Are you going to the USA? Be careful what you do on the internet

Slovaks who have already visited the United States know that immigration entry control, especially an interview with an immigration officer, may not be the most pleasant. The USA is strictly protecting its borders, so the controls, mostly for the first visitors, are stricter. It is also related to the behavior of people on the Internet and the feeling of false anonymity that the Internet gives them. Therefore, security experts from Aliter Technologies recommend that you do not fall for this myth, which in some cases may ensure that you are banned from entering the United States.

“We regularly encounter cases where a US visitor is turned back by an immigration checker on entry and escorted to the next return flight to Europe, or has problems obtaining visas or directly interviewing an immigration officer. One of the reasons why this is happening is exactly what we do on the Internet,” explains Aliter Technologies’ cybersecurity expert Vladimír Palečka, adding: “These can be photos that we upload to Google or Facebook. However, parts of the communication or the entire history of our account may also be made available to the authorities, and the user has no idea that this data is available to US forces and may be used against the user during their stay in their territory.”

In the USA, there are more than 5,000 technology companies, which had on the basis of the so-called “EU-US Privacy Shield” obligation to legally make data available to its users. They allow it or it was made possible by various federal regulations such as the FISA (Foreign Intelligence Surveillance Act), which allow (allowed) access by US authorities (CIA, NSA and others) to data from US electronic service providers, including metadata and the content of electronic communications from European users.

The EU-US Privacy Shield is no longer valid, but the risk still persists

In July 2020, the Court of Justice of the European Union ruled that this mechanism was in breach of the Data Protection Directive (now GDPR) and repealed the “EU-US Privacy Shield”. Nevertheless, the flow of data from the EU to the US has not completely stopped. In its ruling, the European Court of Justice pointed in particular to the long-standing non-compliance with the requirements of mutual agreements, referring to several results of the review of the protection of personal data in the Privacy Shield carried out by the European institutions and the Cambridge Analytica case.

The reason for the abolition of the “EU-US Privacy Shield” was also the concern that after the transfer of data to the US, this data could be accessed by US security forces, which would violate the fundamental rights guaranteed by the EU Charter of Fundamental Rights. “When writing statuses or chatting with friends, it is necessary to think about what the user writes in the discussion, so that it does not happen that precisely because of e.g. hate comments and contributions he would not be denied entry to the US or not to be prosecuted during his stay in the US, although according to the European Union this data should not be provided,” explains Vladimir Palecka, adding: “Operators who need to transfer data to the US the decision of the Court of Justice of the EU does not completely ban the activity. The transfer will continue to be possible if, for example, the recipient of the personal data individually provides adequate guarantees of protection.”

Note:

The cancellation of the EU-US Privacy Shield is the result of a five-year dispute between the Austrian citizen Max Schrems and Facebook, whose Irish subsidiary is transferring data to the USA. Following a complaint from Mr Schrems, the Court of Justice of the EU annulled the previously valid Decision on the adequacy of the protection provided by the “safe harbor” principles as early as October 2015. Five years later, on the basis of a complaint from Mr Schrems, the EU-U.S. Privacy Shield was annulled.