back to article Tweak Privacy Shield rules to make people happy? Nah – US govt

The US government has poured cold water on the idea of making changes to the new Privacy Shield agreement that will cover transfers of people's private data between the US and Europe, potentially putting the entire agreement at risk. Under secretary of commerce for international trade, Stefan Selig, told Reuters that the US …

  1. Keef

    My opinion on the last bit...

    "Without a broad agreement covering data across the Atlantic, companies would effectively be obliged to draw up new contracts and get all customers to agree to them – a huge burden and something no one wants."

    I wouldn't mind it.

    1. Ole Juul

      Re: My opinion on the last bit...

      Indeed, there is no reason why companies shouldn't bear this "huge burden". I would argue that they should have done this in the first place.

      1. VinceH

        Re: My opinion on the last bit...

        Yeah, but... if the agreements can basically be summarised as:

        "We want your data and the ability to do whatever the hell we please with it - including letting our TLAs trawl through it whenever they want. Accepting this is a condition of using our services."

        Then what difference does it make, really, if it's a broken Safe Harbour, a meaningless Privacy Shield, a Chocolate Teapot, or the companies undertaking the 'huge burden' of using their own contracts?

        (I'm unconvinced of that being a huge burden anyway. They all have terms and conditions that we have to agree to if we want to become part of their product-base use their services - and they change them often enough. This huge burden would be just yet another change.)

    2. SImon Hobson Silver badge

      Re: My opinion on the last bit...

      But companies cannot contract out of EU or US law - so contractual clauses providing for privacy are void. For the very reason used to squash the old Safe Harbour, no entity based in the US, or with a US presence, can give any believable guarantees on privacy/protection of information - because US law overrides those contracts and US authorities can effectively slurp data whenever they want.

      And all this posturing by the US government will come to nothing - they'll either change their law (which they don't seem willing to do), or much of the transatlantic traffic in data is illegal under EU law. And the EU is big enough to be able to force the issue on this - it's not some tiny island state that needs US "approval" to survive.

      There's also a parallel to be drawn here between the EU-US situation, and what would be the case between EU and UK if we vote to leave in June. The EU will turn round and basically tell the UK that either we follow EU data protection/privacy law, or we won't be dealing with EU data. That does rather undermine some of the arguments for leaving since even if we leave, we'll still need to fit in with EU laws/regulations if we want to trade with them.

  2. Anonymous Coward
    Anonymous Coward

    There IS no delicate balance.

    "Without a broad agreement covering data across the Atlantic, companies would effectively be obliged to draw up new contracts and get all customers to agree to them – a huge burden and something no one US company wants as it would cost them money and would lessen their abilities to spy on foreigners."

    Let's be realistic here - on the US side, nobody gives a gnat's ass about user rights, so for my money it's worth forcing the lot to get explicit customer agreement. Who knows, it may even make US customers protest that they would want the same rights.

    1. Anonymous Coward
      Anonymous Coward

      Re: There IS no delicate balance.

      This is rearranging deckchairs on the Titanic. Yank corps can't be trusted because they were born in a culture of zero social responsibility.

      I'd like to see data gathering be as painful as physically possible.

      For example FaecesBook, SnapShat, Instascam etc. need paper agreement signed in triplicate before data snarfling can commence.

      1. Anonymous Coward
        Anonymous Coward

        Re: There IS no delicate balance.

        ... Signature using the CEOs blood for authentication purposes.

  3. Pseu Donyme

    The real problem is that the US (govt and companies) ought to take the issue - right to privacy in general and its modern aspect data protection in particular - seriously, but obviously they don't; ultimately the solution is for the US to adopt proper data protection legislation like just about any other advanced country, for US companies operating in the EU the solution is simply making a sincere effort to abide by the law there.

    1. djack

      "for US companies operating in the EU the solution is simply making a sincere effort to abide by the law there."

      The problem is that they can't .. at least not without falling foul of US law when the feds come a-knocking. Not that I trust those companies an inch, but giving them all the benefit of the doubt that they have all the will and the right intentions, they still cannot guarantee to conform to European levels of standards.

      It is a shame for those companies who are stuck between a rock and a hard place, but it is good that the EU is prepared to stand up to this erosion of privacy.

      1. Doctor Syntax Silver badge

        "The problem is that they can't .. at least not without falling foul of US law when the feds come a-knocking."

        There are ways. Microsoft think they've got one with the data trustee set-up they're putting together in Germany. An alternative would be to have EU nationals set up an EU corporation to run the operation in the EU in data centres owned by the EU corporation under EU law as a franchise with the terms of the franchise specifically preventing the US parent from accessing the data.

        I can't think why they haven't done this already - I'm sure there's no shortage of legal expertise in setting up franchises when it comes to tax arrangements - unless they don't want to share the money with their franchisees.

    2. Doctor Syntax Silver badge

      "or US companies operating in the EU the solution is simply making a sincere effort to abide by the law there."

      No. The solution is simply to abide by the law. Sincere efforts are not enough. It will take a serious reorganisation of how they do business. If the Microsoft data trustee scheme proves effective then that sort of solution would suffice. If not then they'll have to resort to a franchise operation where the entire operation is hands off for the US parent.

  4. Doctor Syntax Silver badge

    The fig-leaf is starting to curl at the edges already.

  5. allthecoolshortnamesweretaken

    This is why we can't have nice things privacy.

  6. The_Idiot

    You want to buy this shiny new bridge I've got for sale?

    "Despite those efforts, however, last week the Article 29 Working Party... said it was not happy with the final wording and questioned several key components, including... how independent the US Ombudsman really was."

    Right. Of course. Independent, and effective. Which it will be, right?

    Sigh. Again.

    From another article right here, right now:

    "Watchdog: FBI actions unconstitutional. Secret court: Nah, we're good."

    So OK. what about that bridge? We got a deal, bub?

  7. Marketing Hack Silver badge
    Headmaster

    Definition of "independent Ombudsman":

    1. A functionary kept out-of-the-loop by intelligence and law enforcement agencies

    2. A well meaning person whose independence mostly involves being free of all decision-making and budgetary powers. (See: irrelevant, ineffective, window dressing)

    3. A patronage position marked by contradictory requirements (See: Caught between a rock and a hard place, damned if you do or damned if you don't)

    4. A fiction meant to encourage baseless confidence and goodwill (See: Tooth Fairy, Easter Bunny, Santa Claus)

    5. A position marked by poor morale and high turnover (See: thankless task, poisoned chalice, shit job)

    1. Mark 85 Silver badge

      Re: Definition of "independent Ombudsman":

      I was thinking it would be a cushy job... Just sit back, sip favorite beverage, occasionally make a statement about how well everything is going and take home a nice paycheck.

      1. John G Imrie

        Re: Definition of "independent Ombudsman":

        Which is why I couldn't do it, I may have flimsy moral standards, but they are still there.

  8. Anonymous Coward
    Anonymous Coward

    US needs it more than EU

    Without the privacy agreement, US businesses are liable directly for breaches of EU privacy law.

    This is how it should be, why should they get to hide behind Uncle Sam, while secretly handing our data over to the US (and UK+Canada+New Zealand+Australia+even Israel was given our and Americans data FFS)?

    Ombudsmen are toothless, they're for show, a fake replacement for judicial process. But these US companies are in the EU, and those subsidiaries make them directly liable.

    Why should an EU business be subject to EU privacy law, and the business next door, a USA business with an EU Subsidiary, be exempt from it?

    And the EU Commission doesn't have the power to strip the privacy right. That's a fundamental right. So they might all have money in Panama and be bending over backwards for these negotiations, but they don't have the power to strip that right anyway.

  9. VinceH

    "Tweak Privacy Shield rules to make people happy? Nah – US govt"

    Provide data to companies from an untrustworthy nation? Nah - Europeans1.

    1. Those who understand the issues and actually give a damn, anyway - which, sadly, is probably not enough to matter.

    1. SImon Hobson Silver badge

      > Provide data to companies from an untrustworthy nation? Nah - Europeans1.

      > 1. Those who understand the issues and actually give a damn, anyway - which, sadly, is probably not enough to matter.

      Ah, but in most cases it won't be just down to the users actually understanding. Take FarceBork for example - they have a big business in Europe. Unless they stop illegally slurping data then they can be up in court and fined worthwhile money - enough to actually hurt them. So what are their options :

      1) They could pull out of Europe and have no presence here, none at all. But then they'd lose a heck of a lot of income from EU based advertisers and so on. But having no presence here would put them out of reach of EU authorities.

      That raises a question, would it be illegal (or perhaps made illegal) for an EU based entity to trade with them ? That's what did for Radio Caroline - the authorities couldn't touch them while they were in international waters, but they did cut off the advertising income. Or could the EU authorities tackle the export by having the internet carries block FarceBork traffic ?

      2) They could restructure their operations so as to keep EU data out of the reach of US authorities. That's what I think they'll do - it'll cost them in various ways (such as not being able to mine global data as one big resource), but it's completely doable.

  10. fpx
    FAIL

    A Kafka Moment

    If you can prove that you have been wrongfully denied entry into the US, please file a report with the Ombudsman in Washington. Submissions must be filed in person.

  11. noj

    its complicated

    or maybe not.

    See Reg article "FBI's PRISM slurping is 'unconstitutional' – and America's secret spy court is OK with that" http://www.theregister.co.uk/2016/04/20/public_advocate_fbi_actions_are_unconstitutional_secret_court_nah_were_good/

    What this article says to me is that regardless of Privacy Shield or any of the versions that follow, one or more department in the US government will do what it damn well pleases anyway. And that's something we've all known for a while.

  12. This post has been deleted by its author

    1. JudeKay (Written by Reg staff)

      Re: Dear moderator

      Apologies - moderation is not as speedy on the weekends.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020