So that's the can kicked down the road for another few years. Not that it makes any difference to those of us in the UK.
EU, US agree on Privacy Shield enhancements
The US and the EU have reached an agreement to enhance Privacy Shield following almost two years of work since the European Court of Justice struck down the data-sharing arrangement in 2020. As part of a joint statement with US president Joe Biden, European Commission president Ursula von der Leyen said the two sides had " …
COMMENTS
-
Friday 25th March 2022 14:52 GMT Mike 137
Wait and see ...
It's difficult to envisage any US/EU agreement that will escape the basic objection raised by Schrems II - that US federal 'national security' can override EU data subjects' privacy - or indeed hope that the current assumed US jurisdiction over US organisations' overseas processing of personal data will be constrained.
Let's hope some magic has really been performed.
Of course, whether any such magic will extend to the UK now it's a third country is another open question.
-
Friday 25th March 2022 15:22 GMT Anonymous Coward
Re: Wait and see ...
"Of course, whether any such magic will extend to the UK now it's a third country is another open question."
It's not an open question at all. It's completely clear that our data protection laws will be dismantled just as soon as is possible - after banning protests there shouldn't be much resistance.
-
Monday 28th March 2022 09:12 GMT big_D
Re: Wait and see ...
Yes, for it to work, either EU data has to be exempt from US laws like the Patriot Act, CLOUD Act etc. and NSLs and FISA Court oversight, or those laws need to be repealed.
If neither happens, we are still at Schrems II.
And SCCs aren't any good, because they also can't get around those US laws.
-
Tuesday 29th March 2022 09:08 GMT Nick Ryan
Re: Wait and see ...
It would also help if there was a US equivalent to the ICO and that data protection in the US became a legal and enforceable requirement and not a purely contractual one if the other party can be bothered. Currently it's just yet more fluff with no real legal protection.
As for the US deciding that US company's overseas subsidiaries are covered by US law and don't have to care about local law...
-
-
-
Friday 25th March 2022 14:55 GMT Andy The Hat
"We manage to balance security and the right to privacy and data protection."
That statement screams out "we are allowing the USA 'security organisations' access to the data under some unspecified conditions".
The statement specifically does not say "we are guaranteeing the right to data privacy and data protection"
Big cans of worms being opened again I feel.
-
Friday 25th March 2022 15:30 GMT Vometia has insomnia. Again.
huh?
So the EU gets embroiled in an "all your data are belong to Murica" fiasco yet again. Okay, we in the UK are hardly in any position to snark but I suppose Stinky Bojo is past pretending he cares about the plebs. I suppose I'm just astonished that anyone positions these agreements with the US as being positive in any way... you know well in advance what's going to happen. :|
-
Friday 25th March 2022 15:59 GMT Doctor Syntax
We need a much simpler solution. Don't rely on the injured party to have to take it to court in whatever jurisdiction, i.e. the US, the breach occurred. Make the body that collected the data responsible to the IP in the IP's jurisdiction. It then becomes their call as to whether they accept the risk of transferring the data for processing where they can't have effective control. I won't call such a body the Data Controller because they're quite obviously not.
-
Friday 25th March 2022 17:58 GMT heyrick
Upvote a gazillion times.
I don't give a shit about American laws [*]. I don't live there. I live here. The laws of this country apply to me. If I feel wronged (not that I have a clue how I'd actually ever know), then I expect it to be heard in a comptent court in my jurisdiction. Especially as endless stories on this very site portray the American legal system as confrontational and protectionist, with mega corps forever appealing until they get the result they want (either a win or the little guy bankrupted into silence). In other words, a wronged EU citizen likely doesn't have a mouse's hope in a nest of hungry eagles.
* - Which is in itself something of an oxymoron given the wide differences between each state, with the federal stuff on top of that.
-
Saturday 26th March 2022 03:09 GMT Falmari
@Doctor Syntax That solution is not the simplest it is the only solution. Because the ‘Data Controller’ does not really have effective control.
Whatever jurisdiction the data is in be that EU, US, UK or anywhere else in the world, there will be legal avenues for law enforcement and security services to gain access to the data. Even jurisdictions with as strong or stronger privacy laws than the EU, law enforcement and security services may exceed their powers in gaining access to EU data.
No matter what agreement the EU has in place, law enforcement and security services may exceed their powers in gaining access to EU data. If that happens it much more difficult, if not impossible for an EU citizen to challenge that access and get redress than if it happened in the EU.
Therefore, companies should be responsible for and answerable to the EU for any data breach of EU data they have transferred out of the EU.
-
-
Friday 25th March 2022 17:01 GMT Anonymous Coward
I think prism told us what this is all about. We don't and the EU don't spy on their/our citizens and America don't spy on theirs. However if we do it for them and they do it for us it becomes legal. Once data leaves a country the jurisdiction of that country is irrelevant. If it comes back then it is indirect and above board. The EU isn't immune to this hence why they keep making agreements that won't hold up in court. Maybe I'm a bit conspiracy theory but I'm seeing a pattern in all this.
-
-
Saturday 26th March 2022 07:18 GMT heyrick
Re: safeguarding privacy and civil liberties
Not troops, gas... https://www.theguardian.com/us-news/2022/mar/25/biden-and-eu-agree-landmark-gas-deal-to-break-kremlin-hold
Timing's just a little too suspicious, eh?
-
-
Friday 25th March 2022 20:09 GMT Anonymous Coward
EU, US agree on Privacy Shield enhancements
Rather, the president of the European Commission and the US president appear to have agreed on something.
Neither EU / EEA nor US citizens were consulted or in any way involved in an agreement of principle that benefits neither of us. Pretty sure this is not what representative democracy is about.
-
Saturday 26th March 2022 12:09 GMT Anonymous Coward
Re: EU, US agree on Privacy Shield enhancements
Neither EU / EEA nor US citizens were consulted or in any way involved in an agreement of principle that benefits neither of us.
And why should the citizens be consulted? They were allowed to put the stamp on pre-selected people, that's enough democracy for you.
What? Are you saying you didn't have a choice in selecting those people? Tough luck, peon.
-
Saturday 26th March 2022 17:05 GMT heyrick
Re: EU, US agree on Privacy Shield enhancements
Oh for fucks sake.
The European Commission (basically civil servants) nominates those who could be president, and the Parliament, formed of people elected by the citizens (the MEPs), then elect the president for a five year term.
Compare with British civil servants, who may be appointed but certainly aren't elected, and the Prime Minister who, also, is not directly elected by the people but by his party (unlike, say, France where the government and the president are elected separately).
-
Saturday 26th March 2022 20:36 GMT Anonymous Coward
Re: EU, US agree on Privacy Shield enhancements
... formed of people elected by the citizens... from a list selected by the party.
Stop for a moment and read again what I said: you are only allowed to choose from people selected by somebody else. Basically it's rubber stamping what the party wants.
-
Sunday 27th March 2022 12:04 GMT Justthefacts
Re: EU, US agree on Privacy Shield enhancements
The Commission aren’t civil servants, that’s nonsense. The Constitution clearly lays it out. There’s a trilogue: Commission, Parliament, Council of the European Union. The Parliament can be outvoted by Commission + Council, and this happens more often than not.
It’s important to understand that this isn’t the European Council (the one with ministers), that’s a completely different body. Council of the European Union is a rotating presidency (not president, again there’s a difference), and is a purely administrative body staffed by Commission staff, plus some national civil servants with a six month remit.
Now you know this, you understand that in practice it’s the Commission with two votes against one vote from Parliament, which resolves in Commission favour. All Parliament can ever do is send the thing back to trilogue, which returns the same result re-worded, and eventually they have to say yes. European Parliament is the House of Lords, Commission is the Commons.
It never fails to amaze me that “pro EU” people don’t have the faintest idea what even the structures are. Let alone how they function in practice.
-
-
-
Saturday 26th March 2022 16:52 GMT Anonymous Coward
"this is not what representative democracy is about"
Representative democracy is exactly voting fro representatives that are fully endowed to take these decisions for you. If you don't like what they do you vote for someone else next time.
You are advocating for "direct democracy" were citizens are consulted in each and every decision. It can easily become an "idiocracy" - for obvious reasons.
-
-
Monday 28th March 2022 06:59 GMT Anonymous Coward
Re: "this is not what representative democracy is about"
Sure, that's the problem - representatives are often only as good as the people voting for them. Go figure if the same people are allowed to decide everything directly - without even the chance representatives could be slightly better than their voters.
I will put a series of random questions on each ballot card - those who don't answer correctly to all of them will have their vote discarded.
-
-
Sunday 27th March 2022 08:11 GMT Anonymous Coward
Re: "this is not what representative democracy is about"
> Representative democracy is exactly voting fro representatives that are fully endowed to take these decisions for you.
Quite clearly that is what our glorious EU representatives would seem to believe. However, and according to my constitutional law lecturer, all democracy must remain participative. That is to say, you don't give carte blanche to someone that's been proposed to you (from a very limited list of candidates) for the next X years to do whatever they please.
-
Monday 28th March 2022 07:14 GMT Anonymous Coward
"you don't give carte blanche"
Don't know what constitution you're reading, my constitution does assign elected representatives broad freedom, as it explicitly says elected representatives have no mandate obligations - it was explicitly designed to avoid to make them parties' puppets - and unable to adjust for unforeseen circumstances and needs.
Citizens can still ask for referendums if they can get enough support, and of course they are free to petition their representatives and vote them out.
The "very limited list of candidates" may mean that the selection process is not working - and that means citizens are not participating to it. So you can't really complain about the lack of participation if you don't really participate to it.
Democracy is hard - that's why most don't understand it and would like "simpler" authoritarian solutions.
-
-
-
-
Monday 28th March 2022 07:51 GMT Anonymous Coward
Meh. Its only temporary; eventually another nitpicking privacy lawsuit in the EU will kill it off again, because the EU actually understands "privacy", while the US has sold out any restrictions related to such things to the likes of Google and Crackbook (i.e. anyone who will contribute a few mill to the SuperPACs.)
-
Monday 28th March 2022 14:38 GMT Anonymous Coward
So much discussion about "the law", about "Privacy Shield", about GDPR......and so on.....
......but every second of every day various actors (you know....Google, Amazon, Microsoft, the NSA, GCHQ, and who knows who else)......all these actors are collecting, packaging and selling stuff about ME....about everyone else who is on line.....
.....and the packaging and selling can be going anywhere at all!!
.....and that's before we find out that every single one of those actors (recall....Google, Amazon, Microsoft, the NSA, GCHQ, and who knows who else) has probably been hacked by REALLY BAD ACTORS......who are DOING EXACTLY THE SAME THINGS!!
Privacy.......I've heard about it!!
The law......a day late and a dollar short....and still "an ass"!!