The End of the US-EU Safe Harbor Agreement: Golden Opportunity for Bitcoin – Bitcoin News


The End of the US-EU Safe Harbor Agreement: Golden Opportunity for Bitcoin

The European Court of Justice declared the Safe Harbor agreement between the EU and the US invalid on October 6, 2015. This ruling will affect U.S. companies like Facebook, Apple, Google, Microsoft, Amazon, and thousands of others. According to this judgment, these companies may now be ordered to suspend the transfer of data from Europe to servers in the U.S.

Also Read: Adds A Dedicated Warrant Canary

EU Data Protection

court_of_justiceThe EU is strict in regards to transferring data out of Europe. In effect, EU legislation specifies that the “transfer of personal data to third countries can only be possible when the third country in question ensures an adequate level of protection.”

Given the discrepancies existing between the EU and the US regarding personal data protection “adequacy” standards, the US Department of Commerce had established the Safe Harbor program. The purpose of this program was to allow US companies to satisfy the “adequacy” requirements and allow them to transfer personal data from the EU. The EU approved the Safe Harbor program in November 2000.

So, now that the European Court of Justice has stricken down the Safe Harbor policy program because of inadequate levels of data protection, the privacy that Bitcoin and the blockchain technology afford to financial and other transactions becomes more relevant and attractive than ever. Indeed, this opens the opportunity to develop alternative Bitcoin and blockchain technology applications that could be used to enhance the adequacy of data protection.

The Judgment

Josef_Weidenholzer_-_Max_Schrems_-_19_February_2012 (1)This ruling came about as the result of a lawsuit initially brought by Mr. Maximillian Schrems to the Irish Data Protection Commissioner. Specifically, Schrems complained that Facebook Ireland Ltd. transferred the personal data of its users to the US, and kept it on servers located in that country. In his complaint, Schrems also referred to the revelations made by Edward Snowden concerning the activities of the U.S. National Security Agency (NSA). Schrems is an Austrian privacy activist and founder of the EU versus Facebook Group.

Interestingly, for the purpose of the ruling, the Court stated that “’personal data’ shall mean any information relating to an identified or identifiable natural person (“data subject”); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity.”

Immediately after the ruling was released, Edward Snowden sent Max the following Tweet: “Congratulations, @MaxSchrems. You’ve changed the world for the better.”

According to CNN, “the U.S. has backed Facebook in its battle against the European Union, accusing Europe’s top court of making ‘inaccurate assertions’ about America’s intelligence services.”


Edward_Snowden_2013-10-9_(1)For data protection purposes, the US relies on a “mix of legislation, regulation, and self-regulation.” While, on the other hand, the EU relies on “comprehensive legislation that requires, among other things, the creation of independent government data protection agencies, registration of databases with those agencies, and in some instances prior approval before personal data processing may begin,” according to U.S. authorities.

For a few years, the EU has been reviewing its legislation on the protection of individuals concerning the processing of personal data and the free movement of such data.  The EU law establishes strict conditions for gathering personal data. According to the EU legislation, personal data gathering must be only for legitimate purposes. And, those who collect it must protect these data from misuse and respect the rights of the data owners. Of course, in this regard, there are restrictions concerning national security, defense and public security.

Bitcoin Pseudonymity

covadaleGranted, privacy is not an absolute. However, an adequate level of privacy can be achieved with Bitcoin.

All bitcoin transactions are recorded in the blockchain. Hence, this information is public. However, the blockchain does not contain information about the individuals involved in the transactions.

Additionally, Bitcoin uses public-key cryptography. To obtain a bitcoin, an individual must first create a private digital wallet. Wallets store the private keys required to access the bitcoin addresses and perform transactions. Individuals create Bitcoin addresses privately. Bitcoin addresses are the only information used to identify where bitcoins are deposited and where they are sent. Notice, no personal data is required to create a digital wallet. So, by not disclosing their wallet addresses and by using these addresses only once, individuals can enjoy greater financial privacy.

So, on both sides of the Atlantic, authorities claim their interest in enhancing privacy data protection for their citizens.

If this is really the case, the intrinsic security and pseudonymity properties of Bitcoin and the blockchain technology, combined with other technologies, particularly with anonymous communications, should be used to ensure greater personal data protection of all citizens.

What do you think will be the impact of this judgment on Bitcoin? Let us know in the comments below!



Courtesy of Wikimedia:

Photo of Max. Schrems – Author:  Josef Weidenholzer.

Tags in this story
Bitcoin Law, Edward Snowden, Facebook, Safe Harbor


Julio Gil-Pulgar

Julio has worked for Fortune 100 companies and the United Nations. He has led projects involving IT, operational, and compliance audits, in the U.S. and throughout the world. His expertise is in IT engineering, risk management, and security. He is a Bitcoin enthusiast.

Show comments