No Safe Harbour for Personal Data - Essay Example

Personal Data Name Course Name and Code Date Introduction Technology continues to influence the human and business requirements. Voluminous amounts of personal data are collected, stored, accessed and used by different entities. The information can be shared with the third party or transferred to the third party due to numerous reasons. The collection, sharing and using the personal data would continue with an increase in sophistication of technology. With such a trend, individuals continue to realize threats to their personal data and determine whether the individuals will continue transiting the organizations that store or have access to the information. For example, the presence of social media and mobile telephony has provided avenues in which voluminous information is generated and shared. However, concerns have been raised because some countries such as United States of America (US) have employed mass surveillance to collect information, and also created legislations that require third party organizations to share the information. The paper discusses personal data based on two legislations: one in the US and the other in the European Union, addressing the concerns raised, consequences of one of the court case, and application of personal data legislation implementation requirements. The two Court Cases Concerns Privacy concerns are raised in both court cases. In the “Safe Harbor” case, violations of fundamental rights are raised after the exposure of the mass surveillance by the US government (Court of Justice of the European Union Judgment (CJEUJ), 2015). According to the European Court of Justice, the legal direction of Safe Harbor is appropriate in doing business, but the requirements may not be used to abuse the rights of individuals (Chen and Zhao, 2012). Personal privacy is important and should be protected. The Microsoft case also raises the concerns and abuse of personal information. However, in the case of Microsoft, the aspect of criminality is raised before the data sought belongs to an individual accused of drug trafficking. According to Fears et al. (2014), provision of the data would aid with judiciary procedures, but the data may not be used exclusively for the legal matter since the US agencies may abuse the data: e.g. use for other issues beyond the legal issue. In addition, it lays precedence for other similar cases or issues, and clarifying the aspects of fundamentals of rights and human rights should take precedent before discussing the merits and demerits of the data relative to the judicial matter. The jurisdiction and extraterritorial nature of legal systems, and definition and application of the legal systems are raised (European Commission, 2015). For example, US have clear direction and approaches in which information can be accessed and used (Fears et al. 2014). However, the personal rights and permissions should be requested. However, the legislations in the US cannot apply in international countries, or regions such as the European Union. The important reason raised is whether the legal framework in the US applies in scenarios that information is stored in a different country (Alexander, 2015). It is clear that the US cannot enforce any legislation because different regions have different legislations when it comes to personal data. Before making any decision, it is important to note that the requirement is championing and protecting personal information (Alexander, 2015). Individual rights are fundamental and seeking consent is also important. The request for personal data should be clarified, and protection of personal rights and fundamental rights should be encouraged. Acquisti, John, and Loewenstein (2013) argue that even if the US has frameworks and structures of protecting the data, the mass surveillance reported discredits this view. Information from social media and telephony have been collected and used by the US without the consent of the owners of the data. Such scenarios create additional challenges when it comes to the requests to provide information for private partners. Arguments For and Against Data Protection In both cases, jurisdiction and safety of the data are raised. In the Microsoft case, the parties presented different arguments in accessing and using information stored overseas. Stored Communications Act and Electronic Communications Privacy Act (ECPA) provides legal mechanisms to collect or provide information stored in government entities provided directions are sought from the courts (Langheinrich, 2012). However, the framework is premised on the statutory definition because the laws were created in the US and the US institutions have to implement (Casali, 2014). The Microsoft lawyers argue bilateral law enforcement play a crucial role rather than viewing the issue from the US perspective. The government perspective was about disclosure and not storage (CJEUJ, 2015). The information would be disclosed to the US government agencies in the US even though the information is stored in another country (Acquisti, John, and Loewenstein, 2013). Furthermore, the government view was that there were enough structures and legal framework to protect the information and safeguard the data against abuse. In the Maximillian Schrems v Data Protection Commissioner, it raises concerns about fundamental rights and safeguarding the use of personal data (European Commission, 2015). The Schrems’ perspective is that the US continues to abuse information through mass surveillance. However, the view of the opponents is that there are enough structures including the Safe Harbor component to protect the movement of information, and use of the information. In addition, the entity (US agency) seeking for the data had internal mechanisms to safeguard the data. The debate on the movement of information and access to the information raises important questions. Since the complaints are the manner of use of information, involvement and collecting views from different stakeholders would improve the understanding of sharing information through effective structures. Reasons exist why Schrems does not want to share data with US agency and requesting for these reasons would enable appropriate measures to be introduced to encourage effective communication and sharing processes. Consequences of the Two Court Cases In both cases, the US would be affected immensely if the cases are ruled in favor of the defendants and entities requesting for clarification (Schrems) (CJEUJ, 2015). The Microsoft case will prevent the drug dealer from legal litigation because the US agencies will lack appropriate information (Fuster, 2013). Moreover, continuous sharing of information and seeking information from private partners will become more challenging. In short, the US business cannot create a conducive environment to assist the US espionage efforts. In seeking information from the private partners, US still have mechanisms to access the information (Tene and Polonetsky, 2012). The information can be transferred from EU to US through reviewing data transfer legislations and approaching each case individually (European Commission, 2015). For example, ‘safe harbor’ can be seen as a blanket approach of collecting information and addressing each case individually would strengthen the understanding when it comes to personal data. If Microsoft loses the case, Microsoft will be forced to produce the personal data. It raises further concerns on the private partners because consumers/individuals will be afraid of providing personal data because security agencies will use the data (Tene and Polonetsky, 2012). The regions in which the businesses are located with create additional legal frameworks inhibiting the effectiveness of the organizations when it comes to personal data (European Commission, 2015). For example, Ireland will create additional legislations limiting the movement of information or even local private partners would benefit because these partners will use the transfer of data as a marketing strategy (Tene and Polonetsky, 2012). Hence, more individuals will prefer local private partners in providing personal data. Opinion on Precedence on Personal Data Legal Perspective Globalization and internationalization of business enable businesses to operate in different jurisdiction areas. However, each of the regions has structures and processes when it comes to doing business. For example, Microsoft operates from the US but has numerous branches and partner companies across the world. It means that the individuals using the services of Microsoft should be owners of the information, and the nationality of the individuals should play an important role when it comes to legislation. The nationality of the person should take precedence (European Commission, 2015). Statutory jurisdictions and bilateral engagements have defined approaches to addressing a civil and criminal matter. In the case of Schrems, the European Union has the right to determine the use of the data and sharing of the information (Charter of Fundamental Rights). The US agencies are required to engage with the EU agencies before sharing the information (Cate and Mayer-Schönberger, 2013). Through such an approach, fundamental rights and personal privacy are encouraged through effective legislative framework and cooperation among the different stakeholders (de Montjoye et al., 2012). The strategy of embracing the nationality of the person is to prevent each country creating legislation, which would create additional challenges during implementation (CJEUJ, 2015). For example, Electronic Communications Privacy Act (ECPA) was created by the US, and if US use the legislation to collect information on another country, the country will be forced to create similar legislations. However, requesting assistance from the country of an individual would prevent the occurrence of the challenges (Directive 95/46/EC 1995). In legal perspective and statutory jurisdictions, sharing of information and implementation of legal directives can be based on collaboration, which is within international jurisprudence (Ahmed and Chander, 2015). The Microsoft Company is registered in the US but has branches in the world (Alexander, 2015). Microsoft Company can be engaged and extraterritorial legislations employed in accessing information from Dublin; assumptions are that the personal data belongs to a US citizen. Conclusion Personal data is crucial and individuals usually provide the data without knowing or acknowledging the extent of use of the data. Some of the private organizations may sale the data while government security agencies may require these private partners to provide data of an individual. It raises legal and jurisdiction complications. For example, the Microsoft Case and the safe harbor complications incorporate the extent in which government security agencies may require private partners to provide information since the private partners operate in the US; thus, have to follow the US legislations. However, the cases raise extraterritorial legal complications because the information is stored in the different legislative entity. The solution to these problems is creating a legal framework in which data can be shared between the two entities. Furthermore, reviewing the engagement between the entities would allow smooth transaction of the data. The case of mass surveillance, however, has raised numerous concerns about personal data and clarification of the mass surveillance including assurance and restitution can address complications associated with personal data. References Acquisti, A., John, L.K. and Loewenstein, G., 2013. What is privacy worth?. The Journal of Legal Studies, 42(2), pp. 249-274. Ahmed, U. and Chander, A., 2015, February. Information Goes Global: Protecting Privacy, Security, and the New Economy in a World of Cross-Border Data Flows. In E15Initiative. Geneva: International Centre for Trade and Sustainable Development (ICTSD) and World Economic Forum. Alexander Ely: Second Circuit Oral Argument in the Microsoft-Ireland Case: An Overview. https://www.lawfareblog.com/second-circuit-oral-argument-microsoft-ireland-case-overview 10 September 2015 (accessed 20 February 2016) Casali, P.G., 2014. Risks of the new EU data protection regulation: an ESMO position paper endorsed by the European oncology community. Annals of Oncology, 25(8), pp.1458-1461. Cate, F.H. and Mayer-Schönberger, V., 2013. Notice and consent in a world of Big Data. International Data Privacy Law, 3(2), pp. 67-73. Charter of Fundamental Rights of the European Union Full text available at http://www.europarl.europa.eu/charter/pdf/text_en.pdf Chen, D. and Zhao, H., 2012, March. Data security and privacy protection issues in cloud computing. In Computer Science and Electronics Engineering (ICCSEE), 2012 International Conference on (Vol. 1, pp. 647-651). IEEE. Court of Justice of the European Union Judgment in Case C-362/14 Maximillian Schrems v Data Protection Commissioner Press Release available at http://curia.europa.eu/jcms/upload/docs/application/pdf/2011-11/cp110126en.pdf Full text available at http://curia.europa.eu/juris/liste.jsf?language=en&num=C-362/14# (accessed 20 February 2016) de Montjoye, Y.A., Wang, S.S., Pentland, A., Anh, D.T.T. and Datta, A., 2012. On the Trusted Use of Large-Scale Personal Data. IEEE Data Eng. Bull., 35(4), pp.5-8. Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:31995L0046:en:HTML (accessed 20 February 2016) European Commission, European Council and European Parliament Agreement on EU data protection reform Press Release available at http://ec.europa.eu/justice/newsroom/data-protection/news/151221_en.htm (accessed 20 February 2016) Fears, R., Brand, H., Frackowiak, R., Pastoret, P.P., Souhami, R. and Thompson, B., 2014. Data protection regulation and the promotion of health research: getting the balance right. QJM, 107(1), pp.3-5. Fuster, G.G., 2013. Security and the future of personal data protection in the European Union. Security and Human Rights, 23(4), pp.331-342. Langheinrich, M., 2012. Privacy in ubiquitous computing. Chapman & Hall Crc. Tene, O. and Polonetsky, J., 2012. Privacy in the age of big data: a time for big decisions. Stanford Law Review Online, 64, p.63. Read More