Oooh just you wait
There'll be severe tutting and possibly even suggestions of a mildly-worded letter you mark my words
The US has been told once again to appoint a permanent ombudsperson to oversee the deal governing transatlantic data flows, but this time has been given a deadline. The European Commission's second annual review of the Privacy Shield agreement, published today, made similar noises to last year's, concluding the deal does the …
There is definitely room for improvement when it comes to Privacy Shield but I wouldn't dismiss it too lightly.
We're seeing the increasing scrutiny that Facebook is under and various players in Europe, from privacy advocates to legislators and regulators have Privacy Shield as a serious stick to hit them with if they are not forthcoming enough. Facebook will not want to lose European users, half a billion of the world's richest users.
It's good that they are putting some pressure on but I firmly believe Privacy Shield is not going to last very long. Just like Safe Harbour, its predecessor, Privacy Shield will ultimately by struck down by Court of Justice of the EU (CJEU) as it has too many conflicts with the Charter of Fundamental Rights of the European Union. The Charter trumps any agreement, as we've seen with Safe Harbour.
The wait is now for a case to reach the CJEU and we're back to square one. The main difference will be that when the successor to Privacy Shield needs to be created it will happen in a time when more people, from Joe Bloggs to legislators, will be more aware of potential and actual privacy violations. Bring it on.
Classic diplomacy....
The EU and US are a long way apart on this issue, but marginally closer than they were prior to the initial Safe Harbor agreement.
Another five or ten agreements (depending how quickly each agreement with stalling in between and they might have an agreement that can survive challenges in the CJEU, but that’s a long way away from here and businesses still need to exchange information in the meantime.
The reason Privacy Shield was drafted so quickly was because it's essentially a stopgap. It wasn't entirely surprising that Safe Harbour was struck down by the CJEU, what did surprise many was that it was struck down on the basis of being incompatible with the Charter of Fundamental Rights of the European Union.
The Charter provides each EU Citizen basic rights that trump simple agreements and laws, the right to privacy being one of them. That meant that just some tweaks to Safe Harbour or covering over some cracks was not going to be enough. It required an entirely new approach. Time was short and the risk was that any large American internet firm would have to cease operation in the EU on short notice. That they got Privacy Shield drafted an installed so quickly was quite impressive. It also explain some of its shortcomings. I expect the successor to Privacy Shield to be considerably better.
"Time was short and the risk was that any large American internet firm would have to cease operation in the EU on short notice."
This isn't about "large American internet firms" - while they may be affected, it's about all the other multinational companies that need to exchange personal information between the EU and US. i.e. pretty much any multinational company with operations in the EU and US as they will handle either staff or customer details across borders.
The reality is that the CJEU ruling on privacy is a long way from reality for how the majority of the world works, just like the US's lack of privacy concerns doesn't reflect the majority peoples views in the US/EU.
Privacy Shield come about because Safe Harbour was sunk by the CJEU unexpectedly. If the CJEU sinks Privacy Shield as well, I predict Safe Privacy Harbour will take us through the next 10 years until the next CJEU ruling takes it down and the cycle continues... With little change to consumer protections until the two sides are much closer together - the business cost of setting legal precedents is too high...
I think you're missing the asymmetry. For European firms the default will be to store data locally, in Europe. This automatically prevents the clash with European data sovereignty regulations. For non-European firms the default will be to store data locally outside Europe, meaning that they automatically clash with European data sovereignty regs. If you are a company that stored everything in a data centre in Amsterdam you had nothing to fear, if you stored everything in Virginia you do have problems and had to adapt.
These regulations require non-European internet giants to take more action to protect the privacy of their European customers than the other way around.
I understand the asymmetry, I'm trying to point out that ALL multinational businesses dealing with the EU are affected, hence Safe Harbour pre-dating the majority of the Internet giants.
Some are pointing at Facebook and saying we need to protect our privacy (understandably) and then challenging Safe Harbour/Privacy Shield as a means of stopping Facebook. It won't - I suspect it or its successors never will allow this as the underlying reliance of all business on these safe guards is more important.
Hence they will continue to evolve until both sides are happy. Maybe in fifty or so years time...
"The EU and US are a long way apart on this issue, but marginally closer than they were prior to the initial Safe Harbor agreement"
True, but there seems to be a groundswell starting in the US demanding more personal privacy in terms for corporate slurping of data. Whether it comes to anything in the current climate is another thing entirely. It may be that Corporate America has already passed the tipping point.
I'm not disputing that the demand for privacy in the US is increasing, but it hasn't (and IMHO is unlikely to) ever meet the CJEU's interpretation of privacy which more closely resembles German privacy laws that were a response to historical events.
This is why there is a need for adjustments on both sides and that the movement so far over the course of twenty years has been minimal and will likely to continue to be slow - progress will happen in a 5-10 year time frame (i.e. in all likelihood, multiple leaders in all affected countries).
Trump will surely ignore this demand.
It's clearly time for Europe to take back control. All EU subjects data should be held in the EU only...and owned by EU registered companies only. Period.
As Victoria once exclaimed loudly: "Fuck the EU". My retort is: "Fuck the US neo-fascists" (the very many decent US people are exempted from my insult).
DFT will taunt the EU on Twitter, that is his only method of communication. Except for Faux News.
Privacy is something our government has no interest in, quite sadly. As long as the current administration is in power there will be no work done to protect anyone except the big telcos.
@Cavehomme_
"It's clearly time for Europe to take back control. All EU subjects data should be held in the EU only...and owned by EU registered companies only. Period."
That would be such an insanely damaging move that hopefully even the EU would inflict it upon themselves. Although I guess they did sacrifice the economies of member countries to keep their Euro so it is possible.
Privacy might be a concern but the trade is a necessity, and obviously the cost of data protection isnt great enough to outweigh the cost of not doing the trade.
It's a shame America isn't an island surrounded by the EU where the majority of their trade is done for things like food and medicine and they rely heavily on a financial services industry where the main customers are in the EU. I guess the EU will just have to settle for being Americas bitch.
Disclaimer: Not a pro or anti brexit comment, just an observation on how the world works.
It won't be foreign governments putting pressure on the American government. It will be companies like Facebook, Google, Microsoft, Amazon, Uber etc. that will put pressure on the US government as they don't want to get sued into oblivion by their European customers or victims.
In 2013 Max Schrems was just an Austrian law student who had had enough but who has since been very successful in his legal case against Facebook. As of this year he has a new case against Facebook and now also Google. There is no reason why there could not be tens of thousands of similar people all across the EU taking internet giants to court. It's the last thing Facebook needs right now.
It's also about trust and defenders of freedom, contract's will still be being prepared, for one way liability and one way tickets the other way. It used to work, but perhaps like marking the quiz, you need more than one player and its best with a party to pass the ticket two. #youcantjustspendvouchersallweekandenterthequiz
Privacy Shield is a complete legal joke. It is also fraudulent and designed to protect the PRISM miscreants from paying the compensation they owe European internet users. The Register headline catches the tone exactly. Lets see what the Irish Supreme Court say on 21st Jan.