back to article Don't worry about Privacy Shield, it's fine. Really. I promise, says US trade watchdog head

The acting head of the US Federal Trade Commission, Maureen Ohlhausen, has sought to assure people that the critical Privacy Shield data-sharing agreement will hold up despite President Trump's recent executive orders on immigration. Ohlhausen told reporters this week that the transatlantic agreement was unaffected by the …

  1. Doctor Syntax Silver badge

    "In my opinion, nothing has changed,"

    That bit's probably right. It's still a crock.

    1. streaky Silver badge

      It's true, nothing has changed, it isn't worth shit. It never was.

      DoJ doesn't believe that aliens outside the US have any right to due process (and is on record stating such) which means they have no right to privacy. Anybody hiding behind privacy shield is fair game for lawsuit IMHO - they should know the guarantees privacy shield claims to provide are worthless and are complicit in the fraud (and massive - continuing - invasion of privacy) being perpetrated against EU citizens.

      1. Anonymous Coward
        Anonymous Coward

        I still don't see how this is in anyway fair even if it did function as advertised.

        It isn't reasonable that I, as an EU citizen, should have to launch a court case in the US. I don't understand US law and don't get a say in it either. All disagreements should be handled via my local courts.

        1. streaky Silver badge

          The EU is ill-equipped to deal with this, only the courts are - and the EU courts can only intervene when a case is passed to them. It's a nightmare. If the EU truly believes the charter is a worthy cause it should have been all over this when Bowden bought it to their attention, all they've done is hidden the cracks behind a wall of obfuscation; first via safe harbour which was wildly ineffective and didn't get past its first court challenge and now via privacy shield which is about as useful as a spanner made of sponge.

  2. Anonymous Coward
    Anonymous Coward

    Jeff Sessions == non-human garbage

    Jeff Sessions is a racist, pile of garbage. It's unfortunate that in 2017 a backwards, asshole like this is given a seat of power. Par for the course. I'm sure Der Orange Führer will back down on any country that offers to build a golf course and exclusive resort in his "honor." Criminals on the take. Good work, idiots!

  3. Anonymous Coward
    Anonymous Coward

    It's fine!

    It's just pinin' for th' fjords. Ignore those nails in it's feet, those are just... ahhh... piercings! Yeah, piercings!

    *Cough*

    It was either that or the skit from the old man thrown atop the dead wagon in "Bring out your dead".

    =-)p

  4. Anonymous Coward
    Anonymous Coward

    It's history

    There is so much happening in the US that is absolutely counter privacy that I don't think it has a chance.

  5. ratfox Silver badge

    Political theatre

    - Can the US government be trusted not to look at user data? No.

    - Can US companies guarantee user data is safe from the NSA? No.

    - Is Europe going to ban US companies from handling user data? No.

    - Are Europeans going to stop using the services of US companies? No.

    1. Luke Worm

      Re: Political theatre

      Unfortunately you are right @ratfox. Theatre indeed, tragedy and farce simultaneously :-(

    2. Anonymous Coward
      Anonymous Coward

      Re: Political theatre

      - Are Europeans going to stop using the services of US companies? No.

      It depends. The average I-publish-even-my-toilet-flushes FB and Twitter user has indeed been led to believe by the data thieves that privacy doesn't matter (usually until they get burgled, suffer identity theft or get bullied) but there is still quite a vast audience which has rejected that attempt at conditioning.

      For those people, what the law says will matter, and the Art 29 Working Group is especially thanks to Trump no longer willing to give them a you-can-ignore-our-laws-for-profit pass - one of the other side effects of Obama's final changed to Executive Order 12333.

      On top of that we have a lot of EU based companies that may not like the privacy laws but have no option but to comply. For those, US services are soon going to be off-limits, and they're the ones that pay with money instead of details of their personal life.

      IMHO, July is going to be a VERY interesting month..

    3. Anonymous Coward
      Anonymous Coward

      Re: Political theatre

      Flip that around. Do US citizens have any protection from the likes of GCHQ, DGSE, (now we find out) BND,... And that's completely ignoring the trading back and forth between ours and their agencies. Privacy is a figment of the imagination in this context.

      1. streaky Silver badge
        Black Helicopters

        Re: Political theatre

        Flip that around. Do US citizens have any protection from the likes of GCHQ, DGSE, (now we find out) BND,..

        A US citizen in the US can challenge EU actions in EU courts in a way that EU citizens in the EU can't challenge US actions in a US court. Reciprocity is the watch word here. EU charter applies to US citizens in the US, US constitution (and more importantly key relevant to the internet parts of it - like the right to not be subject to unreasonable searches) doesn't apply in the reverse. They can't even stretch to lying and pretend it does in public so who knows what's going on out of sight - for sure whatever it is is probably very bad.

        TL;DR: Yes, yes they do. US citizens have equal protection under EU law, EU citizens don't under US law. US exceptionalism: fuck you if you're not a US citizen. Well, fuck you back actually.

    4. Doctor Syntax Silver badge

      Re: Political theatre

      "Is Europe going to ban US companies from handling user data? No."

      That depends on how many iterations it takes of the agreement/ECJ decision loop before the message gets taken. Also, lets wait & see how many €20m fines it takes for US companies to realise that they need to take this seriously and either pull out of the market or ensure that they're able to play by European rules. Sadly, for us in the UK, it'll all be too late - we'll have taken back control from the EU & handed it to the US.

      1. Anonymous Coward
        Anonymous Coward

        Re: Political theatre

        Also, lets wait & see how many €20m fines it takes for US companies to realise that they need to take this seriously and either pull out of the market or ensure that they're able to play by European rules.

        Ah, but that's the bit they would like to hide from you: they can't. Not because they don't want to, but simply because US law doesn't let them, a fact they've been casually hiding under the table for decades.

        This is why both Safe Harbour and its v2, Privacy Shield are political solutions: they did not ensure matching protection in law, they merely are agreements not to push the point too much. If you really care about privacy, however (or have customers that do), using service providers with a HQ or data centre in the US is not the brightest move to make, even when some political arm twisting* makes the Art 29 Working Group miraculously forego its objections.

        * For those needing a euphemism, the US call that "negotiating"

        1. Doctor Syntax Silver badge

          Re: Political theatre

          "they can't"

          Can't what? From the rest of your post I take it you mean they can't play by EU rules.

          In that case maybe you should look at Microsoft's arrangement to have Deutsch Telekom act as a data trustee. There's also the possibility of a franchise arrangement - have an EU owned franchisee run the operation under licence, the franchise agreement being under EU law with terms specifically forbidding the supply of customer's data to the franchiser. Either means the US corporation foregoing a degree of control to achieve a better outcome for themselves, a notion which admittedly seems to be beyond the grasp of too many at the moment.

          1. Anonymous Coward
            Anonymous Coward

            Re: Political theatre

            Either means the US corporation foregoing a degree of control to achieve a better outcome for themselves, a notion which admittedly seems to be beyond the grasp of too many at the moment.

            Yes, but this is the fun bit: at that point, the US company is no longer in control. It's not in control of its hosting, it cannot dictate the mechanics in the data farm and it has to pay whatever the provider decides to charge them. In other words, it means an EU based company is taking part of the profits, profits they cannot ship off to some tax haven to avoid paying them.

            Put another way: using privacy, Europe has been able to implement import duties on electronic services without breaking any trade agreements, hell, without much negotiating.

            I wonder how long it will take until US investors wake up to the fact that their precious US entity is being fleeced by the Europeans without them having any control over it.

            Personally, I think it's an amazing achievement. Now for some painful consequences: as the UK is leaving this club it will soon lose the ability to negotiate the same for its citizens because it cannot point at 26 other entities in the game and say "would love to, mate, but the others won't let me" - now they can. Add to this the clearly visible desire to continue implementing 1984 and I give it maybe one year post Brexit before your privacy returns to post WW II levels: i.e. non-existing, just to accommodate the strangely coloured US overlord so he won't slap trade tariffs on the UK.

            Which will make it even harder to negotiate deals with the EU.

            The UK population really has no idea what Brexit will do.

            1. Doctor Syntax Silver badge

              Re: Political theatre

              "Yes, but this is the fun bit: at that point, the US company is no longer in control. It's not in control of its hosting, it cannot dictate the mechanics in the data farm and it has to pay whatever the provider decides to charge them."

              The Microsoft/DT arrangement, AIUI is the Microsoft does run the server farm but it has put the control of the data out of its control. Don't ask me how they do that in detail but I would take it that they've given some considerable thought - and legal advice - in putting it together. The other option I suggested is a franchise operation.

              And in any case I think you're overlooking one thing: whatever they or the EU company gets paid is determined in advance by a contract; they have at least some control in that, not total control because its a matter of negotiation. As I said, the notion that foregoing some control to achieve a better outcome is a notion that seems beyond the grasp of many.

          2. Hans 1 Silver badge
            Big Brother

            Re: Political theatre

            >In that case maybe you should look at Microsoft's arrangement to have Deutsch Telekom act as a data trustee.

            Futile move, they are Microsoft for a reason®.

            https://en.wikipedia.org/wiki/T-Mobile_US

  6. Voland's right hand Silver badge
    Trollface

    Fake news. SAD!

    Of course, there will be massive pressure not to tear up a new agreement

    There is similarly massive pressure to do so. There is money to be made either way.

    Realistically, the lifetime of the new agreement is until there is a court case (especially without the UK to throw spanners in the works to anyone trying to repeal it). Its lifetime after facing the judges will be measured in minutes (not even hours or days).

    1. Doctor Syntax Silver badge

      Re: Fake news. SAD!

      "Its lifetime after facing the judges will be measured in minutes (not even hours or days)."

      That's slightly hopeful thinking. I don't doubt the overall sense of your conclusion but appeal courts don't work at that speed.

  7. shub-internet

    The simple answer for US corporations has been to use the model contract clauses with all their subsidiaries/clients, and that's the bit that may die with the current Schrems case. At that point, the GDPR says 'No' to cross-border flows and then we wonder what to do...

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019