I should congratulate Mr Schrems for an image that is likely to stay with me for a very long time!
As far as the "agreement" goes, it looks like somebody needs to stock up on turd polish again.
The final text of the EU's patchwork replacement for the Safe Harbour agreement, “Privacy Shield”, has been sent to data protection authorities. Privacy campaigners aren’t impressed. Safe Harbour established a self-certification regime that allowed US companies to process EU citizens' personal data. But a European Court of …
Why did the foreign power flushed the toilet? Because it was its duty.
Anything can go under this one because by definition any European nation is a foreign power relative to US justice and vice versa. Similarly, flushing the toilet or putting another layer of lipstick on the pig can be classified as a "certain activity"
There is a GLARING ADJECTIVE OMISSION here. It is missing the adjective "HOSTILE". It needs at least one or two occurrences of it.
So in the absence of this adjective the shield allows for any USA (and vice versa) surveillance of pesky foreigners, just indirectly. That clause allows USA to continue surveillance on anything happening in Eu and vice versa and they can still exchange information as before. In fact, if anything, this agreement in this form and in the absence of this adjective sets in stone the status quo of the Bush and post-Bush era.
Don't forget that the TSA can take your electrical equipment without a warrant when you're entering the country:
The home secretary carried forth the six commandments and said unto the people.
"would you like your testicles boiled or sauteed?"
And there endeth the lesson......
If anyone thinks for one moment the magic six was all the idea of the US they need to think again, our data hoovering government will be equally complicit in this, just look at the wonderful new data hoover bill that just went before parliment after being universally lambasted.
Never fear, we'll be out of that arrangement soon enough so we will be "free" to "choose" how much we all get spied on without anyone to complain to... Course we'll also need to arrange a safe harbour agreement of some sort with the EU and US... that should be a good laugh to watch too.
Given that the CJEU failed to define what is and isn’t acceptable the first time around, the Shield is sure to end up back in Luxembourg once again.
Is it the responsibility of the court to do so? That would make the court a lawmaker. The main point of the judgement was that EU citizens have little or no rights over their privacy in the US, ergo Safe Harbour is null and void. Politicians around the world have, for reasons of political expediency ("look at what we're doing to fight terrorism/child pornography/halitosis, etc."), increasingly effectively delegated lawmaking to the courts. Think of the DRIP fiasco.
The onus is now on lawmakers to come up with the definitions both of what's acceptable and of adequate legal recourse. Mass snooping is unlikely to suffice and, so, if it's included then the agreement then there is every chance that the law does end up before the courts. However, this would be a poor strategy to follow: the ECJ has already invalidated the existing agreements so new ones are likely to be overturned by lower courts, citing the existing judgement.
"That would make the court a lawmaker."
Well, making case law is a role for the courts. But I don't think it's a matter of defining what's acceptable. It's already said that the pig wasn't for specific reasons. It will then have the job of deciding whether the pig with lipstick is any better depending on whether the specific reasons have gone away. Somehow, I think that lipstick or no, the pig's going to remain earth-bound.
Snowden opened the lid on a whole load of things National Security was doing that we didn't know about. I do not think post-Snowden overnight we are aware of everything that is now being undertaken by "National Security" and herein is the problem. Its National Security, not International Security or EU security even within the EU, so countries are going to a greater or lesser extent protect their sovereign interests.
The realistic prospect of the USA having a sound privacy framework we can trust when the USA does not participate in the International Criminal Court (ICC) suggests to me that privacy compliance is merely to satisfy commercial interests rather than being interested in fair play. Look at the US issue with Apple and the FBI and imagine how that might play out if other countries were involved?
International privacy agreements / law one way or another for many years is going to be a mess. We are going to need to trust the provider of the solution, hardware, software or cloud to act in our best interest and protect our data as they have a commercial interest in ensuring we trust the brand to continue to buy from them.
To me the irony is the messier it privacy law becomes, the more cognizant companies need to be aware of the potential commercial risks associated with having data located in one country or another. Safe Harbour was always a bit of a kludge and with its demise, my hope is companies that think about the bigger picture regarding data privacy and have a strategy to address this minefield.
Biting the hand that feeds IT © 1998–2021