Don't doubt it, Privacy Shield is going to be challenged in court The European Union's attempts to make data transfers to the United States compliant with privacy laws are an opaque exercise, so much is obvious, but will they work? It's clear that it is necessary to retain the Transatlantic data trade – in economic terms, but also as a means of preventing the Balkanization of the internet. …
This post has been deleted by its author
Every five years or so the current scheme, be it Safe Harbor, Privacy Shield, or whatever, will be found to be unlawful. A "new" agreement will be cobbled together, with a few cosmetic changes, and a new name - Confidentiality Shelter, Privacy Safeguard, etc - until it too is struck down after a few years and a further agreement made which will last until that is also struck down, and so on.
The end result is business as usual into the indefinite future, without any real transformation, merely a new name every five years or so.
Not necessarily. Lower courts mights decide that any new agreement does not meed the requirements of the ECJ's decision and strike them down pending appeal. The ECJ was fairly clear in the points it raised and it's difficult to see them being resolved without legislative changes in the US.
At some point businesses might just decide that having keeping EU data in the EU is the easiest and cheapest thing to do. At which point the legal challenges will come from the US government wanting to snoop on EU citizens without the hassle of applying for even a fast track warrant: for the US spooks the paper trail seems to be the most annoying aspect.
It was also totally unnecessary and stupid to conduct the negotiations over this in camera. Didn't Eric Schmidt say something like: "why worry if you've got nothing to hide?". Use in camera for the warrant applications.
~ Laughed at the feebleness of that line until I read this from yesterday:
========================================
http://www.theregister.co.uk/2016/07/11/swedes_slam_google_over_its_free_school_service/
========================================
~ As that Swedish report shows, this is all a game of privacy / security whack-a-mole, played against 'Oscar winning' corporate lawyers...
~ Inter-government regulation won't fix this anyway, and we've been waiting on privacy conscious alternatives like Diaspora forever.
~ Maybe we need to look at what's worked before in a historical context.
~ If users started boycotting services like FB / Gmail it might create some kind of collective bargaining, between users, US corporations & advertisers.
~ But right now, there are just too many ignorant lemmings using these US services and screwing the pooch for anyone that's more privacy conscious.
"Every five years or so"
I doubt it will take so long. I think we'll very quickly get to the state where the writ's issued the day after the current attempt comes into force, if not on the very day. At some point it will become clear that the only solution will be for the US to introduce proper privacy legislation (at which time selling double glazing and central heating in hell becomes profitable) or data has to stay in the jurisdiction at arm's length from any US corporation. Maybe European companies will supersede US ones in the market.
The smart US businesses will start restructuring there operations to do this before it becomes absolutely necessary.
Thank $deity for Brexit then. I'm sure our nice new PM with her well-know concerns for data protection and individual privacy rights will swiftly negotiate a nice treaty with the US to allow them to take any UK data they like when they like and do whatever they want with it, and the UK will be allowed to say OK.
Quite. It's fascinating that the article blames the EC for not doing enough to resist PRISM, while not saying a word about the UK being an active supporter of it. Maybe once the UK finally leaves, then its pressure to please the US at all cost will also disappear and the EC's position will be stronger?
"I'm sure our nice new PM with her well-know concerns for data protection and individual privacy rights will swiftly negotiate a nice treaty with the US to allow them to take any UK data they like when they like and do whatever they want with it."
Not if she's any sense. UK service companies will want to do business with EU customers. Unfortunately that's a big if.
Bringing up USA to Eu privacy standards is not enough as it does not fix the underlying issue.
USA legal system has two interesting peculiarities:
1. No legal redress for foreign subjects, period. You have to demonstrate some form of relationship to locality for your case to be heard.
2. Idea of complete extraterritoriality related to its "own" subjects, enshrined in the SCOTUS interpretation of the 14th amendment of the USA constitution.
Both of these are fundamentally incompatible with Eu law and specifically some of the fundamental documents like the Human Rights convention, etc. So any legal agreement with USA will fail a court case until Eu subjects are granted absolutely identical (not partial) rights to USA subjects and 14th amendment interpretation by USA courts is "fixed" to stop being as ridiculous extraterritorial as now.
Privacy shield took some steps in the right direction on the first issue (right of access for Eu subjects to USA court). Unfortunately they are only partial as they for example cannot sue the USA government (while a local subject in theory can).
The second issue is not addressed at all. So all in all, it is only a matter of time until this is back to the drawing board.
"right of access for Eu subjects to USA court"
That's not acceptable on practical grounds. The redress needs to be in the data subject's own jurisdiction against the entity that shipped the data into the clutches of the US. Each business will then have to think carefully about whether they wish to ship data there or insist on it being processed where they have effective control.
Valid point. The problem is the politicians themselves.. most haven't a clue about this. The second problem is the lobbyists.
However, all elections boil down to basically one or two issues depending the target population. Brexit is a good example of this with some voters only paying attention to the immigrant problem and other only paying attention to the "let's send the ,money we save to the NHS" bit.
Voters don't seem capable of making choices on complex issues. The listen to one guy who hits them with an issue. Like abortion, or guns, or "free-college"... Once they seize on that issue, nothing else matters.
Good point. I think a bit of Internet balkanization wouldn't be such a bad thing.
Pushing the point further, I feel it perfectly justified that a person's data is held solely in that person's country of residence, because an individual has no practical possibility of legal recourse outside of his own country anyway.
The biggest problem here is that the average joe doesn't understand what can be done with all that data that gets send overseas. And because he doesn't understand he doesn't care.
And thus companies like M$, FarceBook, crApple and the Chocolate Factory get to squaf all their data to the authorities and sell it to the highest bidder without concern.
It's happening in ever sneakier ways by methods most wouldn't even suspect.
Need to perform a bunch of statistics and analysis on your non-profits organisation with thousands of underage members? There's an app for that. Just upload all your membership info (suitably "anonymised" ofcourse, names are not important, just age, streetname, zipcode, email adress, membership duration, etc, etc) to this nice convenient server located in the US. No really, we are an entirely european company, our servers are just located at out parent companies server park "for convenience". Ohh and sign this contract that explicitly states that if YOU upload the data to the US they can do with it what they want under US law. No really, just upload it there, no problem. Look at all the pretty graphs you get!
(My brother ran into this exact situation, other managers and the people involved just wouldn't understand why he didn't want pretty much their entire membership database uploaded to a US bases server with a signed waiver saying "do whatever the hell you like with this data". He lost that fight in the end)
==> Paris, because I doubt she even has an understanding of the 'word' privacy.
That "and sell your data" should be read as and/or. Apple most certainly squafs any userdata they have at the slightest wink of the authorities. They put on a bit of a show over decrypting that phone a while back, but mostly they comply with any request for data if it doesn't require breaking encryption
"And thus companies like M$, FarceBook, crApple and the Chocolate Factory get to squaf all their data to the authorities and sell it to the highest bidder without concern."
Frankly, I'm less bothered about those companies. You deal with them direct if at all and as you should know what they're up to you can make your choices accordingly. The real problem comes with dealing with a local company that then ships the data overseas, maybe unbeknown to you. A company like your employer which might use an on-line HR system, maybe. Or a company that uses an on-line CRM system. Or a bank that shares data with a credit reference bureau. Those are cases where you haven't much choice at all or no informed choice.
Let's add: health insurance companies that outsource the processing of your claims to another country. Once that data is on the wire and headed to the processor, anyone can get it. And there's no telling what the processor will do with it or who has access (legal or illegal) to it.
We will be on this round-about until the US realises that it has boarders and its jurisdiction ends there. America, land of the free (free data for government, gov agencies, LEOs mega corps, corps, hell anyone with the money to buy the stuff.)
Safe Harbo(u)r has been bugging me since its inception.
"Don't kid yourselves. The EU and UK governments are fully complicit in all the data slurping since they also want access to everything about everyone. They're all at the trough."
Re-unified Germany and the ex-Communist countries seem to be a lot more wary though.
"It is fundamentally different from the old 'Safe Harbour': It imposes clear and strong obligations on companies handling the data and makes sure that these rules are followed and enforced in practice.
Does it fuck. It is exactly as useless as the Safe Harbour was (that is 100% useless) for exactly the same reason: US law enforcement is going to continue to do whatever the hell it likes. Shit, only a couple of weeks ago a judge gave the feds permission to warrentlessly wiretap anywhere in the world because he hasn't grasped the concept of 'jurisdiction', the arrogant fuck.
I'm still debating the merits of preparing a special reception for people from the US attempting to hack my sites, because a lot of these attempts seem to be coming from the same few places. Because, you see, unlike the feds who apparently are allowed to hack anything SUSPECTED of being RELATED to a POTENTIAL crime, I would be actively investigating an actual, definite crime attempt (pick your "interfering with someone else's computer" law). Dunno if I'll end up bothering...it is quite a lot of trouble to go to just to be a wanker back just on general principles. Would be amusing though.
......why has no one commented about the fact that no one actually knows what information is held about them and by whom!!!!
Personally, I don't want to know anything about the data held concerning anyone else, but I would like to know:
- a list of all the organizations who keep records about me
- for each of these organizations, exactly what information they keep about me
I'd also like to see copies of all these records about me, so that:
- I can demand deletions for records no longer relevant
- I can correct all the mistakes in what is left
But all this is moot:
- I don't have any legal right to know
- Many of the organisations will never have had a direct relationship with me, so I would never guess that they had relevant records
- Many of the organisations who have records about me (say, perhaps GCHQ) would either deny having the records, or would deny any access outright
.......so worrying about Safe Harbour or Privacy Shield seems to me to miss other, much more fundamental issues.
That's the problem right enough. IF you can catch someone misusing your data in a manner that hasn't been legally weaselled out of already, that wins you the right to spend the next decade being outgunned in court by a company who probably has far more money than you.
"includes commitments by both self-certifying companies and the US Government, will mitigate uncertainty and risk and increase trust in the global digital economy."
Self certification is a joke and the US government don't care about their own citizen's rights so what hope do foreigners have of respect for their privacy.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
