Interesting
this story appears next to the HMRC/Google story
In a visit to Brussels this week, US Under Secretary Catherine Novelli told reporters that an agreement on a revised Safe Harbor framework was just weeks away. But the European Commissioner responsible for data protection, Vera Jourova, said there were still obstacles to be overcome. The Safe Harbor agreement is a legally …
It seems to me that it is in the US Government's interest to spin these negotiations out as long as possible.
They are perfectly happy with the current arrangement where they can do whatever they like. Without any real prospect of the European Commission switching Safe Harbor off, I expect agreement on a revised Safe Harbor framework will continue to be "just weeks away" for many more years.
First of all, as long as the work "voluntary" appears anywhere in this agreement it's not even worth the paper it isn't written on. Secondly, as long as the only impact on a US organisation breaking the rules is a slap on the wrist with a feather in monetary terms I wouldn't put much store in it either.
Last but not least: Safe Harbor does not fix the huge mess of laws they have in the US for accessing anything they pretty much like without much of (a) a barrier and (b) accountability for the consequences, so Safe Harbor II or not, I would avoid companies that host their data there.
If I was in the EU commission I'd make it at least mandatory that companies were obliged to mention that they host data in the US, now it's sort of vaguely implied somewhere in the small print in words like "we may host data outside the EU" (if you see that, read it as "we will export your data to wherever it is cheapest, damn the consequences because you agreed to it"). Personally, that should become part of a mandatory explicit opt-in, just as permission to use personal data is not permitted to be implied. That way, a customer can make an informed choice.