back to article US to strengthen privacy rights for Euro bods' personal data transfers

The US will take steps before the summer to comprehensively strengthen the "Safe Harbour" framework that helps facilitate some transfers of personal data to the US from the EU. The commitment to improve privacy protections (10-page/445KB PDF) was contained in a joint statement issued on behalf of senior officials from the EU …

COMMENTS

This topic is closed for new posts.
Big Brother

"We've already siphoned off...

...most of the stuff we were interested in, so we'll throw you a bone."

21
0

Re: "We've already siphoned off...

Hmmm, nice bone.

(quick, keep pumping)

0
0

Nice try

If these secret US agencies are perfectly happy to violate their own Constitution and then lie about it, what hope is there for this scrap of paper?

31
0
Anonymous Coward

Re: Nice try

Exactly my thoughts!

2
0
Silver badge
Black Helicopters

They missed out a bit

The bit about repealing the USA PATRIOT Act.

Without that, any promise from the US to respect the privacy of furriners must rank alongside "Yes, I will still love and respect you in the morning.".

And that's the open, public legislation. There's also the NSA...

26
0
Silver badge

Too little too late.

1) "... to ensure data protection and enable trade through increased transparency, effective enforcement and legal certainty when data is transferred for commercial purposes,"

This should have been done in the first place, and it is a bit too late to start thinking about such things now.

2) Given that the UK is part of the EU and thus comes under the regulations, the fact that Tempora and other programmes have been run surely points out the fact that the security organisations don't give a damn about what is legal and what is not. The only thing that matters to them is whether they can do it without being caught.

3) With all of the revelations from Snowden would you really trust any of these characters do abide by any agreement made? If it didn't work the first time why should it work now?

No, this is just another attempt to pull the wool over our eyes with meaningless and worthless promises.

"There, there, it's all better now."

27
0
Silver badge

Re: Too little too late.

It's not about NSA/GCHQ spying on you - as soon as the data is in the UK you can be sure it's in Fort Meade.

It's about having your Doctors surgery using software from a US company to process your records and finding that the T&C allow the company to sell all your details to the US arm of your pension provider.

0
0
Silver badge
Thumb Down

Please ?

This is just the USA saying : Please use our cloud...

it will make things so much easier for us...

(to snoop on you...)

24
0
Silver badge
Windows

Re: "Please use our cloud"

That's what this PR exercise is really about. The continued opportunity to easily spy on us, yes, but also the fact that American corporations are screaming blue murder about the business the NSA caused them to lose.

Spying on ones supposed allies is important, and all that, but in the Land of the Fee money is always the number one priority.

1
0
Anonymous Coward

Re: "Please use our cloud"

That's what this PR exercise is really about. The continued opportunity to easily spy on us, yes, but also the fact that American corporations are screaming blue murder about the business the NSA caused them to lose.

The second aspect is where you've hit the nail on the head - but not because of the NSA. The problem US companies have is that a couple US federal laws (the most well known of which is the USA PATRIOT Act) make it entirely impossible for a US company to credibly claim it can protect EU data from uncontrolled access by the state - in the US, the concept of due process is all but annihilated post 9/11, and state + companies have become addicted to a total lack of inhibition when it comes to abusing personal information.

The EU is politically in an interesting position. I suspect they will as always eventually cave to the blend of bribery, lobbying and blackmail with trade restrictions that typifies "negotiating" with the US, but the reality is that data held in the US cannot EVER meet the standards demanded in the EU. The "Safe" Harbor concept is just an excuse to enable US companies to hawk their warez here, but if you really have an obligation of confidentiality you would not only be a complete idiot to accept a scam scheme that relies on self certification, but you'd also ignore all the legal issues you're creating for yourself.

The interesting bottom line is that presently the WHOLE OF SILICON VALLEY is in no way able to protect privacy. Not that they don't want to, but they simply can't - they have no legal defences against the wide open barn door to personal information that US law creates.. Not with those laws in place, and fixing that is not possible overnight - that will take well over a decade.

I predicted in January that 2014 would be the year of privacy spin (well, privately I used the term BS), and so far I have not been disappointed. There will be a lot in the way of "initiatives" coming, but as long as the basic federal law issue is not addressed it's merely window dressing. Which is what they're good at, but it doesn't address the REAL problem.

2
0
Silver badge
Childcatcher

Re: "Please use our cloud"

Yes, this "Safe Harbor(sic)" nonsense amounts to nothing more than a checkbox on an insurance form - a mindless bureaucratic exercise that doesn't bear any correlation to reality.

0
0

Re: "Please use our cloud"

"The interesting bottom line is that presently the WHOLE OF SILICON VALLEY is in no way able to protect privacy. Not that they don't want to, but they simply can't - they have no legal defences ..."

How about the EU threshold for unauthorized data possession by non-governmental entities be treated as a felony receipt of stolen goods. That is hardly a matter for diplomacy but rather extradition.

I feel bad for The Hague. Crimes Against Humanity attracts a better sort of convict.

0
0
Anonymous Coward

Not much into aviation, eh?

"Airbus" is the new name (since a few months?) of EADS, the (mostly) European aviation consortium, which was in fact founded in the 70s. Their first flagship product, the A300, has been flying since the early 80s or so, and to my knowledge they don't time machine them back into the past.

All the above from memory, exact details can be Googled up easily.

Yes, I know about the corrections link. I also know I don't like email.

0
0
Gold badge
WTF?

b**locks

No repeal of THE PATRIOT Act.

No privacy.

And not 1 fr**ging word about the credit card details of airline tickets purchased by passengers which the US must have (do European get the same information from US ticket buyers?) to "Prevent another 9/11," although all aircraft ceased were on internal US flights at the time, and most of the terrorists were citizens of Saudi Arabia.

10
1
Anonymous Coward

Re: b**locks

Actually, to *really* protect "the world", it appears all receiving nations should receive full data and biometrics of people leaving the US. After all, that's where the terrorists lived and were taught how to fly..

2
0
Facepalm

Ha ha ha ha ha

What bit of "trust" don't they understand?

6
0
Anonymous Coward

Airbus formed when???

Airbus formed in 2001? Are you sure? The A300 was introduced into service by Air France in 1974, so it must have existed before then.

http://www.airbus.com/company/history/

Anonymous Coward... just because...

3
0

Yea, I know we've been naughty, but we're sorry and you can trust us now. Honest

Oh. Well, that's ok then.

8
0
Anonymous Coward

Yeah right

... I was born yesterday. Could it be the septics are getting a bit twitchy?

1
0

Good Lord.

The only way Europe is going to strengthen their privacy is if EUROPE does it. It's been over nine months since Edward Snowden defected and the revelations are still coming. Do you honestly think the USA has changed given the complete lack of any accountability in their system in this matter to date?

5
0

Even without Snowden leaks it was clear that 'safe harbour' was (worse than) useless: US companies have been operating with blatant disregard of the EU data protection laws. Case in point: Google's troubles with CNIL (see e.g. http://www.cnil.fr/english/news-and-events/news/article/the-cnils-sanctions-committee-issues-a-150-000-EUR-monetary-penalty-to-google-inc/ ).

2
0
Gold badge
Unhappy

You might also look at the hard drive of DVLC data lost in Merkinland

And AFAIK never found.

0
0
Bronze badge
WTF?

Argentina is on the pre-approved country list?

What? Really? Well that sucks for any Briton who remembers the Falklands invasion and the loss of life it caused.

If the EU approve a bankrupt nation with a history of domestic civil liberty repression is Zimbobwe on the list to?

0
0

The only way I can see this being worth anything is if it includes a requirement for US companies to disclose any time EU data is turned over to a government agency and this supersedes any gag order or similar that might otherwise prevent them from doing so.

0
0
Silver badge
FAIL

Small Businesses???

"However, Munich-based technology law specialist Christian Knorst of Pinsent Masons, the law firm behind Out-Law.com, said that an 'IT Airbus' in Europe could cause competition issues and that the best way to challenge more established US rivals in the market was to improve funding for small businesses to help them compete on privacy."

Given the Patriot Act et. al. surely the only way to keep the data out of the immediate grasp of the US is to host it on EU located servers run by EU firms with as little US involvement as possible (given that AFAIK any US owned firm can be made to hand over any non-US data to Da Guvmint by law).

Which will not be done by "small businesses" but would require companies the size of BT to build and run the data centres.

Implementing the router infrastructure to avoid any data tromboning through the US is kinda minor in comparison. Light up some dark fibre and go for it.

Oh, and

"Only a handful of countries, including Argentina, Canada and Switzerland, but not including the US, are deemed by the European Commission to provide adequate protection."

Strangely no mention of India and other major hosters of call centres for the UK financial and telecoms industry.

Anyway, relying on promises today and then giving the US all your data in no way protects you from a (nominal) change in government and in government policy.

Stable door is flapping, horse already long gone, EU government as a whole addicted to Facebook and especially Twitter. Data privacy??

Oh, and at some point the various EU policy makers will realise that any EU-centric infrastructure is going to cost far more than the ever competing cloud providers in the US.

0
0
This topic is closed for new posts.

Forums

Biting the hand that feeds IT © 1998–2017