back to article Safe Harbour v2.0 greenlights six bulk data collection excuses

The final text of the EU's patchwork replacement for the Safe Harbour agreement, “Privacy Shield”, has been sent to data protection authorities. Privacy campaigners aren’t impressed. Safe Harbour established a self-certification regime that allowed US companies to process EU citizens' personal data. But a European Court of …

  1. Chika

    I should congratulate Mr Schrems for an image that is likely to stay with me for a very long time!

    As far as the "agreement" goes, it looks like somebody needs to stock up on turd polish again.

    1. Mark 85 Silver badge

      I think the turd polishing part has been outsourced to a certain software company who's latest polishing job is Win 10. <runs><ducks for cover>

  2. John Lilburne

    Perhaps they should ...

    "Data protection authorities in EU member states will have to work with the FTC to ensure these are resolved."

    ... outsource it to Google?

    ... (0-0) ... (`-0) ... Oh?

  3. Kevin Johnston

    Only 6 excuses?

    So have had a quick look I am struggling to think of any scenario they haven't covered with those 6 excuses. Amazed actually that they didn't just say 'because we want to' and be done with it.

    1. Chika

      Re: Only 6 excuses?

      Actually, I believe that they missed a trick here. They could have just got away with one excuse that would have covered everything they wanted.

      Because reasons.

  4. Anonymous Coward
    Anonymous Coward

    detecting and countering certain activities of foreign powers

    Why did the foreign power flushed the toilet? Because it was its duty.

    Anything can go under this one because by definition any European nation is a foreign power relative to US justice and vice versa. Similarly, flushing the toilet or putting another layer of lipstick on the pig can be classified as a "certain activity"

    There is a GLARING ADJECTIVE OMISSION here. It is missing the adjective "HOSTILE". It needs at least one or two occurrences of it.

    So in the absence of this adjective the shield allows for any USA (and vice versa) surveillance of pesky foreigners, just indirectly. That clause allows USA to continue surveillance on anything happening in Eu and vice versa and they can still exchange information as before. In fact, if anything, this agreement in this form and in the absence of this adjective sets in stone the status quo of the Bush and post-Bush era.

  5. Christoph

    So which of those excuses will they be using to cover industrial espionage on European companies which is then passed to their US rivals?

    1. James 51

      Don't forget that the TSA can take your electrical equipment without a warrant when you're entering the country:

    2. allthecoolshortnamesweretaken

      "National Security" - that never gets old...

  6. nsld
    Black Helicopters

    And lo

    The home secretary carried forth the six commandments and said unto the people.

    "would you like your testicles boiled or sauteed?"

    And there endeth the lesson......

    If anyone thinks for one moment the magic six was all the idea of the US they need to think again, our data hoovering government will be equally complicit in this, just look at the wonderful new data hoover bill that just went before parliment after being universally lambasted.

  7. Doctor Syntax Silver badge

    I prefer to call it the Privacy Fig Leaf.

    1. Chika

      I prefer to call it the Privacy Fig Leaf.

      That presumes that something is being covered...

  8. sysconfig

    We should calm down...

    since the IPBill is at odds with EU privacy law, too. And we won't even have an ombudsman!

    (Add a pinch of salt as appropriate.)

    1. Anonymous Coward
      Anonymous Coward

      Re: We should calm down...

      Never fear, we'll be out of that arrangement soon enough so we will be "free" to "choose" how much we all get spied on without anyone to complain to... Course we'll also need to arrange a safe harbour agreement of some sort with the EU and US... that should be a good laugh to watch too.

  9. Pseu Donyme

    "Privacy shield"

    I suppose it is aptly named in a sense: it shields privacy from us EU plebs.

  10. Charlie Clark Silver badge

    The responsibility of courts

    Given that the CJEU failed to define what is and isn’t acceptable the first time around, the Shield is sure to end up back in Luxembourg once again.

    Is it the responsibility of the court to do so? That would make the court a lawmaker. The main point of the judgement was that EU citizens have little or no rights over their privacy in the US, ergo Safe Harbour is null and void. Politicians around the world have, for reasons of political expediency ("look at what we're doing to fight terrorism/child pornography/halitosis, etc."), increasingly effectively delegated lawmaking to the courts. Think of the DRIP fiasco.

    The onus is now on lawmakers to come up with the definitions both of what's acceptable and of adequate legal recourse. Mass snooping is unlikely to suffice and, so, if it's included then the agreement then there is every chance that the law does end up before the courts. However, this would be a poor strategy to follow: the ECJ has already invalidated the existing agreements so new ones are likely to be overturned by lower courts, citing the existing judgement.

    1. Doctor Syntax Silver badge

      Re: The responsibility of courts

      "That would make the court a lawmaker."

      Well, making case law is a role for the courts. But I don't think it's a matter of defining what's acceptable. It's already said that the pig wasn't for specific reasons. It will then have the job of deciding whether the pig with lipstick is any better depending on whether the specific reasons have gone away. Somehow, I think that lipstick or no, the pig's going to remain earth-bound.

  11. trillyuk

    Post Snowden

    Snowden opened the lid on a whole load of things National Security was doing that we didn't know about. I do not think post-Snowden overnight we are aware of everything that is now being undertaken by "National Security" and herein is the problem. Its National Security, not International Security or EU security even within the EU, so countries are going to a greater or lesser extent protect their sovereign interests.

    The realistic prospect of the USA having a sound privacy framework we can trust when the USA does not participate in the International Criminal Court (ICC) suggests to me that privacy compliance is merely to satisfy commercial interests rather than being interested in fair play. Look at the US issue with Apple and the FBI and imagine how that might play out if other countries were involved?

    International privacy agreements / law one way or another for many years is going to be a mess. We are going to need to trust the provider of the solution, hardware, software or cloud to act in our best interest and protect our data as they have a commercial interest in ensuring we trust the brand to continue to buy from them.

    To me the irony is the messier it privacy law becomes, the more cognizant companies need to be aware of the potential commercial risks associated with having data located in one country or another. Safe Harbour was always a bit of a kludge and with its demise, my hope is companies that think about the bigger picture regarding data privacy and have a strategy to address this minefield.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021