non riesco a capire bene cosa lamenti edri probabilmente hanno piu' info di quante siano pubbliche On 02/02/2016 19:33, Alberto Cammozzo wrote:
Il primo commento di EDRI è negativo:
<https://edri.org/european-commission-defence-of-european-rights-sinks-in-uns...>
Following the decision of the European Court of Justice to overturn the EU/US “Safe Harbor” Agreement last year, EU/US negotiations have been ongoing to reach a new deal, which would facilitate transfer of data across the Atlantic. Having failed to reach an agreement before 1 February, the European Commission today announced plans to back down from defending the European Court’s ruling and to accept a new badly flawed arrangement.
The emperor is trying on a new set of clothes. Today’s announcement means that European citizens and businesses on both sides of the Atlantic face an extended period of uncertainty while waiting for this new stop-gap solution to fail. said Joe McNamee, Executive Director of European Digital Rights.
Among the proposals are an “exchange of letters” to permit Europe to receive assurances from the outgoing US President that non-US data will be processed in ways that are strictly necessary and proportionate – i.e. not subject to mass surveillance.
The new arrangement will rely on additional legal instruments, which are also likely to fail to achieve their intended goals. At a meeting in the European Parliament last night, Commissioner Jourová was asked repeatedly for her views on flaws in the crucial Judicial Redress Act and the EU/US Umbrella Agreement. She refused to address either problem.
Parliamentarians from across the political spectrum last night repeatedly accused the United States of not taking the negotiations seriously. Seeing fatal problems being built into the Judicial Redress Act, seeing the adoption of the secret data-sharing provisions in the Magicsecurity Act and seeing the lack of any meaningful reforms on the US side, it is hard to disagree.
On 02/02/2016 19:05, Stefano Quintarelli wrote:
On 02/02/2016 18:52, Alessandro Mantelero wrote:
che si sia giunti ad un accordo è positivo per varie ragioni, occorrerà ora vedere come questo si declini nei dettagli ed eventuali reazioni dei Garanti.
In generale, pare emergere un quadro di maggiori tutele rispetto al SH e questo è un buon risultato per l'UE, che è riuscita a mantenere una posizione di tutela sul tema dei dati. Personalmente temo che il modello EU sia meno forte di come appare, ma, come mi faceva notare Marc Rotenberg qualche giorno fa, ha comunque avuto il grande merito di innalzare il livello globale di tutela e il nuovo accordo conferma questo indirizzo evolutivo..
il che confermerebbe che la UE conta, su un tavolo assai strategico
AM
On Tue, 2 Feb 2016 18:45:00 +0100 Stefano Quintarelli <stefano@quintarelli.it> wrote:
per come e' scritto il CS, mi sembrerebbe un buon risultato.
On 02/02/2016 18:29, Alessandro Mantelero wrote:
European Commission - Press release EU Commission and United States agree on new framework for transatlantic data flows: EU-US Privacy Shield
Strasbourg, 2 February 2016
The European Commission and the United States have agreed on a new framework for transatlantic data flows: the EU-US Privacy Shield.
Today, the College of Commissioners approved the political agreement reached and has mandated Vice-President Ansip and Commissioner Jourová to prepare the necessary steps to put in place the new arrangement. This new framework will protect the fundamental rights of Europeans where their data is transferred to the United States and ensure legal certainty for businesses.
The EU-US Privacy Shield reflects the requirements set out by the European Court of Justice in its ruling on 6 October 2015, which declared the old Safe Harbour framework invalid. The new arrangement will provide stronger obligations on companies in the U.S. to protect the personal data of Europeans and stronger monitoring and enforcement by the U.S. Department of Commerce and Federal Trade Commission (FTC), including through increased cooperation with European Data Protection Authorities. The new arrangement includes commitments by the U.S. that possibilities under U.S. law for public authorities to access personal data transferred under the new arrangement will be subject to clear conditions, limitations and oversight, preventing generalised access. Europeans will have the possibility to raise any enquiry or complaint in this context with a dedicated new Ombudsperson.
Vice-President Ansip said: "We have agreed on a new strong framework on data flows with the US. Our people can be sure that their personal data is fully protected. Our businesses, especially the smallest ones, have the legal certainty they need to develop their activities across the Atlantic. We have a duty to check and we will closely monitor the new arrangement to make sure it keeps delivering. Today's decision helps us build a Digital Single Market in the EU, a trusted and dynamic online environment; it further strengthens our close partnership with the US. We will work now to put it in place as soon as possible."
Commissioner Jourová said: "The new EU-US Privacy Shield will protect the fundamental rights of Europeans when their personal data is transferred to U.S. companies. For the first time ever, the United States has given the EU binding assurances that the access of public authorities for national security purposes will be subject to clear limitations, safeguards and oversight mechanisms. Also for the first time, EU citizens will benefit from redress mechanisms in this area. In the context of the negotiations for this agreement, the US has assured that it does not conduct mass or indiscriminate surveillance of Europeans. We have established an annual joint review in order to closely monitor the implementation of these commitments."
The new arrangement will include the following elements:
Strong obligations on companies handling Europeans' personal data and robust enforcement: U.S. companies wishing to import personal data from Europe will need to commit to robust obligations on how personal data is processed and individual rights are guaranteed. The Department of Commerce will monitor that companies publish their commitments, which makes them enforceable under U.S. law by the US. Federal Trade Commission. In addition, any company handling human resources data from Europe has to commit to comply with decisions by European DPAs.
Clear safeguards and transparency obligations on U.S. government access: For the first time, the US has given the EU written assurances that the access of public authorities for law enforcement and national security will be subject to clear limitations, safeguards and oversight mechanisms. These exceptions must be used only to the extent necessary and proportionate. The U.S. has ruled out indiscriminate mass surveillance on the personal data transferred to the US under the new arrangement. To regularly monitor the functioning of the arrangement there will be an annual joint review, which will also include the issue of national security access. The European Commission and the U.S. Department of Commerce will conduct the review and invite national intelligence experts from the U.S. and European Data Protection Authorities to it.
Effective protection of EU citizens' rights with several redress possibilities: Any citizen who considers that their data has been misused under the new arrangement will have several redress possibilities. Companies have deadlines to reply to complaints. European DPAs can refer complaints to the Department of Commerce and the Federal Trade Commission. In addition, Alternative Dispute resolution will be free of charge. For complaints on possible access by national intelligence authorities, a new Ombudsperson will be created.
Next steps
The College has today mandated Vice-President Ansip and Commissioner Jourová to prepare a draft "adequacy decision" in the coming weeks, which could then be adopted by the College after obtaining the advice of the Article 29 Working Party and after consulting a committee composed of representatives of the Member States. In the meantime, the U.S. side will make the necessary preparations to put in place the new framework, monitoring mechanisms and new Ombudsman.
Background
On 6 October, the Court of Justice declared in the Schrems case that Commission’s Decision on the Safe Harbour arrangement was invalid. The judgment confirmed the Commission's approach since November 2013 to review the Safe Harbour arrangement, to ensure in practice a sufficient level of data protection as required by EU law.
On 15 October, Vice-President Ansip, Commissioners Oettinger and Jourová met business and industry representatives who asked for a clear and uniform interpretation of the ruling, as well as more clarity on the instruments they could use to transfer data.
On 16 October, the 28 national data protection authorities (Article 29 Working Party) issued a statement on the consequences of the judgment.
On 6 November, the Commission issued guidance for companies on the possibilities of transatlantic data transfers following the ruling until a new framework is put in place.
On 2 December, the College of Commissioners discussed the progress of the negotiations. Commissioner Jourová received a mandate to pursue the negotiations on a renewed and safe framework with the US.
-- Prof. Avv. Alessandro Mantelero Politecnico di Torino
Nexa Center for Internet and Society | Director of Privacy Politecnico di Torino–Tongji University| Coordinator, Double Degree program in Management and IP Law Nanjing University of Information Science and Technology | Part-time Expert, School of Public Administration European Data Protection Law Review | Associate Editor
http://staff.polito.it/alessandro.mantelero
EMAIL POLICY: twice a day (Mon-Fri) _______________________________________________ nexa mailing list nexa@server-nexa.polito.it https://server-nexa.polito.it/cgi-bin/mailman/listinfo/nexa
----- Nessun virus nel messaggio. Controllato da AVG - www.avg.com Versione: 2016.0.7357 / Database dei virus: 4522/11539 - Data di rilascio: 02/02/2016
-- Prof. Avv. Alessandro Mantelero Politecnico di Torino
Nexa Center for Internet and Society | Director of Privacy Politecnico di Torino–Tongji University| Coordinator, Double Degree program in Management and IP Law Nanjing University of Information Science and Technology | Part-time Expert, School of Public Administration European Data Protection Law Review | Associate Editor
http://staff.polito.it/alessandro.mantelero
EMAIL POLICY: twice a day (Mon-Fri)
----- Nessun virus nel messaggio. Controllato da AVG - www.avg.com Versione: 2016.0.7357 / Database dei virus: 4522/11539 - Data di rilascio: 02/02/2016
_______________________________________________ nexa mailing list nexa@server-nexa.polito.it https://server-nexa.polito.it/cgi-bin/mailman/listinfo/nexa
_______________________________________________ nexa mailing list nexa@server-nexa.polito.it https://server-nexa.polito.it/cgi-bin/mailman/listinfo/nexa
----- Nessun virus nel messaggio. Controllato da AVG - www.avg.com Versione: 2016.0.7357 / Database dei virus: 4522/11539 - Data di rilascio: 02/02/2016