Microsoft was found to be one of the most complicit companies identified as being part of the NSA’s PRISM spying program back in 2013, with the documents revealing wide-open access to products like Skype and Outlook.
It’s now voiced wholehearted support for the new EU-US Privacy Shield agreement that’s been designed to update data transfer rules following Ed Snowden’s revelations, but knowing its past behavior, that won’t exactly fill you with cheer.
The company has committed to the 45-day response period for individual complaints made about privacy infringements, as per the new Privacy Shield rules, as well as saying it will work closely with local Data Protection Agencies to resolve disputes.
John Frank, VP of EU Government Affairs, said:
We also welcome the obligations in the Privacy Shield for transparency about government requests of access to personal information. As a company we have advocated for greater US transparency. In 2013, Microsoft and other US tech companies successfully challenged the US Government over our constitutional right to disclose more detailed information about the Government’s demands for data.
And in 2014, we filed suit against the US Government after it attempted to force us to turn over a customer’s email stored in our Irish data center. While we continue to advocate for additional domestic legal steps in the United States, we believe that the European Commission and Department of Commerce have chosen a sensible approach in the Privacy Shield. In this area as in others, we believe the Privacy Shield represents an important step in the right direction.
It’s expected that all of the major tech companies will sign up for the new rules as their success depends on transfers of data to and from the United States.
But it’s hard to square the revelations found in the PRISM documents with Microsoft’s efforts outlined above and the motivations it’s voiced today, which sound entirely noble:
This focus on privacy reflects not just our belief in fundamental rights and the rule of law, but also our understanding that our business is ultimately built on trust. We’re entering a remarkable period in the history of technology development as cloud computing connects people around the world to advanced capabilities that have the potential to drive economic growth and address some of the world’s most pressing challenges.
But people won’t use technology that they don’t trust. Legal rules that clearly delineate individual rights, ensure transparency in how those rights are protected, and offer due process when people believe their rights have been violated. They provide a foundation for trust that is essential to realizing the full power of these new technologies to drive innovation and advance human progress.
There are already many vocal critics of the Privacy Shield legislation, demonstrating a real schism between what tech companies and bureaucrats are saying – and what privacy advocates believe is happening.
It's not a "Privacy Shield," it's an accountability shield. Never seen a policy agreement so universally criticized. https://t.co/VxXxxkIEPR
— Edward Snowden (@Snowden) February 2, 2016
— Jan Philipp Albrecht (@JanAlbrecht) February 2, 2016
Like German Green MEP Jan Albrecht, many already believe this new framework will be challenged by the European Court of Justice, the same body that struck down Safe Harbor, the previous EU-US data transfer deal.
Although it offers a range of new procedures for addressing the complaints of EU citizens, privacy campaigners dispute Privacy Shield’s power to protect our fundamental human right to privacy on the Web against the prying eyes of US spies.
We know “targeted spying” is still very much written into the Privacy Shield documentation – and we also know how easy it is to sweep up the innocent with the accused when it comes to Web surveillance.