Reticence
When did we start using reticence in place of reluctance? (See also refute vs reject.)
The deal governing transatlantic data flows – branded not fit for purpose by privacy watchdogs – enters its second annual review today. The Privacy Shield agreement was rushed through in the summer of 2016 after its predecessor Safe Harbor was scrapped following a legal challenge by activist and then-PhD student Max Schrems. …
Unless Privacy Shield becomes a legally binding commitment, with rights for non-US organisations and citizens to pursue offending US organisations in US courts with the same legal privilege as US organisations and citizens then it is useless. The exclusions for "almost any vaguely official US organisation" to the data rules don't help either.
"with rights for non-US organisations and citizens to pursue offending US organisations"
Although not possibly with the same convenience, EU citizens (under the GDPR) and UK citizens (under the provisions of the GDPR included in the UK Data protection Act 2018) can already challenge US businesses (and indeed any other third country business) on their data protection behaviours. If the matter is considered of sufficient import, it can be taken up by the relevant supervisory authority and ultimately even made a matter for the courts (as in the case of Cambridge Analytica and its various subsidiary sharing partners).
The stumbling block for individuals, as always, is the inevitable disparity of resources that can be brought to bear by the two sides, and no legislation currently in existence moderates this. The winner is always the party that can hang on and continue paying its lawyers longest.
Business has been happy with safe harbour/privacy shield and don't want to change it. While that matches the US position, the EU are struggling between what their businesses are lobbying for (easy exchange of information) and what some of their citizens want.
GDPR would suggest that this isn't about Google or Facebook - they already know how to jump through the hoops. I can see MS having problems with privacy around business data, but judging by GDPR it's the smaller organisations that struggle with additional regulation.
Put simply, I think the EU is targeting privacy the wrong way - they are creating barriers to smaller players while failing to protect users from themselves with access to the "free" service juggernauts.
Time will tell....
No - it's of course those with the deep pockets will try to resist more, as they can sustain the costs of a litigation more easily, and of course hire more cunning lawyers (while trying to influence politicians).
Sometimes there's no way to make a good law without incurring in such issue - especially when the law comes late, and someone already too advantage from the lack of it to obtain a dominant position.
Everything depends on how much effort the EU bodies will put in fighting them - on different fronts.
The big issue is that with the EU elections looming, and the renewal of the Commission, there will be a big push from some business to have someone like Pai instead of a Vestager.