back to article EU, US close to replacing defunct Privacy Shield II

The State of the Net conference in Washington, DC, has heard officials representing the EU and the US say they believe they are close to reaching a data-sharing agreement to replace Privacy Shield. The earlier legal arrangements to ease the vital sharing data between the two jurisdictions was kiboshed in 2020 when the EU Court …

  1. Doctor Syntax Silver badge

    "It is hard to see how an agreement alone would survive challenge in the EU, without changes to the USA's laws on surveillance."

    And hence we'll be on-track for Schrems III, IV, V etc. because they'll just keep coming up with "new" schemes to kick compliance further down the road.

    1. spold Silver badge

      Yup - and until Five Eyes is addressed or regulated in some meaningful fashion there will be successful challenges and repeated meaningless changes.... waiting for Schrems 20...

      1. Drew Scriver

        This is all well and good, but:

        - The average user doesn't really care (or understand) privacy. Facebook would not exist if they did.

        - All this wrangling makes the EU appear to care about privacy, but European countries do their share of legally collecting data on the public and tracking people.

        - European governments violate the GDPR all the time. PII is routinely shared via e-mail (unencrypted). The consulate/embassy of my own country sent my PII (full name and DOB) from the USA to the EU in the subject of a message, for instance.

        - Europeans are obsessed with PII - to a level that is not (yet) tolerated by Americans. Requiring DOB for train tickets or museum passes - and then printing them on the tickets/passes? Unthinkable in the USA.

  2. Dinanziame Silver badge
    Meh

    This is silly

    It's all very well promising your citizens that their privacy will be respected, but then you should walk the talk, and at least force companies to store the data in the EU.

    Not that I'm particularly sensitive about privacy; in fact I'd say the evidence is that most people don't really care that Facebook or the US government knows about them. I'm just pointing out a fundamental flaw in their argument.

    1. Potemkine! Silver badge

      Re: This is silly

      at least force companies to store the data in the EU.

      It's a first step, but it isn't enough.. The US must stop to spy indiscriminately anyone.

  3. Anonymous Coward
    Anonymous Coward

    Don't hold your breath

    "In February, reports suggested officials on both sides of the pond had reached an approach that might involve offering EU citizens the right to submit complaints to an independent judicial body if they believe the US national security agencies have unlawfully handled their personal information. If adopted, it would give EU citizens more privacy rights in the US than Americans currently enjoy."

    Unless congress gets involved and creates this judicial body etc, you're not getting anything. Even if they create the court, it will be as useless as any other court if it has to depend on the NSA etc. Also I look forward to any member of congress trying to explain to voters come election season why they voted to give foreigners a way around the national security exception and the hiding behind over classification that has frustrated may lawsuits seeking to hold the government accountable for illegal domestic mass surveillance. Some how I don't think the profits of large corporations as reason is going to be much satisfaction.

    1. Doctor Syntax Silver badge

      Re: Don't hold your breath

      "Some how I don't think the profits of large corporations as reason is going to be much satisfaction."

      When did the profits of large corporations last get pushed aside by popular dissatisfaction in creating US legislation?

      1. prh99

        Re: Don't hold your breath

        SOPA/PIPA

  4. Mike 137 Silver badge

    Not that strong a protection after all

    "might involve offering EU citizens the right to submit complaints to an independent judicial body if they believe the US national security agencies have unlawfully handled their personal information"

    Supposing they can find out. Considering that national security agencies tend to operate clandestinely, I'm not at all sure how.

    1. Pascal Monett Silver badge

      Re: if they believe the US [..] agencies have unlawfully handled their personal information

      I already believe that.

      Where do I submit my complaint ?

      1. Greybearded old scrote Silver badge

        Re: if they believe the US [..] agencies have unlawfully handled their personal information

        Sorry mate, but do you have your evidence lined up? Jus' sayin'.

    2. HildyJ Silver badge
      Big Brother

      Re: Not that strong a protection after all

      It should but won't include the right to be informed when US national security agencies have accessed their records.

  5. heyrick Silver badge

    What is Schrems III?

    As will be printed in the grey info box in about five years time...

  6. Anonymous Coward
    Anonymous Coward

    "Submit complaints".......YOU MUST BE JOKING!!!!!

    "...offering EU citizens the right to submit complaints to an independent judicial body if they believe the US national security agencies have unlawfully handled their personal information...."

    How would they know?

    (1) Suppose (!) that folk in Fort Meade had hacked the private information of an individual, how would the individual know that the hack had happened? (Just think about the Equifax hack.....or who executed the hack!!)

    (2) Suppose (!) that folk in Cheltenham had hacked the private information of an individual, and passed that information to someone else (!), how would the individual know that the hack and the subsequent transaction had happened? (.....then there's the Belgacom hack as an example.)

    (3) Suppose that a large commecial organization (perhaps, for example, FB or Google or Amazon or Microsoft) has aggregated the private information about an individual, and passed that information to someone else (!), how would the individual know about that aggregation and about the subsequent transfer?

    Suggest the author of this ludicrous article looks up some key words: PRIVACY, TRANSPARENCY, TRUST........and then rewrite the article!!!

  7. Justthefacts Silver badge

    The ICO confirms that Schrems doesn’t apply in the UK

    The U.K. ICO confirms that Schrems does *not* apply in the UK. That is all.

  8. Pseu Donyme

    Blatant mockery of rule of law

    This is just an entirely transparent ploy for the benefit the US-based data slurpers (commercial and otherwise) designed to delay a proper solution: decent US data protection legislation (or the more pragmatic one of not sending any personal data to the US in the first place).

    I fear the key idea here is to add cost and delay (both approaching infinity) by miring any complaint in the US court system; before a Schrems III case could even be filed in the EU all appeals must probably be exhausted in the US to demonstrate that the this new system is useless (as it is designed to be).

    I do hope the EU parliament gets a say and kills this forthwith.

  9. pc-fluesterer.info
    FAIL

    CLOUD Act and PATRIOT Act

    At least those two laws prohibit a new "agreement". Such an agreement is plain impossible as long as these laws exist.

  10. Filippo Silver badge

    "submit complaints"

    This can't work.

    Suppose that an intelligence agency in the USA illegally gets my data and then uses it to, say, hack some service related to me, grab some proprietary research, and pass it to a friendly company which can then clone my tech and beat me to market. This is just an example, feel free to come up with more.

    It's very unlikely that I will be able to even figure out what happened. It's all but impossible that I'll be able to point the finger at which agency did it. It's definitely impossible that I'll be able to prove it.

    And even if I somehow, and I honestly can't imagine how, am able to do that, what teeth would this independent body have? There's no way these complaints are frequent, and they would be very difficult to investigate. Getting fined once in a blue moon would not be a deterrent at all.

    Fact is, the relationship between privacy violations and damage is indirect; it's a lot like environmental pollution. It cannot possibly be something you only notice when someone complains, because by that time it's far too late. It has to be a crime in itself, regardless of whether someone has already been hurt or not.

    The only way this can possibly work is if the terms are that the independent body can act on its own initiative, can get access to classified info (fat chance), and it's made clear that every single time it finds a violation, the agreement must be revised to ensure the violation cannot happen again, or it becomes null and void.

    In turn, I don't see that happening while the current surveillance climate in the USA persists.

    1. heyrick Silver badge

      Re: "submit complaints"

      Submit complaints to who, exactly? A supposed "independent judicial body"? Note the scare quotes.

      If it's an American body, it'll be subject to all the usual laws where your privacy is worthless and ours (like whether or not you're being snooped upon) is paramount. Plus the American judiciary is highly adversarial and protectionist, by design. I don't think any American judicial body is capable of being independent.

      If it's a European judicial body, expect them to get the run-around, empty promises, or flat denials, and ultimately be shown to be paid a lot for managing to do diddly-squat.

      The fix to this isn't to support another round of bullshit, it's to give Europeans the right (complete with harsh penalties for failure) to have their data processed within the EU and not be organisations subject to extraterritorial law of countries known to be hostile to the concept of privacy. I won't say "America" here, as I suspect China is much the same, just a little less blatant.

      1. codejunky Silver badge

        Re: "submit complaints"

        @heyrick

        "The fix to this isn't to support another round of bullshit, it's to give Europeans the right (complete with harsh penalties for failure) to have their data processed within the EU and not be organisations subject to extraterritorial law of countries known to be hostile to the concept of privacy"

        This of course leads to a problem. The more you wall yourself off from the world the less you get. I cant imagine the population being happy at being left behind and VPN's becoming even more important.

        Thats not to promote the behaviour of spying government agencies but freedom and privacy has been sacrificed for 'protection'. And as you say it covers both America, China and others.

    2. Justthefacts Silver badge

      Re: "submit complaints"

      Why do you think *the USA* is more likely to do this than other governments? EU Governments make far more lawful intercept requests than the US. I can’t give you too many details, but certain EU countries are *prolific* users. This link might give you a flavour of the numbers. Remember, these aren’t total figures, just Vodafone alone.

      https://www.vodafone.com/sites/default/files/2021-02/Vodafone_LED_country_by_country_2017-18_AW4_V3.pdf

      Some countries might surprise your preconceptions. Italy, for example: 42k legal intercepts, and 116k phone records, for Vodafone alone.

      Also, you might be interested in this comparative study of world surveillance.

      https://tmt.bakermckenzie.com/-/media/minisites/tmt/files/2017_surveillance_law.pdf

      Your particular concern was whether a government would use surveillance data for economic advantage. To which the answer is: France DGSE do this fairly routinely against other EU companies.

  11. crayon

    "EU Governments make far more lawful intercept requests than the US."

    The figures for unlawful intercepts would probably be very different.

  12. DropBear
    Facepalm

    NO.

    I am basically forced by financial circumstances to "live in my mum's basement", and I can't afford to buy food without looking at the sticker price; yet I am supporting NOYB because this bullshit HAS to stop somewhere, and right now they are the only ones doing anything about it. That's all. Oh, and fuck whatever new "agreement" they manage to come up with.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like

Biting the hand that feeds IT © 1998–2022