Brussels flings out Safe Harbour guidelines, demands 'safer' new framework ASAP The Oxford Dictionary states the following for its definition of the word "safe": "Protected from or not exposed to danger or risk; not likely to be harmed or lost." On Friday morning, Brussels' vice-president Andrus Ansip got a little tautological by once again calling for a "safer" Safe Harbour agreement between the European …
I sincerely wish that Safe Harbour re-negotiations fail. This doesn't come from a professional or pragmatic sense but from the inner excited teenager with a lighter.
I know the politics and money around this situation won't allow any real change but I sit rub my hands together in glee over the potential possibilities.
Possibilities such as:
Google ending it's euro dominance,
The cloud blowing away as a bad idea,
Facebook upsets as photos lost,
Microsoft's monetization of Windows 10 becoming a damp squib,
Euro businesses finding room to grow,
Dogs sleeping with cats & etc
I sincerely wish that Safe Harbour re-negotiations fail
You shouldn't. The big problem is not that Safe Harbour doesn't exist, that can be worked-around with contracts, etc. The problem is that it did exist, and has abruptly gone away. That is a PITA for both companies and consumers.
Have you downloaded any software lately? Expect notification of bugs or security issues? Now you won't get them unless (or until) you've signed a contract, because the supplier has to discard your personally identifiable info. Yes, Android users, that may mean you.
Do you upload anonymised data to a supplier, to get remote performance and failure monitoring? Nope, not any more.
Sure, Safe Harbour now turns out not to be so safe, but the amount of extra work that is going to create for consumers and their trustworthy suppliers should not be discounted. A Safer Harbour agreement is necessary.
This post has been deleted by its author
Have you downloaded any software lately? Expect notification of bugs or security issues? Now you won't get them unless (or until) you've signed a contract, because the supplier has to discard your personally identifiable info. Yes, Android users, that may mean you.
Explicit and informed consent remains an option.
Do you upload anonymised data to a supplier, to get remote performance and failure monitoring? Nope, not any more.
Get consent from the user for such processing and there isn't a problem.
Why is asking for permission such a problem for some people?
Why is asking for permission such a problem for some people?
Did you even bother to read the post before jumping in?
Of course informed consent is not a problem IF YOU BLOODY ASKED FOR IT FIRST. The problem, as I said, is that the existence of Safe Harbour meant that many companies didn't ask for it, and now it's too late. Without a safe-harbour type of agreement lots of poeple who were covered by it now have no such cover, and such consent has to be asked for retrospectively. Which is difficult since without safe harbour companies can't keep the information they need to ask.
That was my point. If there never had been Safe Harbour things would have been OK, but since there was, and it's been removed, the current situation is a PITA for all concerned.
Did you even bother to read the post before jumping in?
Ummm... Yes?
Did you read the bit about enforcement not starting straight away? Companies have the option to establish consent within that three month timeframe. I have absolutely no sympathy for those that don't bother doing so and suffer problems as a result.
"Have you downloaded any software lately? Expect notification of bugs or security issues? Now you won't get them unless (or until) you've signed a contract, because the supplier has to discard your personally identifiable info. Yes, Android users, that may mean you."
Bullshit. If I download a piece of software and click on 'Check for Updates', or 'Automatically check for updates from now on', no personal data is processed. Don't spread FUD.
Bullshit. If I download a piece of software and click on 'Check for Updates', or 'Automatically check for updates from now on', no personal data is processed. Don't spread FUD.
Great. And if you don't have that option, let's say on, oh I don't know, a VW car, how can the company contact you to inform you of a security or safety bug?
Not FUD, fact. I work in a business where this is important, and I know how much hair our security and support guys are tearing out right now.
Great. And if you don't have that option, let's say on, oh I don't know, a VW car, how can the company contact you to inform you of a security or safety bug?
Oh, I don't know - you could use the months you've been given to ASK THEM if it's OK?
This is still FUD.
They can use the three months they've been given to put their affairs in order.
Your 'security' and 'support guys' can't really be up to much if they're really finding it that difficult to understand that they need to ask for permission.
Your 'security' and 'support guys' can't really be up to much if they're really finding it that difficult to understand that they need to ask for permission.
Oh, they understand just fine, and they're working weekends and holidays to do so. You seem not to understand the work involved for a large company. You'll learn, probably the hard way.
Oh, they understand just fine, and they're working weekends and holidays to do so.
If they're spending so much time trying to find a way to avoid having to seek consent, then whoever they are they're probably the sort of company I'd rather avoid like the plague.
The European Commission plainly wants to get back to 'business as usual' and stop having to think about pesky things like personal information security. What they are proposing is just as bad as what there was before ... but it will probably take another opinion from the ECJ and until then this gives everyone an excuse to pretend that all is OK.
I also suspect that many more than 4,000 companies depend of safe harbour: try any organisation that has personal data in the Amazon cloud to start with. I would suggest that you add 2 or 3 zeros to the end of that number.
Thinking about it: toilet paper would be a better analogy.
The problem is that the issue is actually not Europe having good privacy laws and wanting to enforce them. The issue is the US having all but abandoned privacy as a right in the hunt for the almighty buck and are now whinging that the EU is not lowering standards in a similar fashion. Well, we upped our rights, so up yours. They had over a decade to address the real problem but have instead milked the abomination called Safe Harbor for all it was worth.
I'm getting tired of the BS in this - it's not only a US problem, but they have also known for a long time that they were living on borrowed time. Schrems did nothing more than clarifying what most of people involved in real privacy protection have known for years, and what US companies have been trying to weaken for years in Brussels.
Or do you really think those lobbyists in Brussel have been there just because the beer was so good?
Let's call it Safe Harbor to make it clear where it came from.
Why are all these companies sending my personal data across the ocean?
We have plenty of clouds of our own here in Britain in November!
But I'm certainly glad that I am still a citizen of the EU with the benefit of the Human Rights Act!
We have plenty of clouds of our own here in Britain in November!
Umm, we're not talking about the soggy stuff that hangs above the country :)
But I'm certainly glad that I am still a citizen of the EU with the benefit of the Human Rights Act!
Yeah, believe in the dream. Now you know why the UK keeps some distance from EU involvement. The moat helps.
Why are all these companies sending my personal data across the ocean?
You do realise that, by EU law, IP addresses count as "Personally Identifiable Information" and so were covered by Safe Harbour? OK, so politicians don't understand the technology, but it means that just by establishing a connection to a remote site you are sending "personal data" across the ocean.
by establishing a connection to a remote site you are sending "personal data" across the ocean
No. Sometimes I may choose to visit an American site. Too frequently, when I visit a British site, it calls in some completely gratuitous javascript from Google or some other transatlantic "cloud" or "analytics" site without ever bothering to ask for my consent.
The failure of the Safe Harbor agreement isn't the fault of the companies affected, it is the fault of the government and the government agencies these companies operate under. The current legal requirements for any US based company to hand over any and all data when demanded killed Safe Harbor.
Contractual obligations will not override the US governments demand to get this data, contract do not deny legal obligations. Until these access laws are repealed or modified to a more civilised level, there can be no "Safe Harbour."
"Enforcement against non-compliance with the Safe Harbour court ruling kicks in early next year."
So expect another trip to the ECJ next year if this is the best they can do.
Somebody in another thread mentioned groupthink in connection with TalkTalk. Clearly something similar is happening here if they think there's a way of rebuilding it short of a blinding revelation in the US govt.
You can be 100% sure that Call me Dave doesn't have "increased privacy protections" as one of his criteria for reforming the terms of Britain's relationship with Europe. In other words, he won't be standing up for UK citizens either inside or outside Europe.
As Praetor of Airstrip One, his sole job his to execute US law to the letter.
Abolition of human privileges is high on his list of priorities.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
