The context and possible implications of Advocate General Henrik Saugmandsgaard Øe’s opinion in Data Protection Commissions v. Facebook Ireland.
Latest in European Court of Justice (ECJ)
The European Court of Justice (ECJ) recently ruled that European Union (EU) member nations no longer have the right to deport a refugee for committing a serious crime, as long as the refugee can prove that returning to the home country would threaten his or her life. In the case of M and Others v.
Although it is a close call, the decision of the Court of Justice of the European Union (CJEU) in Schrems v. Data Protection Commissioner may turn out to be the most important consequence of the Snowden revelations. The CJEU invoked fears of NSA surveillance to strike down the safe harbor agreement that makes it easy for American companies to transfer personal information of Europeans to the United States.
Many of us on this side of the Atlantic have believed for a long time that citizens’ data is protected as well or better from government access in the United States than it is in Europe, notwithstanding the extraordinary and emotional contrary narrative spurred by the Snowden revelations. Europeans nevertheless continue to challenge U.S. procedures for protecting information. In at least one respect, their position has merit: European citizens have heretofore had no standing to challenge alleged abuse of their data in this country. It appears that may be about to change.
As I explained in my last post, American constitutional law requires that plaintiffs show they have been the subject of surveillance in order to establish standing to challenge intelligence programs in court. The intelligence community sees a narrow standing requirement of Article III as a feature of the United States Constitution. Human rights lawyers regard it as a bug.
Are Russian hacker-spies a bunch of lethargic government drones more interested in smash-and-grabs than stealth? That’s one of the questions we pose to Mikko Hypponen in episode 86 (right after we ask about how to pronounce his name; turns out, that’s harder than you think). Mikko is the Chief Research Officer at F-Secure and a long-time expert in computer security who has spoken and consulted around the world for over 20 years.
Want to see cyber attribution and deterrence in action? In August, a hacker pulled the names of US military personnel and others out of a corporate network and passed them to ISIL. British jihadist Junaid Hussain exulted when ISIL released the names. “They have us on their ‘hit list,’ and we have them on ours too…,” he tweeted. On the whole, I’d rather be on theirs.
“I could tell you, but then I’d have to kill you” best explains why it is difficult to provide meaningful redress for targets of intelligence surveillance. How can anyone challenge surveillance programs when there is no way to know who is a target – and we would very much like to keep it that way?
For years, European officials have been asking for the United States to make available to citizens of the European Union some form of redress for privacy harms. To address this concern, one idea has been to amend the Privacy Act to allow foreign citizens the right to challenge how the US government handles their data. Officials in the US and Europe share an interest in pretending this proposal would do something for EU citizens who fear surveillance by the NSA. We should drop the pretense: the Privacy Act does nothing to provide meaningful redress for NSA targets.
In episode 84 our guest is Jack Goldsmith, Professor at Harvard Law School, a Senior Fellow at the Hoover Institution at Stanford University, and co-founder of the Lawfare blog. Before coming to Harvard, he served as Assistant Attorney General, Office of Legal Counsel and as Special Counsel to the Department of Defense.