TFA omits to link to the actual report. It's this: http://ec.europa.eu/newsroom/just/document.cfm?doc_id=48782
EU data protection groups: Fix Privacy Shield or face lawsuit
European data protection agencies have told authorities to address their “significant concerns” about Privacy Shield, or risk having the deal tested in court. The Privacy Shield agreement governs transatlantic data flows and is the product of a lengthy wrangle after the Safe Harbor agreement was ruled invalid back in 2014. …
COMMENTS
-
Thursday 7th December 2017 00:14 GMT Doctor Syntax
although it’s better than Safe Harbor, there are still “significant concerns” to be addressed.
More lipstick on a pig.
It still relies on the data subject enforcing their rights by civil litigation in the US. Really?
There's only one satisfactory way of doing this: if an EU business exports personal data to the US or any other non-EU country for processing that company remains entirely responsible for the outcome. If there's any breach or other mishandling then the civil and judicial penalties of the GDPR fall on that company as if the breach had occurred to data holdings within the company itself and the company should make best efforts to protect the data subject from any consequences of the breach. "Breach" should include spying, surveillance, seizure of data or whatever by the government of the non-EU country irrespective of whether the action was judicially authorised or supported by the powers that government gave itself.
The question a company then has to ask itself before transferring data is whether it's a risk it's able to accept.
-
Thursday 7th December 2017 10:08 GMT Nick Ryan
Yep, privacy shield is pretty much as useless as safe habor(sp) was. Unless inappropriate data access and use becomes a legal matter in the US then regimes like the US cannot be trusted with personal data.
So, you're a non US citizen and want try civil litigation in the US against a US corporation? Seriously, this is not going to work. Non-US citizens have little to no inherited rights in the US and US corporations are already litigation and lawyer heavy therefore you will need a lot of US money to get anywhere. US civil courts will almost certainly side with a US corporation (depending on jurisdiction I guess) therefore chances of success are likely to be low, particularly when the patriotism flag starts to get waved around - i.e. "protecting 'honest' US businesses against forrners".
Treating the local international office as part of the international group and threatening them with a fine levied against the international organisation's group turn over may do the trick though. This is already part of the GDPR.
-
-
Thursday 7th December 2017 07:51 GMT John Smith 19
"Nobody wants to admit they're powerless to fix the situation."
Actually they are not.
It only takes 1 national DP agency to initiate proceedings through the ECJ and the wrecking ball starts rolling.
But let's be real. Post Snowden only the most delusional still believe that the US doesn't spy in a grossly disproportionate way on everyone who's data crosses its borders (and it's agreements with it's little big boys club the UK, Canada, Aus, NZ etc).
-
Thursday 7th December 2017 18:59 GMT DaveTheForensicAnalyst
PS may as well be blank paper
Looking at another US / UK Case this week (Extradition), every agreement between <Enter Country> and the USA has to favor the USA or it will never be agreed to by them.
The same goes for the EU super state, the CJEU can bring as many cases as it wants with regards Privacy Shield against <Enter US defendant>, I'll bet my last groat, that not a single case will come to fruition, and personal cases will never even get an initial hearing.
On top of that, while 5Eyes are sharing intelligence, all information that is collected by the US will be obfuscated via UK, US, NZ, Aus, Can so that the source country will become unidentifiable, and therefore it will be masked as no case to answer.
With that in mind, Privacy Shield maybe a blank sheet of paper for the use it will be.
(All further communications will be via writing a note backwards, and tying it to the famed messenger pigeon Speckled Jim, to avoid all but the most intelligent of US's intel analysts)