back to article US told to appoint a damn Privacy Shield ombudsperson already or EU will take action

The US has been told once again to appoint a permanent ombudsperson to oversee the deal governing transatlantic data flows, but this time has been given a deadline. The European Commission's second annual review of the Privacy Shield agreement, published today, made similar noises to last year's, concluding the deal does the …

  1. Valeyard

    Oooh just you wait

    There'll be severe tutting and possibly even suggestions of a mildly-worded letter you mark my words

    1. Len

      Re: Oooh just you wait

      There is definitely room for improvement when it comes to Privacy Shield but I wouldn't dismiss it too lightly.

      We're seeing the increasing scrutiny that Facebook is under and various players in Europe, from privacy advocates to legislators and regulators have Privacy Shield as a serious stick to hit them with if they are not forthcoming enough. Facebook will not want to lose European users, half a billion of the world's richest users.

      1. ratfox

        Re: Oooh just you wait

        Looking forward to Facebook being banned in Europe! I wouldn't hold my breath though.

        1. VinceH

          Re: Oooh just you wait

          My grin would be very wide were that to happen - but like you, my breath will not be held.

          Also: Threaded comments! It's about time!

        2. jelabarre59

          Re: Oooh just you wait

          Looking forward to Facebook being banned in Europe! I wouldn't hold my breath though.

          There, FTFY.

    2. Anonymous Coward
      Anonymous Coward

      Re: Oooh just you wait

      You Europeans are so polite. In the US, we jump to the sternly worded memo right away.

      1. jelabarre59

        Re: Oooh just you wait

        You Europeans are so polite. In the US, we jump to the sternly worded memo right away.

        Maybe even a bad Yelp review.

  2. Len
    Happy

    All temporary anyway

    It's good that they are putting some pressure on but I firmly believe Privacy Shield is not going to last very long. Just like Safe Harbour, its predecessor, Privacy Shield will ultimately by struck down by Court of Justice of the EU (CJEU) as it has too many conflicts with the Charter of Fundamental Rights of the European Union. The Charter trumps any agreement, as we've seen with Safe Harbour.

    The wait is now for a case to reach the CJEU and we're back to square one. The main difference will be that when the successor to Privacy Shield needs to be created it will happen in a time when more people, from Joe Bloggs to legislators, will be more aware of potential and actual privacy violations. Bring it on.

    1. Anonymous Coward
      Anonymous Coward

      Re: All temporary anyway

      Classic diplomacy....

      The EU and US are a long way apart on this issue, but marginally closer than they were prior to the initial Safe Harbor agreement.

      Another five or ten agreements (depending how quickly each agreement with stalling in between and they might have an agreement that can survive challenges in the CJEU, but that’s a long way away from here and businesses still need to exchange information in the meantime.

      1. Len
        Happy

        Re: All temporary anyway

        The reason Privacy Shield was drafted so quickly was because it's essentially a stopgap. It wasn't entirely surprising that Safe Harbour was struck down by the CJEU, what did surprise many was that it was struck down on the basis of being incompatible with the Charter of Fundamental Rights of the European Union.

        The Charter provides each EU Citizen basic rights that trump simple agreements and laws, the right to privacy being one of them. That meant that just some tweaks to Safe Harbour or covering over some cracks was not going to be enough. It required an entirely new approach. Time was short and the risk was that any large American internet firm would have to cease operation in the EU on short notice. That they got Privacy Shield drafted an installed so quickly was quite impressive. It also explain some of its shortcomings. I expect the successor to Privacy Shield to be considerably better.

        1. Anonymous Coward
          Anonymous Coward

          Re: All temporary anyway

          "Time was short and the risk was that any large American internet firm would have to cease operation in the EU on short notice."

          This isn't about "large American internet firms" - while they may be affected, it's about all the other multinational companies that need to exchange personal information between the EU and US. i.e. pretty much any multinational company with operations in the EU and US as they will handle either staff or customer details across borders.

          The reality is that the CJEU ruling on privacy is a long way from reality for how the majority of the world works, just like the US's lack of privacy concerns doesn't reflect the majority peoples views in the US/EU.

          Privacy Shield come about because Safe Harbour was sunk by the CJEU unexpectedly. If the CJEU sinks Privacy Shield as well, I predict Safe Privacy Harbour will take us through the next 10 years until the next CJEU ruling takes it down and the cycle continues... With little change to consumer protections until the two sides are much closer together - the business cost of setting legal precedents is too high...

          1. Len

            Re: All temporary anyway

            I think you're missing the asymmetry. For European firms the default will be to store data locally, in Europe. This automatically prevents the clash with European data sovereignty regulations. For non-European firms the default will be to store data locally outside Europe, meaning that they automatically clash with European data sovereignty regs. If you are a company that stored everything in a data centre in Amsterdam you had nothing to fear, if you stored everything in Virginia you do have problems and had to adapt.

            These regulations require non-European internet giants to take more action to protect the privacy of their European customers than the other way around.

            1. Anonymous Coward
              Anonymous Coward

              Re: All temporary anyway

              I understand the asymmetry, I'm trying to point out that ALL multinational businesses dealing with the EU are affected, hence Safe Harbour pre-dating the majority of the Internet giants.

              Some are pointing at Facebook and saying we need to protect our privacy (understandably) and then challenging Safe Harbour/Privacy Shield as a means of stopping Facebook. It won't - I suspect it or its successors never will allow this as the underlying reliance of all business on these safe guards is more important.

              Hence they will continue to evolve until both sides are happy. Maybe in fifty or so years time...

      2. John Brown (no body) Silver badge

        Re: All temporary anyway

        "The EU and US are a long way apart on this issue, but marginally closer than they were prior to the initial Safe Harbor agreement"

        True, but there seems to be a groundswell starting in the US demanding more personal privacy in terms for corporate slurping of data. Whether it comes to anything in the current climate is another thing entirely. It may be that Corporate America has already passed the tipping point.

        1. Anonymous Coward
          Anonymous Coward

          Re: All temporary anyway

          I'm not disputing that the demand for privacy in the US is increasing, but it hasn't (and IMHO is unlikely to) ever meet the CJEU's interpretation of privacy which more closely resembles German privacy laws that were a response to historical events.

          This is why there is a need for adjustments on both sides and that the movement so far over the course of twenty years has been minimal and will likely to continue to be slow - progress will happen in a 5-10 year time frame (i.e. in all likelihood, multiple leaders in all affected countries).

  3. Anonymous Coward
    Anonymous Coward

    It said the US ensures an adequate level of protection for personal data transferred under the deal hahahahahahahahahahahahahahahahahaha ha agh agh agh agh agh .. snore snore snore.

    1. ratfox

      raised questions about how seriously the US is taking the terms of the agreement.

      Oh wait, you're serious. Let me laugh even harder:

      HAAA HA HA HA HA HA...

  4. Cavehomme_
    WTF?

    Data sovereignty

    Trump will surely ignore this demand.

    It's clearly time for Europe to take back control. All EU subjects data should be held in the EU only...and owned by EU registered companies only. Period.

    As Victoria once exclaimed loudly: "Fuck the EU". My retort is: "Fuck the US neo-fascists" (the very many decent US people are exempted from my insult).

    1. holmegm

      Re: Data sovereignty

      And if you don't comply, vee vil taunt you a *second* time!

      1. Anonymous Coward
        Anonymous Coward

        Re: Data sovereignty

        "And if you don't comply, vee vil taunt you a *second* time!"

        jetez la vache!

    2. RainCaster

      Re: Data sovereignty

      DFT will taunt the EU on Twitter, that is his only method of communication. Except for Faux News.

      Privacy is something our government has no interest in, quite sadly. As long as the current administration is in power there will be no work done to protect anyone except the big telcos.

    3. codejunky Silver badge

      Re: Data sovereignty

      @Cavehomme_

      "It's clearly time for Europe to take back control. All EU subjects data should be held in the EU only...and owned by EU registered companies only. Period."

      That would be such an insanely damaging move that hopefully even the EU would inflict it upon themselves. Although I guess they did sacrifice the economies of member countries to keep their Euro so it is possible.

      Privacy might be a concern but the trade is a necessity, and obviously the cost of data protection isnt great enough to outweigh the cost of not doing the trade.

  5. EJ
    Pint

    I'm retiring at the end of January..

    ... and will be available after then. You can just put my name down.

  6. Anonymous Coward
    Anonymous Coward

    It's a shame America isn't an island surrounded by the EU where the majority of their trade is done for things like food and medicine and they rely heavily on a financial services industry where the main customers are in the EU. I guess the EU will just have to settle for being Americas bitch.

    Disclaimer: Not a pro or anti brexit comment, just an observation on how the world works.

  7. Anonymous Coward
    Anonymous Coward

    Yeah, good luck with that. The one thing that Americans don't like is being told what to do, particularly by foreign governments.

    1. Scoular

      And foreign governments are not too keen on being treated as US puppet states even where they are like one or two Pacific countries.

    2. ITS Retired

      However the reverse sure isn't true. The US government thinks they are in charge.

      1. Anonymous Coward
        Anonymous Coward

        We aren't ? Fine, next time there's a world crisis. . . . call the Russians. . .

    3. Len
      Megaphone

      It won't be foreign governments putting pressure on the American government. It will be companies like Facebook, Google, Microsoft, Amazon, Uber etc. that will put pressure on the US government as they don't want to get sued into oblivion by their European customers or victims.

      In 2013 Max Schrems was just an Austrian law student who had had enough but who has since been very successful in his legal case against Facebook. As of this year he has a new case against Facebook and now also Google. There is no reason why there could not be tens of thousands of similar people all across the EU taking internet giants to court. It's the last thing Facebook needs right now.

    4. Anonymous Coward
      Anonymous Coward

      Do they ever get told what to do?

      Source: https://github.com/dessalines/essays/blob/master/us_atrocities.md#imperialism

      and that's me now on "the list" (Not the link of course, even I'm not that evil)

  8. StuntMisanthrope

    Linked accounts +DR

    It's also about trust and defenders of freedom, contract's will still be being prepared, for one way liability and one way tickets the other way. It used to work, but perhaps like marking the quiz, you need more than one player and its best with a party to pass the ticket two. #youcantjustspendvouchersallweekandenterthequiz

  9. FISA does not rule OK ?

    Old fashioned but great value for money

    Privacy Shield is a complete legal joke. It is also fraudulent and designed to protect the PRISM miscreants from paying the compensation they owe European internet users. The Register headline catches the tone exactly. Lets see what the Irish Supreme Court say on 21st Jan.

  10. Bryan Hall

    "You have zero privacy anyway," Scott McNealy told a group of reporters and analysts Monday night at an event to launch his company's new Jini technology.

    "Get over it."

    True more now almost 20 later than then.

    Hello Alexa, Siri, and Google assistant.

  11. Tom 35

    Trump will make a great choice

    Like that guy that complained about his iPhone to google, or one of his kids...

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon