back to article EU, US agree on Privacy Shield enhancements

The US and the EU have reached an agreement to enhance Privacy Shield following almost two years of work since the European Court of Justice struck down the data-sharing arrangement in 2020. As part of a joint statement with US president Joe Biden, European Commission president Ursula von der Leyen said the two sides had " …

  1. Doctor Syntax Silver badge

    So that's the can kicked down the road for another few years. Not that it makes any difference to those of us in the UK.

    1. DS999 Silver badge

      Isn't that the whole strategy?

      Make something a bit better each time until Schrems wins another lawsuit? They can keep playing this game until he dies of old age.

      1. big_D Silver badge
        Angel

        Re: Isn't that the whole strategy?

        That's why he generated a non-profit...

  2. Mike 137 Silver badge

    Wait and see ...

    It's difficult to envisage any US/EU agreement that will escape the basic objection raised by Schrems II - that US federal 'national security' can override EU data subjects' privacy - or indeed hope that the current assumed US jurisdiction over US organisations' overseas processing of personal data will be constrained.

    Let's hope some magic has really been performed.

    Of course, whether any such magic will extend to the UK now it's a third country is another open question.

    1. Anonymous Coward
      Anonymous Coward

      Re: Wait and see ...

      "Of course, whether any such magic will extend to the UK now it's a third country is another open question."

      It's not an open question at all. It's completely clear that our data protection laws will be dismantled just as soon as is possible - after banning protests there shouldn't be much resistance.

      1. DS999 Silver badge

        Re: Wait and see ...

        Banning protests? Are you assuming Putin will win in Ukraine and then take over the entire EU??

        1. Uncle Slacky Silver badge
          Stop

          Re: Wait and see ...

          More worried about Priti Vacant:

          https://www.theguardian.com/law/2022/jan/13/how-will-the-police-and-bill-limit-the-right-to-protest

    2. Doctor Syntax Silver badge

      Re: Wait and see ...

      "Let's hope some magic has really been performed."

      A lot of hand-waving that pretends everything's OK until the next court case gets heard.

    3. big_D Silver badge

      Re: Wait and see ...

      Yes, for it to work, either EU data has to be exempt from US laws like the Patriot Act, CLOUD Act etc. and NSLs and FISA Court oversight, or those laws need to be repealed.

      If neither happens, we are still at Schrems II.

      And SCCs aren't any good, because they also can't get around those US laws.

      1. Nick Ryan Silver badge

        Re: Wait and see ...

        It would also help if there was a US equivalent to the ICO and that data protection in the US became a legal and enforceable requirement and not a purely contractual one if the other party can be bothered. Currently it's just yet more fluff with no real legal protection.

        As for the US deciding that US company's overseas subsidiaries are covered by US law and don't have to care about local law...

  3. Pascal Monett Silver badge
    Windows

    "data flows between the EU and US"

    What ? Say again ? There is a flow from the US to the EU ?

    That's news.

    Oh, I see the mistake, it's "data flows from the EU to the US".

    That secretary was not on the ball, there.

  4. Andy The Hat Silver badge

    "We manage to balance security and the right to privacy and data protection."

    That statement screams out "we are allowing the USA 'security organisations' access to the data under some unspecified conditions".

    The statement specifically does not say "we are guaranteeing the right to data privacy and data protection"

    Big cans of worms being opened again I feel.

  5. Vometia has insomnia. Again. Bronze badge

    huh?

    So the EU gets embroiled in an "all your data are belong to Murica" fiasco yet again. Okay, we in the UK are hardly in any position to snark but I suppose Stinky Bojo is past pretending he cares about the plebs. I suppose I'm just astonished that anyone positions these agreements with the US as being positive in any way... you know well in advance what's going to happen. :|

  6. Doctor Syntax Silver badge

    We need a much simpler solution. Don't rely on the injured party to have to take it to court in whatever jurisdiction, i.e. the US, the breach occurred. Make the body that collected the data responsible to the IP in the IP's jurisdiction. It then becomes their call as to whether they accept the risk of transferring the data for processing where they can't have effective control. I won't call such a body the Data Controller because they're quite obviously not.

    1. heyrick Silver badge

      Upvote a gazillion times.

      I don't give a shit about American laws [*]. I don't live there. I live here. The laws of this country apply to me. If I feel wronged (not that I have a clue how I'd actually ever know), then I expect it to be heard in a comptent court in my jurisdiction. Especially as endless stories on this very site portray the American legal system as confrontational and protectionist, with mega corps forever appealing until they get the result they want (either a win or the little guy bankrupted into silence). In other words, a wronged EU citizen likely doesn't have a mouse's hope in a nest of hungry eagles.

      * - Which is in itself something of an oxymoron given the wide differences between each state, with the federal stuff on top of that.

    2. Falmari Silver badge

      @Doctor Syntax That solution is not the simplest it is the only solution. Because the ‘Data Controller’ does not really have effective control.

      Whatever jurisdiction the data is in be that EU, US, UK or anywhere else in the world, there will be legal avenues for law enforcement and security services to gain access to the data. Even jurisdictions with as strong or stronger privacy laws than the EU, law enforcement and security services may exceed their powers in gaining access to EU data.

      No matter what agreement the EU has in place, law enforcement and security services may exceed their powers in gaining access to EU data. If that happens it much more difficult, if not impossible for an EU citizen to challenge that access and get redress than if it happened in the EU.

      Therefore, companies should be responsible for and answerable to the EU for any data breach of EU data they have transferred out of the EU.

      1. LybsterRoy Bronze badge

        I was definitely on your side until the last paragraph.

  7. Anonymous Coward
    Anonymous Coward

    I think prism told us what this is all about. We don't and the EU don't spy on their/our citizens and America don't spy on theirs. However if we do it for them and they do it for us it becomes legal. Once data leaves a country the jurisdiction of that country is irrelevant. If it comes back then it is indirect and above board. The EU isn't immune to this hence why they keep making agreements that won't hold up in court. Maybe I'm a bit conspiracy theory but I'm seeing a pattern in all this.

  8. heyrick Silver badge

    safeguarding privacy and civil liberties

    It's astonishing that she was able to say that with a straight face. Is America committing troops to eastern Europe or something?

    1. heyrick Silver badge

      Re: safeguarding privacy and civil liberties

      Not troops, gas... https://www.theguardian.com/us-news/2022/mar/25/biden-and-eu-agree-landmark-gas-deal-to-break-kremlin-hold

      Timing's just a little too suspicious, eh?

  9. Anonymous Coward
    Anonymous Coward

    That press release

    The obsequiousness of that release shows us Europeans for what we are: nothing but the US' lap dog. :(

  10. Anonymous Coward
    Anonymous Coward

    EU, US agree on Privacy Shield enhancements

    Rather, the president of the European Commission and the US president appear to have agreed on something.

    Neither EU / EEA nor US citizens were consulted or in any way involved in an agreement of principle that benefits neither of us. Pretty sure this is not what representative democracy is about.

    1. Anonymous Coward
      Anonymous Coward

      Re: EU, US agree on Privacy Shield enhancements

      Neither EU / EEA nor US citizens were consulted or in any way involved in an agreement of principle that benefits neither of us.

      And why should the citizens be consulted? They were allowed to put the stamp on pre-selected people, that's enough democracy for you.

      What? Are you saying you didn't have a choice in selecting those people? Tough luck, peon.

      1. heyrick Silver badge
        Flame

        Re: EU, US agree on Privacy Shield enhancements

        Oh for fucks sake.

        The European Commission (basically civil servants) nominates those who could be president, and the Parliament, formed of people elected by the citizens (the MEPs), then elect the president for a five year term.

        Compare with British civil servants, who may be appointed but certainly aren't elected, and the Prime Minister who, also, is not directly elected by the people but by his party (unlike, say, France where the government and the president are elected separately).

        1. Anonymous Coward
          Anonymous Coward

          Re: EU, US agree on Privacy Shield enhancements

          ... formed of people elected by the citizens... from a list selected by the party.

          Stop for a moment and read again what I said: you are only allowed to choose from people selected by somebody else. Basically it's rubber stamping what the party wants.

          1. Nick Ryan Silver badge

            Re: EU, US agree on Privacy Shield enhancements

            It's partly there, what we don't have is a "none of the above" option when voting. That way the one we least don't want in power doesn't get in by default.

        2. Justthefacts Silver badge
          FAIL

          Re: EU, US agree on Privacy Shield enhancements

          The Commission aren’t civil servants, that’s nonsense. The Constitution clearly lays it out. There’s a trilogue: Commission, Parliament, Council of the European Union. The Parliament can be outvoted by Commission + Council, and this happens more often than not.

          It’s important to understand that this isn’t the European Council (the one with ministers), that’s a completely different body. Council of the European Union is a rotating presidency (not president, again there’s a difference), and is a purely administrative body staffed by Commission staff, plus some national civil servants with a six month remit.

          Now you know this, you understand that in practice it’s the Commission with two votes against one vote from Parliament, which resolves in Commission favour. All Parliament can ever do is send the thing back to trilogue, which returns the same result re-worded, and eventually they have to say yes. European Parliament is the House of Lords, Commission is the Commons.

          It never fails to amaze me that “pro EU” people don’t have the faintest idea what even the structures are. Let alone how they function in practice.

        3. Justthefacts Silver badge
          FAIL

          Re: EU, US agree on Privacy Shield enhancements

          Then why do most companies have a large budget for lobbying the *Commission*? My project alone was in the low seven figures.

    2. LDS Silver badge
      Facepalm

      "this is not what representative democracy is about"

      Representative democracy is exactly voting fro representatives that are fully endowed to take these decisions for you. If you don't like what they do you vote for someone else next time.

      You are advocating for "direct democracy" were citizens are consulted in each and every decision. It can easily become an "idiocracy" - for obvious reasons.

      1. Smeagolberg

        Re: "this is not what representative democracy is about"

        >"direct democracy"... can easily become an "idiocracy"

        Whereas "representative democracy" is already an idiocracy. If in doubt take a long, hard look at our political "leaders".

        1. LDS Silver badge

          Re: "this is not what representative democracy is about"

          Sure, that's the problem - representatives are often only as good as the people voting for them. Go figure if the same people are allowed to decide everything directly - without even the chance representatives could be slightly better than their voters.

          I will put a series of random questions on each ballot card - those who don't answer correctly to all of them will have their vote discarded.

        2. LybsterRoy Bronze badge

          Re: "this is not what representative democracy is about"

          I want at least 78 upvotes to give you

      2. Anonymous Coward
        Anonymous Coward

        Re: "this is not what representative democracy is about"

        > Representative democracy is exactly voting fro representatives that are fully endowed to take these decisions for you.

        Quite clearly that is what our glorious EU representatives would seem to believe. However, and according to my constitutional law lecturer, all democracy must remain participative. That is to say, you don't give carte blanche to someone that's been proposed to you (from a very limited list of candidates) for the next X years to do whatever they please.

        1. LDS Silver badge

          "you don't give carte blanche"

          Don't know what constitution you're reading, my constitution does assign elected representatives broad freedom, as it explicitly says elected representatives have no mandate obligations - it was explicitly designed to avoid to make them parties' puppets - and unable to adjust for unforeseen circumstances and needs.

          Citizens can still ask for referendums if they can get enough support, and of course they are free to petition their representatives and vote them out.

          The "very limited list of candidates" may mean that the selection process is not working - and that means citizens are not participating to it. So you can't really complain about the lack of participation if you don't really participate to it.

          Democracy is hard - that's why most don't understand it and would like "simpler" authoritarian solutions.

          1. Justthefacts Silver badge

            Re: "you don't give carte blanche"

            Chilling

    3. LybsterRoy Bronze badge

      Re: EU, US agree on Privacy Shield enhancements

      And if you asked the VAST majority of citizens you'd get a resounding SO WHAT. I am constantly astounded by how divorced from reality most of the commentistas on this site are.

      Must be something to do with staring at a screen all day :)

  11. Justthefacts Silver badge

    VDLs word isn’t worth jack

    Sorry, my company isn’t going to re-invest in EU, just because VDL begs. Too late. We’re gone. We’ve had enough of her shit.

    1. Anonymous Coward
      Anonymous Coward

      Re: VDLs word isn’t worth jack

      Fully agreed. That person crosses the arrogance + incompetence threshold into being downright dangerous, as those who have seen her prior "performance" in Germany will know.

      I fear though that this is what the masses are calling for. Dark ages indeed. :(

      1. Anonymous Coward
        Anonymous Coward

        Re: VDLs word isn’t worth jack

        Does any member of the public actually *support* VDL???

        Things might be a lot more fucked up than I thought.

  12. msobkow Silver badge

    Meh. Its only temporary; eventually another nitpicking privacy lawsuit in the EU will kill it off again, because the EU actually understands "privacy", while the US has sold out any restrictions related to such things to the likes of Google and Crackbook (i.e. anyone who will contribute a few mill to the SuperPACs.)

  13. Anonymous Coward
    Anonymous Coward

    So much discussion about "the law", about "Privacy Shield", about GDPR......and so on.....

    ......but every second of every day various actors (you know....Google, Amazon, Microsoft, the NSA, GCHQ, and who knows who else)......all these actors are collecting, packaging and selling stuff about ME....about everyone else who is on line.....

    .....and the packaging and selling can be going anywhere at all!!

    .....and that's before we find out that every single one of those actors (recall....Google, Amazon, Microsoft, the NSA, GCHQ, and who knows who else) has probably been hacked by REALLY BAD ACTORS......who are DOING EXACTLY THE SAME THINGS!!

    Privacy.......I've heard about it!!

    The law......a day late and a dollar short....and still "an ass"!!

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2022