back to article Safe harbour ruling: RELAX, Facebook and Google will be FINE!

The European Court of Justice’s decision to rule the EU-US safe harbour agreement invalid is causing panic among some companies dependent on keeping data flows going ... but Google and Facebook are probably prepared for it. Much to the satisfaction of those who have long condemned US data collection policies, the landmark …

  1. Anonymous Coward
    Anonymous Coward

    All of that is half of the fun

    Now add the other half - USA agencies insisting that they have full right to access any data that is _ALREADY_ in Europe if it is held by an American company.

    Popcorn please.

    1. Sir Runcible Spoon

      Re: All of that is half of the fun

      I've been wondering when this point will be covered - nothing yet.

    2. ckm5

      EU privacy rules are all smoke

      As AVG proved with their "we can use any of your data for anything" privacy policy, EU rules are just smoke.

      They seemed to be designed for both 'full employment' for EU data center engineers and making sure that EU law enforcement has full access to the data.

      Privacy is just the excuse they are using to justify this, because, strangely enough, EU citizen data would be safer from EU governments if it was in the US....

      1. Destroy All Monsters Silver badge
        Paris Hilton

        Re: EU privacy rules are all smoke

        EU citizen data would be safer from EU governments

        Except the poodelicious UK govnmt, I presume.

        S'truth that the french might just smash & grab the EU data car tel est leur bon plaisir.

    3. Your alien overlord - fear me

      Re: All of that is half of the fun

      They already have that right - in their eyes anyway. GCHQ can take what they want (as does the Germans and soon the French), swap it for some Predator drones and everyone is happy !!!!

  2. gloucester

    How Long?

    "With today’s verdict it is clear that these transfers were in breach of the fundamental right to data protection," added Albrecht. "It is now up to the Commission and the Irish data protection commissioner to immediately move to prevent any further data transfers to the US in the framework of Safe Harbor.”

    Not precisely Jan Philipp, if I understand the judge correctly; the higher court (I think there was another in between somewhere) indicated that "safe harbour" shouldn't be used as reason not to consider potential breaches, so the Irish DPC should now consider such potential abuse (and perhaps prevent further transfers as part of any remedy). Not quite so cut and dried.

    Anyone taking bets on how long the Irish DPC will take to make such consideration?

    1. Anonymous Coward
      Anonymous Coward

      Re: How Long?

      I suspect that the Irish DPC would take a more favourable view on this, if the US weren't currently trying to stomp all over their rights by forcing MS to handover data stored in Ireland.

      1. g e

        Re: How Long?

        However, any suspension of Safe Harbour would add a bit more defeat to the data extradition now, surely?

  3. Anonymous Coward
    Anonymous Coward

    Keep Calm and Carry On

    The likes of Facebook and Google with just ignore the ruling anyway. They think that they are bigger than the Government and the courts (of every nation)

    1. ratfox

      Re: Keep Calm and Carry On

      They don't even need to ignore it, they have DCs in Europe… Haven't they gone through this with Russia already?

    2. oldcoder

      Re: Keep Calm and Carry On

      Most (not all) of the data Facebook and Google use is public information.

      All it would restrict is user identification, credentials, and non-public information from being passed. The non-public information is already not passed, except perhaps as a backup.

      Using the US for backup might still be possible - if it is bulk encrypted first, with the keys remaining in the EU. (by "bulk encrypted" I mean hundreds/thousands of users in a backup set). Personally, I would prefer multiple layers of encryption...

      first a site level encryption for the data, a second level used to send the data, and a third level at the recipient site. The only keys that could then be exposed by government order is the third level... The other two would still protect the data.

  4. Pseu Donyme

    For whatsoever a man soweth, that shall he also reap

    Of course, this could have been avoided altogether if the US (govt and companies) had taken the issue - right to privacy in general and its modern aspect data protection in particular - seriously in the first place; ultimately the solution is for the US to adopt proper data protection legislation like just about any other advanced country (this has its origins in the OECD, after all), for US companies operating in the EU the solution is simply making a sincere effort to obey the law there.

    1. James Micallef Silver badge

      Re: For whatsoever a man soweth, that shall he also reap

      "ultimately the solution is for the US to adopt proper data protection legislation"

      does not and would not matter. US has anti-terror legislation that trumps any other legislation, meaning that whatever data protection laws are in place, spook agencies can get access to that data with a secret warrant, and whoever the data is being taken from cannot mention it, so all data on US soil is always accessible by potentially hundreds of thousands of people across multiple law enforcement/spook agencies.

      In theory of course a particular person's data is only accessed and used if this person is a genuine suspect, but in practice there is a large history of law enforcement identifying the wrong person, or identifying the right person and raiding the wrong address, of use of law enforcement privileges for personal agenda and so on.

      When US, related agencies, EU governments etc say "trust us, this will only be used for intended purpose", who can blame the people to NOT trust them, given that historically that trust has zero zilch nada to be based on?

      1. Doctor Syntax Silver badge

        Re: For whatsoever a man soweth, that shall he also reap

        "US has anti-terror legislation that trumps any other legislation"

        Yes, but this is not having PROPER data protection legislation. As the OP put it and you quoted, it's proper data protection legislation that's needed.

  5. Anonymous Coward
    Anonymous Coward

    I'm glad it's now on the table

    This problem has been around for well over a decade, and it has been allowed to persist because it got a stiff ignoring from US companies instead of an open debate. Of course, this is understandable to a degree because it directly impacts their ability to sell into Europe, but sticking it under the carpet doesn't fix it, only open discussion about it.

    The most painful part for US companies is that there is no such thing as a quick fix. Even Safe Harbor was just a badly thought out excuse, it was not a fix. Now the US will have to look at the fundamentals and decide if Europe is worth addressing their legal problems for. Given the amount of money they dragged out of Europe over that decade I suspect it is, but that will not stop them from trying to bullshit their way around the problems first. Let's make sure they can't.

  6. Anonymous Coward
    Big Brother

    Does it matter?

    Even your musical doorbell has been backdoored by GCHQ/NSA

    1. John Brown (no body) Silver badge

      Re: Does it matter?

      "Even your musical doorbell has been backdoored by GCHQ/NSA"

      Day-um! My IoT doorbell will have to go, I really enjoyed the convenience of clicking my smartphone app and having my data fly off to the googleplex to check if anyone had pressed it recently or to change the programmable chimes from a wide selection of low low cost choices in the doorbell app store.

  7. Destroy All Monsters Silver badge

    Now go away or I will RETALIATE in your general direction!

    “retaliation from US authorities”

    What! Will they leave us all alone with their Ukrainian neocon scheme and suffer exposure to the chtonic evil of P.U.T.I.N. all alone? Will they stop pretending to bomb ISIS? Will they close embassies? Inquiring minds want to know.

  8. Your alien overlord - fear me

    So, all the data the USA companies have already got their greedy sweaty mitts on, are they going to delete it or carry on peddling it to spamvertisment companies?

  9. Anonymous Coward
    Anonymous Coward

    This is really just another symptom

    The perceived need for Data Protection, and the ineffectiveness of the Safe Harbour agreements in providing that protection are really just symptoms of a more profound underlying problem; who is being served, and by whom i.e. do governments and business exist to serve us, the people, or do we exist to serve government and business?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like