back to article EU data protection groups: Fix Privacy Shield or face lawsuit

European data protection agencies have told authorities to address their “significant concerns” about Privacy Shield, or risk having the deal tested in court. The Privacy Shield agreement governs transatlantic data flows and is the product of a lengthy wrangle after the Safe Harbor agreement was ruled invalid back in 2014. …

  1. Doctor Syntax Silver badge

    TFA omits to link to the actual report. It's this: http://ec.europa.eu/newsroom/just/document.cfm?doc_id=48782

  2. Doctor Syntax Silver badge

    although it’s better than Safe Harbor, there are still “significant concerns” to be addressed.

    More lipstick on a pig.

    It still relies on the data subject enforcing their rights by civil litigation in the US. Really?

    There's only one satisfactory way of doing this: if an EU business exports personal data to the US or any other non-EU country for processing that company remains entirely responsible for the outcome. If there's any breach or other mishandling then the civil and judicial penalties of the GDPR fall on that company as if the breach had occurred to data holdings within the company itself and the company should make best efforts to protect the data subject from any consequences of the breach. "Breach" should include spying, surveillance, seizure of data or whatever by the government of the non-EU country irrespective of whether the action was judicially authorised or supported by the powers that government gave itself.

    The question a company then has to ask itself before transferring data is whether it's a risk it's able to accept.

    1. Nick Ryan Silver badge

      Yep, privacy shield is pretty much as useless as safe habor(sp) was. Unless inappropriate data access and use becomes a legal matter in the US then regimes like the US cannot be trusted with personal data.

      So, you're a non US citizen and want try civil litigation in the US against a US corporation? Seriously, this is not going to work. Non-US citizens have little to no inherited rights in the US and US corporations are already litigation and lawyer heavy therefore you will need a lot of US money to get anywhere. US civil courts will almost certainly side with a US corporation (depending on jurisdiction I guess) therefore chances of success are likely to be low, particularly when the patriotism flag starts to get waved around - i.e. "protecting 'honest' US businesses against forrners".

      Treating the local international office as part of the international group and threatening them with a fine levied against the international organisation's group turn over may do the trick though. This is already part of the GDPR.

  3. ratfox

    The king's clothes

    Except everybody knows the king is naked, even himself. Nobody wants to admit they're powerless to fix the situation.

  4. John Smith 19 Gold badge
    Gimp

    "Nobody wants to admit they're powerless to fix the situation."

    Actually they are not.

    It only takes 1 national DP agency to initiate proceedings through the ECJ and the wrecking ball starts rolling.

    But let's be real. Post Snowden only the most delusional still believe that the US doesn't spy in a grossly disproportionate way on everyone who's data crosses its borders (and it's agreements with it's little big boys club the UK, Canada, Aus, NZ etc).

  5. DaveTheForensicAnalyst
    Coffee/keyboard

    PS may as well be blank paper

    Looking at another US / UK Case this week (Extradition), every agreement between <Enter Country> and the USA has to favor the USA or it will never be agreed to by them.

    The same goes for the EU super state, the CJEU can bring as many cases as it wants with regards Privacy Shield against <Enter US defendant>, I'll bet my last groat, that not a single case will come to fruition, and personal cases will never even get an initial hearing.

    On top of that, while 5Eyes are sharing intelligence, all information that is collected by the US will be obfuscated via UK, US, NZ, Aus, Can so that the source country will become unidentifiable, and therefore it will be masked as no case to answer.

    With that in mind, Privacy Shield maybe a blank sheet of paper for the use it will be.

    (All further communications will be via writing a note backwards, and tying it to the famed messenger pigeon Speckled Jim, to avoid all but the most intelligent of US's intel analysts)

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2022