Euro watchdogs give America's data-sharing Privacy Shield an 'F' Europe's data protection authorities have graded the new Privacy Shield agreement that covers data sharing between the US and Europe a fail. In a formal response [PDF] published Wednesday by the Article 29 Data Protection Working Party, the influential group outlined a number of serious concerns about the agreement, including …
Good.
The American Mega Corps with have to set up companies in Europe and data centres in Europe.
Despite Ireland being expensive for Electricity Apple, Facebook etc ARE build more datacentres in Ireland.
What I don't understand is why the German 1 & 1 hosts UK customers in UK, mainland European customers in Europe / Germany but Irish customers in Kansas, USA.
It is Dead
Not yet.
The pig squadron is still flying, but the interceptors are now in the air and they are "loaded for bear". I give it 6-9 months until another court case.
The writing is on the wall though - all USA cloud players scrambling to expand their Eu datacenters to be ready for the next phase of the data cold wars.
What I don't understand is why the German 1 & 1 hosts UK customers in UK, mainland European customers in Europe / Germany but Irish customers in Kansas, USA.
Their marketing team is working up to "you're not in Kansas anymore" ?
There can be no legal agreement between the European Commission and the US that *reduces* the basic privacy right because they're required to uphold that right. So this attempt at stripping the privacy right is a clear fail.
Without the EC's attempt, then US companies have to obey the same rules as every other company. Either : a) host their data in Europe and comply with EU legislation, or b) show that they can comply with EU Legalislation in another country outside the EU.
With USA asserting rights to grab data worldwide from companies, outside of the proper territorial treaties, no US company can comply with EU legislation even if they host the data in Ireland. Because as long as US parent corp can access Irish data illegally then they're still not complying with EU law.
So Microsoft are fighting a demand for data it holds in Ireland (it holds UK Parliamentary data in Ireland too). But even if it wins, as long as other companies in Microsoft can access that data, then Microsoft can be compelled to hand over the data outside of the EU laws.
The Theresa Mays and Diane Feinsteins of this world might like to think it will only be 5 eyes countries that grab the data, but that's naive. China and Russia have leverage on Microsoft too, and both are passing data grab laws.
Technical protections, strong end to end encryption, legally separate data holding companies in each jurisdiction, need to be put in place so that corporations won't go handing all our private data over to ever junta on the planet. That's how they can comply with EU law.
It is good if it is just f**ed. That means they forgot the sword that goes with the shield.
When I hear shield in a communication surveillance context my first thoughts are these: http://www.volynpost.com/img/modules/blogs/6/c0/44ef85c3f9303bf69cbd21e1b6725c06/original-.jpg
My thoughts exactly. BTW, the MfS copied both the slogan and the attitude - sword and shield of The Party. And The Party is always right.
I am guessing that in America they spend countless amounts of money, committee hearings, meetings and discussions trying to come up with a catchy and powerful name (safe harbour, privacy shield) then all have a group high-five but don't have any time left for considering the actual implementation.
Whereas in Europe they just call it Privacy Directive Article 15 sub issue 18 or some such leaving them plenty of time to discuss the American policy and decide it comes up short.
Was anyone really expecting something different? The basic problem is the US gives (often warrantless) access to everyone in law-enforcement and that isn't about to change. We here in Europe have in-living-memory examples of that sort of thing leading to Really Bad Shit, so are understandably reluctant to go down that path again. Plus we have dictionaries, and know the meaning of both "privacy" and "shield".
Waste of time.
Sounds like a Good Thing (tm) to me, especially when it apparently fails to properly account for Ombudsman authority, fails to give the Ombudsman the tools to do his work, and fails to mention massive data hovering in any way.
Talk about a lipstick operation. This Swiss-Cheese Shield was basically a copy of the previous version with a few cogs bolted on the side to make it look better.
Well it doesn't look better. Go back and do something worthy of the name of the bill.
It is not swiss cheese. The PR announcement forgot to mention the full name: Privacy Shield and Sword.
Like this one: http://img.bidorbuy.co.za/image/upload/user_images/440/2135440/2135440_121213212108_kgb-3.jpg
Sure, we will shield your data. But it all goes to the guy with the sword too.
.. because the Americans are trying to gloss over a rather problematic legal structure that simply gets in the way of any attempt to protect privacy.
Glad the EU politicians for once did not sell us out, although I suspect we'll now get the kind of gaming Facebook is doing with Belgium, but then EU wide. I suspect Google will be the first to start, because as top dog data thieves, sorry, "free" hosters they have the most to lose.
The data exporter must remain fully accountable to the data subject in the jurisdiction where the subject provided the data as provided by the legislation of that jurisdiction.
Nothing less should be acceptable, nothing more is needed.
It's very simple. It applies equally to exports to all countries. It requires no international agreements. If the exporter doesn't think that holding the data in the intended destination can't enable them to provide such accountability they have a straightforward option: don't export data.
If the exporter doesn't think that holding the data in the intended destination can't enable them to provide such accountability they have a straightforward option: don't export data.
And that's what would happen in an ideal world. No thought given to costs, just wholesome ethics when it comes down to what you put where.
Except we all know how ethical some companies are when it comes to money. Anything that endangers the bottom line, whether it is due to the capital outlay for building or expanding so that export isn't necessary or the loss of available finance due to a reduction of available data for mining in a specific area or anything else, they will always attempt to fiddle things to get their way.
No, this isn't dead yet. It's just pining.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
