EU, US agree on Privacy Shield enhancements The US and the EU have reached an agreement to enhance Privacy Shield following almost two years of work since the European Court of Justice struck down the data-sharing arrangement in 2020. As part of a joint statement with US president Joe Biden, European Commission president Ursula von der Leyen said the two sides had " …
It's difficult to envisage any US/EU agreement that will escape the basic objection raised by Schrems II - that US federal 'national security' can override EU data subjects' privacy - or indeed hope that the current assumed US jurisdiction over US organisations' overseas processing of personal data will be constrained.
Let's hope some magic has really been performed.
Of course, whether any such magic will extend to the UK now it's a third country is another open question.
"Of course, whether any such magic will extend to the UK now it's a third country is another open question."
It's not an open question at all. It's completely clear that our data protection laws will be dismantled just as soon as is possible - after banning protests there shouldn't be much resistance.
Yes, for it to work, either EU data has to be exempt from US laws like the Patriot Act, CLOUD Act etc. and NSLs and FISA Court oversight, or those laws need to be repealed.
If neither happens, we are still at Schrems II.
And SCCs aren't any good, because they also can't get around those US laws.
It would also help if there was a US equivalent to the ICO and that data protection in the US became a legal and enforceable requirement and not a purely contractual one if the other party can be bothered. Currently it's just yet more fluff with no real legal protection.
As for the US deciding that US company's overseas subsidiaries are covered by US law and don't have to care about local law...
That statement screams out "we are allowing the USA 'security organisations' access to the data under some unspecified conditions".
The statement specifically does not say "we are guaranteeing the right to data privacy and data protection"
Big cans of worms being opened again I feel.
So the EU gets embroiled in an "all your data are belong to Murica" fiasco yet again. Okay, we in the UK are hardly in any position to snark but I suppose Stinky Bojo is past pretending he cares about the plebs. I suppose I'm just astonished that anyone positions these agreements with the US as being positive in any way... you know well in advance what's going to happen. :|
We need a much simpler solution. Don't rely on the injured party to have to take it to court in whatever jurisdiction, i.e. the US, the breach occurred. Make the body that collected the data responsible to the IP in the IP's jurisdiction. It then becomes their call as to whether they accept the risk of transferring the data for processing where they can't have effective control. I won't call such a body the Data Controller because they're quite obviously not.
Upvote a gazillion times.
I don't give a shit about American laws [*]. I don't live there. I live here. The laws of this country apply to me. If I feel wronged (not that I have a clue how I'd actually ever know), then I expect it to be heard in a comptent court in my jurisdiction. Especially as endless stories on this very site portray the American legal system as confrontational and protectionist, with mega corps forever appealing until they get the result they want (either a win or the little guy bankrupted into silence). In other words, a wronged EU citizen likely doesn't have a mouse's hope in a nest of hungry eagles.
* - Which is in itself something of an oxymoron given the wide differences between each state, with the federal stuff on top of that.
@Doctor Syntax That solution is not the simplest it is the only solution. Because the ‘Data Controller’ does not really have effective control.
Whatever jurisdiction the data is in be that EU, US, UK or anywhere else in the world, there will be legal avenues for law enforcement and security services to gain access to the data. Even jurisdictions with as strong or stronger privacy laws than the EU, law enforcement and security services may exceed their powers in gaining access to EU data.
No matter what agreement the EU has in place, law enforcement and security services may exceed their powers in gaining access to EU data. If that happens it much more difficult, if not impossible for an EU citizen to challenge that access and get redress than if it happened in the EU.
Therefore, companies should be responsible for and answerable to the EU for any data breach of EU data they have transferred out of the EU.
I think prism told us what this is all about. We don't and the EU don't spy on their/our citizens and America don't spy on theirs. However if we do it for them and they do it for us it becomes legal. Once data leaves a country the jurisdiction of that country is irrelevant. If it comes back then it is indirect and above board. The EU isn't immune to this hence why they keep making agreements that won't hold up in court. Maybe I'm a bit conspiracy theory but I'm seeing a pattern in all this.
Not troops, gas... https://www.theguardian.com/us-news/2022/mar/25/biden-and-eu-agree-landmark-gas-deal-to-break-kremlin-hold
Timing's just a little too suspicious, eh?
Rather, the president of the European Commission and the US president appear to have agreed on something.
Neither EU / EEA nor US citizens were consulted or in any way involved in an agreement of principle that benefits neither of us. Pretty sure this is not what representative democracy is about.
Neither EU / EEA nor US citizens were consulted or in any way involved in an agreement of principle that benefits neither of us.
And why should the citizens be consulted? They were allowed to put the stamp on pre-selected people, that's enough democracy for you.
What? Are you saying you didn't have a choice in selecting those people? Tough luck, peon.
Oh for fucks sake.
The European Commission (basically civil servants) nominates those who could be president, and the Parliament, formed of people elected by the citizens (the MEPs), then elect the president for a five year term.
Compare with British civil servants, who may be appointed but certainly aren't elected, and the Prime Minister who, also, is not directly elected by the people but by his party (unlike, say, France where the government and the president are elected separately).
... formed of people elected by the citizens... from a list selected by the party.
Stop for a moment and read again what I said: you are only allowed to choose from people selected by somebody else. Basically it's rubber stamping what the party wants.
The Commission aren’t civil servants, that’s nonsense. The Constitution clearly lays it out. There’s a trilogue: Commission, Parliament, Council of the European Union. The Parliament can be outvoted by Commission + Council, and this happens more often than not.
It’s important to understand that this isn’t the European Council (the one with ministers), that’s a completely different body. Council of the European Union is a rotating presidency (not president, again there’s a difference), and is a purely administrative body staffed by Commission staff, plus some national civil servants with a six month remit.
Now you know this, you understand that in practice it’s the Commission with two votes against one vote from Parliament, which resolves in Commission favour. All Parliament can ever do is send the thing back to trilogue, which returns the same result re-worded, and eventually they have to say yes. European Parliament is the House of Lords, Commission is the Commons.
It never fails to amaze me that “pro EU” people don’t have the faintest idea what even the structures are. Let alone how they function in practice.
Representative democracy is exactly voting fro representatives that are fully endowed to take these decisions for you. If you don't like what they do you vote for someone else next time.
You are advocating for "direct democracy" were citizens are consulted in each and every decision. It can easily become an "idiocracy" - for obvious reasons.
Sure, that's the problem - representatives are often only as good as the people voting for them. Go figure if the same people are allowed to decide everything directly - without even the chance representatives could be slightly better than their voters.
I will put a series of random questions on each ballot card - those who don't answer correctly to all of them will have their vote discarded.
> Representative democracy is exactly voting fro representatives that are fully endowed to take these decisions for you.
Quite clearly that is what our glorious EU representatives would seem to believe. However, and according to my constitutional law lecturer, all democracy must remain participative. That is to say, you don't give carte blanche to someone that's been proposed to you (from a very limited list of candidates) for the next X years to do whatever they please.
Don't know what constitution you're reading, my constitution does assign elected representatives broad freedom, as it explicitly says elected representatives have no mandate obligations - it was explicitly designed to avoid to make them parties' puppets - and unable to adjust for unforeseen circumstances and needs.
Citizens can still ask for referendums if they can get enough support, and of course they are free to petition their representatives and vote them out.
The "very limited list of candidates" may mean that the selection process is not working - and that means citizens are not participating to it. So you can't really complain about the lack of participation if you don't really participate to it.
Democracy is hard - that's why most don't understand it and would like "simpler" authoritarian solutions.
Meh. Its only temporary; eventually another nitpicking privacy lawsuit in the EU will kill it off again, because the EU actually understands "privacy", while the US has sold out any restrictions related to such things to the likes of Google and Crackbook (i.e. anyone who will contribute a few mill to the SuperPACs.)
......but every second of every day various actors (you know....Google, Amazon, Microsoft, the NSA, GCHQ, and who knows who else)......all these actors are collecting, packaging and selling stuff about ME....about everyone else who is on line.....
.....and the packaging and selling can be going anywhere at all!!
.....and that's before we find out that every single one of those actors (recall....Google, Amazon, Microsoft, the NSA, GCHQ, and who knows who else) has probably been hacked by REALLY BAD ACTORS......who are DOING EXACTLY THE SAME THINGS!!
Privacy.......I've heard about it!!
The law......a day late and a dollar short....and still "an ass"!!
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
