways that are strictly necessary and proportionate –
i.e. not subject to mass surveillance.

The new arrangement will rely on additional legal instruments, which are
also likely to fail to achieve their intended goals. At a meeting in the
European Parliament last night, Commissioner Jourová was asked
repeatedly for her views on flaws in the crucial Judicial Redress Act
and the EU/US Umbrella Agreement. She refused to address either problem.

Parliamentarians from across the political spectrum last night
repeatedly accused the United States of not taking the negotiations
seriously. Seeing fatal problems being built into the Judicial Redress
Act, seeing the adoption of the secret data-sharing provisions in the
Magicsecurity Act and seeing the lack of any meaningful reforms on the
US side, it is hard to disagree.

On 02/02/2016 19:05, Stefano Quintarelli wrote:

On 02/02/2016 18:52, Alessandro Mantelero wrote:

che si sia giunti ad un accordo è positivo per varie ragioni, occorrerà
ora vedere come questo si declini nei dettagli ed eventuali reazioni dei
Garanti.

In generale, pare emergere un quadro di maggiori tutele rispetto al SH e
questo è un buon risultato per l'UE, che è riuscita a mantenere una
posizione di tutela sul tema dei dati.
Personalmente temo che il modello EU sia meno forte di come appare, ma,
come mi faceva notare Marc Rotenberg qualche giorno fa, ha comunque
avuto il grande merito di innalzare il livello globale di tutela e il
nuovo accordo conferma questo indirizzo evolutivo..

il che confermerebbe che la UE conta, su un tavolo assai strategico

AM

On Tue, 2 Feb 2016 18:45:00 +0100
Stefano Quintarelli <stefano@quintarelli.it> wrote:

per come e' scritto il CS, mi sembrerebbe un buon risultato.

On 02/02/2016 18:29, Alessandro Mantelero wrote:

European Commission - Press release
EU Commission and United States agree on new framework for
transatlantic
data flows: EU-US Privacy Shield

Strasbourg, 2 February 2016

The European Commission and the United States have agreed on a new
framework for transatlantic data flows: the EU-US Privacy Shield.

Today, the College of Commissioners approved the political agreement
reached and has mandated Vice-President Ansip and Commissioner Jourová
to prepare the necessary steps to put in place the new arrangement.
This
new framework will protect the fundamental rights of Europeans where
their data is transferred to the United States and ensure legal
certainty for businesses.

The EU-US Privacy Shield reflects the requirements set out by the
European Court of Justice in its ruling on 6 October 2015, which
declared the old Safe Harbour framework invalid. The new arrangement
will provide stronger obligations on companies in the U.S. to protect
the personal data of Europeans and stronger monitoring and enforcement
by the U.S. Department of Commerce and Federal Trade Commission (FTC),
including through increased cooperation with European Data Protection
Authorities. The new arrangement includes commitments by the U.S. that
possibilities under U.S. law for public authorities to access personal
data transferred under the new arrangement will be subject to clear
conditions, limitations and oversight, preventing generalised access.
Europeans will have the possibility to raise any enquiry or
complaint in
this context with a dedicated new Ombudsperson.

Vice-President Ansip said: "We have agreed on a new strong
framework on
data flows with the US. Our people can be sure that their personal
data
is fully protected. Our businesses, especially the smallest ones, have
the legal certainty they need to develop their activities across the
Atlantic. We have a duty to check and we will closely monitor the new
arrangement to make sure it keeps delivering. Today's decision
helps us
build a Digital Single Market in the EU, a trusted and dynamic online
environment; it further strengthens our close partnership with the US.
We will work now to put it in place as soon as possible."

Commissioner Jourová said: "The new EU-US Privacy Shield will protect
the fundamental rights of Europeans when their personal data is
transferred to U.S. companies. For the first time ever, the United
States has given the EU binding assurances that the access of public
authorities for national security purposes will be subject to clear
limitations, safeguards and oversight mechanisms. Also for the first
time, EU citizens will benefit from redress mechanisms in this
area. In
the context of the negotiations for this agreement, the US has assured
that it does not conduct mass or indiscriminate surveillance of
Europeans. We have established an annual joint review in order to
closely monitor the implementation of these commitments."

The new arrangement will include the following elements:

Strong obligations on companies handling Europeans' personal data
and robust enforcement: U.S. companies wishing to import personal data
from Europe will need to commit to robust obligations on how personal
data is processed and individual rights are guaranteed. The Department
of Commerce will monitor that companies publish their commitments,
which
makes them enforceable under U.S. law by the US. Federal Trade
Commission. In addition, any company handling human resources data
from
Europe has to commit to comply with decisions by European DPAs.

Clear safeguards and transparency obligations on U.S. government
access: For the first time, the US has given the EU written assurances
that the access of public authorities for law enforcement and national
security will be subject to clear limitations, safeguards and
oversight
mechanisms. These exceptions must be used only to the extent necessary
and proportionate. The U.S. has ruled out indiscriminate mass
surveillance on the personal data transferred to the US under the new
arrangement. To regularly monitor the functioning of the arrangement
there will be an annual joint review, which will also include the
issue
of national security access. The European Commission and the U.S.
Department of Commerce will conduct the review and invite national
intelligence experts from the U.S. and European Data Protection
Authorities to it.

Effective protection of EU citizens' rights with several redress
possibilities: Any citizen who considers that their data has been
misused under the new arrangement will have several redress
possibilities. Companies have deadlines to reply to complaints.
European
DPAs can refer complaints to the Department of Commerce and the
Federal
Trade Commission. In addition, Alternative Dispute resolution will be
free of charge. For complaints on possible access by national
intelligence authorities, a new Ombudsperson will be created.

Next steps

The College has today mandated Vice-President Ansip and Commissioner
Jourová to prepare a draft "adequacy decision" in the coming weeks,
which could then be adopted by the College after obtaining the
advice of
the Article 29 Working Party and after consulting a committee composed
of representatives of the Member States. In the meantime, the U.S.
side
will make the necessary preparations to put in place the new
framework,
monitoring mechanisms and new Ombudsman.

Background

On 6 October, the Court of Justice declared in the Schrems case that
Commission’s Decision on the Safe Harbour arrangement was invalid. The
judgment confirmed the Commission's approach since November 2013 to
review the Safe Harbour arrangement, to ensure in practice a
sufficient
level of data protection as required by EU law.

On 15 October, Vice-President Ansip, Commissioners Oettinger and
Jourová
met business and industry representatives who asked for a clear and
uniform interpretation of the ruling, as well as more clarity on the
instruments they could use to transfer data.

On 16 October, the 28 national data protection authorities (Article 29
Working Party) issued a statement on the consequences of the judgment.

On 6 November, the Commission issued guidance for companies on the
possibilities of transatlantic data transfers following the ruling
until
a new framework is put in place.

On 2 December, the College of Commissioners discussed the progress of
the negotiations. Commissioner Jourová received a mandate to pursue
the
negotiations on a renewed and safe framework with the US.

--
Prof. Avv. Alessandro Mantelero
Politecnico di Torino

Nexa Center for Internet and Society | Director of Privacy
Politecnico di Torino–Tongji University| Coordinator, Double Degree
program in Management and IP Law
Nanjing University of Information Science and Technology | Part-time
Expert, School of Public Administration
European Data Protection Law Review | Associate Editor

http://staff.polito.it/alessandro.mantelero

EMAIL POLICY: twice a day (Mon-Fri)
_______________________________________________
nexa mailing list
nexa@server-nexa.polito.it
https://server-nexa.polito.it/cgi-bin/mailman/listinfo/nexa

-----
Nessun virus nel messaggio.
Controllato da AVG - www.avg.com
Versione: 2016.0.7357 / Database dei virus: 4522/11539 - Data di
rilascio: 02/02/2016

--
Prof. Avv. Alessandro Mantelero
Politecnico di Torino

Nexa Center for Internet and Society | Director of Privacy
Politecnico di Torino–Tongji University| Coordinator, Double Degree
program in Management and IP Law
Nanjing University of Information Science and Technology | Part-time
Expert, School of Public Administration
European Data Protection Law Review | Associate Editor

http://staff.polito.it/alessandro.mantelero

EMAIL POLICY: twice a day (Mon-Fri)

-----
Nessun virus nel messaggio.
Controllato da AVG - www.avg.com
Versione: 2016.0.7357 / Database dei virus: 4522/11539 - Data di
rilascio: 02/02/2016

_______________________________________________
nexa mailing list
nexa@server-nexa.polito.it
https://server-nexa.polito.it/cgi-bin/mailman/listinfo/nexa

_______________________________________________
nexa mailing list
nexa@server-nexa.polito.it
https://server-nexa.polito.it/cgi-bin/mailman/listinfo/nexa

-----
Nessun virus nel messaggio.
Controllato da AVG - www.avg.com
Versione: 2016.0.7357 / Database dei virus: 4522/11539 - Data di
rilascio: 02/02/2016

_______________________________________________
nexa mailing list
nexa@server-nexa.polito.it
https://server-nexa.polito.it/cgi-bin/mailman/listinfo/nexa