back to article Top EU data cop slams Safe Harbor replacement as inadequate

The EU's independent data protection supervisor has said that the proposed US-EU data sharing agreement, Privacy Shield, "is not robust enough to withstand future legal scrutiny" and has refused to endorse it. "Significant improvements are needed should the European Commission wish to adopt an adequacy decision, to respect the …

  1. Anonymous Coward

    Gosh! Hooda thunked?

    Course it's inadequate: That's the fucking point. Just as "inadequacy" (to put it politely) was always the point of "Safe (sic) Harbor (sic)." Doesn't the EU's "data protection supervisor" understand what a sham is?

    The ONLY real solution (and it would be a simple solution, easy to regulate and police*) is (still!) to require effective client-side encryption.. which will, of course, NEVER happen: How would the "five eyes" easily subvert that?

    Another worthless morass of crappy faux-altruistic legalese bullshit we'll get then.

    *anyone else remember when that word used to mean ensuring laws were being followed - rather than just the implicit prefix to the word "state"?

    1. DropBear

      Re: Gosh! Hooda thunked?

      "The ONLY real solution (and it would be a simple solution, easy to regulate and police*) is (still!) to require effective client-side encryption"

      Care to elaborate on how the hell that is supposed to work...?

      "Dear Ms./Mr. @#$$#78^% #$^%&*VG, this is to let you know we encountered some problems processing your order of &FB2 pieces of $%e456V%T)$$! (assuming we carry that at all - it's a bit hard to tell), from date &@B33<2C3%xs (at least we _think_ it's reasonably recent, we found it towards the end of our transaction log); namely, the courier service we use can't seem to find the registered delivery address of @$v%$RECcdfFCSDDF5566@# 2 % eT%TVSC rRCE^RFW#@ anywhere, or indeed the country &%^vrC3rr^21 itself (although we have a hunch it might be within the EU somewhere). Please instruct us on how we should proceed - best wishes, Omni Impex Corp., USA"

  2. Doctor Syntax Silver badge

    The much worried-about Privacy Shield is a proposed legal measure which would not ensure that EU citizens' data would remain protected by the EU's more stringent data laws when transported across the Atlantic by firms based in America.


    1. Pseu Donyme

      Indeed. Like its predecessor "Privacy Shield" simply amounts to US firms being exempt from EU data protection. This is plain unacceptable as data protection is a fundamental right. Also, being exempt gives US firms a rather unfair competitive advantage.

    2. VinceH


      Being a little more cynical, rather than "... not ensure that EU citizens' data ..." I would have probably gone with "... ensure that those EU citizens who are gullible enough believe that their data ..."

      But, yeah, have an upvote anyway.

  3. Anonymous Coward
    Anonymous Coward

    As I have said before and will again, the only way to resolve this if for the US government to enact the same laws about data security and privacy as the EU.

    Since that will never happen with the bought and paid for US politicians there will never be a real resolution to this.

    1. Big_Ted

      Or . . . .

      Just require that instead of the data going abroad the servers etc must be in the EU, programs could be run from outside but must happen with EU teritory.

      I am sure between then MS, Amazon and Google could all come up with ways for this to be done.

      1. John Brown (no body) Silver badge

        Re: Or . . . .

        "Just require that instead of the data going abroad the servers etc must be in the EU, programs could be run from outside but must happen with EU teritory."

        If the data is held by a US company or, for that matter, any company which has a physical presence in the USA, comes under USA jurisdiction as far as the USA is concerned.

        MS Ireland and the FBI comes to mind.

    2. Pseu Donyme

      Quite. The US to needs to adopt proper data protection legislation like just about any other advanced country. In the meantime I suppose the only realistic solution is to keep EU citizens' data out of the US.

      1. Tomato42

        @Pseu Donyme: they will do that right after they switch to metric and stop using their brain-dead electric sockets

        1. Anonymous Coward

          That's brain-dead wall outlets. Tok English yall.

        2. Anonymous Coward
          Anonymous Coward

          Add that to the safe harbour agreement!

          "Countries storing EU citizen's data must use the metric system, and ISO 8601 dates".

        3. alain williams Silver badge

          USA & standards ...

          and when they start using the A and B paper sizes like all the rest of the world.

      2. Anonymous Coward
        Anonymous Coward

        Are you referring to the very outdated DMCA? Come on, 1998 was not that long ago! :/

    3. Doctor Syntax Silver badge

      "As I have said before and will again, the only way to resolve this if for the US government to enact the same laws about data security and privacy as the EU."

      Enact and obey. Even if they enacted them do you think they'd accept the same limitations as the little people?

  4. The Nazz

    EU, give up now, you've no effing chance.

    Hell, the most likely next POTUS can't even comply with her own countries rules, regulations and laws so what chance Europe's?


  5. Anonymous Coward
    Anonymous Coward

    No more Privacy-Whack-a-mole, this needs to be about money...

    We need someone sneaky with deep pockets like the Peter Thiel / Gawker scenario, to go after Big-Data-Slurpers and sue them into oblivion. That would concentrate minds. Without it, its just lawyers pushing paper and playing games.

  6. Anonymous Coward
    Anonymous Coward

    Notice the attitude?

    Of course its unworkable, it sets a lower bar of compliance for US companies, compared to EU ones.

    EU companies would be fully liable under EU Law if it turns out they breach data laws, US ones would only face the rath of a US Ombudsman and his punishing stares of disapproval! So of course it lowers the bar below the privacy requirement and could never be accepted.

    But I want to point out the attitude of a lot in government:

    1) Something illegal is being done

    2) The department refuses to stop it

    3) They're too big to punish

    4) Hence we need to make it legal to protect the system of laws and restore confidence in them.

    Anything other than tackle the rogue agencies.

    1. Oengus

      Re: Notice the attitude?

      In short Privacy Shield is about shielding US companies from lawsuits bought about by EU citizens who feel their privacy has been violated.

      It has nothing to with ensuring that private data is respected by anyone in the US.

    2. Justicesays

      Re: Notice the attitude?

      More likely

      1) Something illegal is being done

      2) I'm in a position to do something about it, so therefor I'm likely to have at least a dozen skeletons in the closet, any one of which would spell the end to my "career".

      3) They know all about those.

      4) So long as I don't rock the boat I'll be fine, the only other option is MAD.

      5) Pretend to do something about it while really doing nothing of any import in order to assuage the masses.

  7. Aristotles slow and dimwitted horse Silver badge


    To all the knee-jerk Brexiters : How amazing to think that in a few weeks we won't have to worry about these regulatory inconveniences that protect our privacy because as soon as we leave the EU our lovely government will only be too happy to hand over whatever 'Ole Uncle Sam asks for. Marvellous!!!

    Still, once the truth sinks in we can always blame the immigrants, the old people and those on benefits right?

  8. Justicesays

    If it's in the name, it's not in the product.


    Peoples Democratic Republic

    FREEDOM act

    Privacy Shield

    Safe Harbour

  9. Wommit

    The true problem

    is the US government and its agencies.

    The US seems to be unable to understand that other people & countries also have rights and that those rights might be different, or more stringent than those offered in the US. The USA's technical skills and systems have taught them that they should be able to access any data, any time, any where. The fact that they are (or have been) spying on allies is beside the point. If their agencies exceed the bounds, well just change the law to move those bounds.

    While the USA remains the only 'super power', they will continue to ignore the rights and privileges of every one else. Only when a stick big enough to hurt the corporations in the bank balance, and a group or country with the will to use it, emerges will the USA step back and review their attitudes.

    But be warned, the USA will only change when it is in its own interests to change. And, currently, there isn't the stick, nor any other threat large enough to actually make the USA change its corporate & governmental minds.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021