back to article Privacy Shield: Data Protection Commissioners break out a six-pack

In this blog, I make a few comments about “Safe Harbor 2” (or the “Privacy Shield” to use the flash marketing term for the recently announced agreement). In summary, there is no published evidence that the Privacy Shield actually provides an adequate level of protection: so contrary to all those optimistic news reports, can you …

  1. malle-herbert
    Big Brother

    Weasel words...

    No matter what kind of agreement between the EU and the US is struck...

    Do you REALLY think your private data is ever safe with them ?

    Because all they need to do is flash the "national security" card and all your data belongs to them anyways...

    1. big_D Silver badge

      Re: Weasel words...

      @malle-herbert and this is exactly Schrems point and why the original Safe Harbour has been torn down.

      The US played the national security card, which should have been illegal under SH and Schrems called foul. This means that the whole thing fell down like a house of cards, once the Irish DPA was forced to look into the matter, after having tried to play pass-the-parcel with responsibility.

      If the new agreement doesn't guarantee that the US can't pull the national security card, then the new agreement won't fly either.

    2. Anonymous Coward
      Anonymous Coward

      Re: Weasel words...

      No matter what kind of agreement between the EU and the US is struck...

      Do you REALLY think your private data is ever safe with them ?

      Because all they need to do is flash the "national security" card and all your data belongs to them anyways...

      No, not even that. There are already enough federal laws level to trample over the rights of the locals (normally known as Americans, but let's be evil and call them "voters" for now because that reminder tends to make politicians that little bit more nervous), let alone over the rights of them damn foreigners who should really just hand over their money and not dare to insist on any rights in return.

      The best known one is the USA PATRIOT Act, augmented by the FREEDOM Act, but there's a lot more where that came from and if you add all of that up you end up with an open door policy for any random official who feels he or she would like a rummage through your data, just to fight boredom.

      There is really no need to even go near the National Security Letter mechanism.

      By the way, nice article. I like the precision of the explanation as it aids an understanding of the actual mechanics at work.

  2. Doctor Syntax Silver badge

    "Also, be aware also that some serious contingency planning might be needed if Europe’s Data Protection Commissioners judge that the Privacy Shield does not provide an adequate level of protection."

    Not contingency planning, just planning.

    Schrems should have been a wakeup call. Until the US totally changes its prying ways and overall approach to personal data no fig leaf arrangement is going to get past the ECJ again. I suppose the US industry could buy itself a better government but it will be a lot cheaper and quicker to shift processing of data to non-US data centres protected from the US govt by an adequate legal firebreak.

    This is not an issue that's going to go away.

    And the UK govt. should consider the effect of continuing along its merry way in the event of a Brexit. It's going to make doing business with the EU a whole lot more difficult because they'll have put us in the same sin-bin as the US.

    1. John G Imrie Silver badge

      Re: Brexit

      What's going to happen to all those Multinationals with their HQ's in London who suddenly discover they cant transfer personal data out of Europe into the UK. That's the Insurance and Pension businesses scuppered.

      1. KeithR

        Re: Brexit

        "What's going to happen to all those Multinationals with their HQ's in London who suddenly discover they cant transfer personal data out of Europe into the UK. That's the Insurance and Pension businesses scuppered.!

        They will be able to transfer data,

        They'll just have to do it fairly and securely.

    2. big_D Silver badge

      And don't forget the Microsoft case, with MS putting up the good fight.

      The US Justice Department wanted them to hand over data from their Irish data center.

      MS refused, saying it was on foreign territory and the data center was run and owned by a non-US company (MS Ireland) and they should go through proper channels and ask the Irish police to obtain the information for them, as per existing international agreements.

      USDJ came back with the rebuttal, ah, but America!

      MS, no, Ireland.

      USDJ threw its toys out the pram and claimed that MS inc. is American, therefore MS Ireland is also American, hand over the data!

      MS and the Irish DPC both said no to that (although the DPC needed a lot of prodding with a big stick, before it woke up and noticed what was happening under its nose).

      Now MS is in contempt of court in the USA.

      At the end of the day, if they don't hand over the data, MS Inc. will be acting illegally and the execs could face time in chokey. If MS Inc. capitulates, then MS Ireland will be acting illegally and the execs could face time in chokey.

      1. Doctor Syntax Silver badge

        "Now MS is in contempt of court in the USA."

        According to what I read at the time this was a technical step to clear the way for escalating it up to a higher court. This one will probably go right up to the supreme court at some distant point in the future. In the meantime MS is working on the contingency plan - host in the EU with a trustee looking after the data to put a proper firebreak in the way. Others will need to wake up and follow in due course when the Privacy Fig Leaf gets torn down.

        1. big_D Silver badge

          Correct, it was to force it to a higher instance.

          The irony is, if the USDJ had actually followed channels, and they had had reasonable grounds, they would have had the information about 18 months ago...

  3. Smooth Newt
    Joke

    I'm not worried at all

    I've purchased my own personal six-pack of Deluxe Privacy Shields. They offer far better protection from government snooping than the US/EU one.

    http://www.reallygoodstuff.com/quickview.aspx?p=159363

  4. Doctor Syntax Silver badge

    From the Secretary of Commerce Penny Pritzker press statement link

    "I want to specifically thank Commissioner Jourová and her team for their incredible, persistent work over the last two and a half years."

    Incredible = not believable.

    'Nuff said.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019