Microsoft hails pointless Privacy Shield status for its cloud services Microsoft has issued a missive congratulating itself as the first global cloud service provider to get with the new EU Privacy Shield Framework agreed with the US, which must mean your data is safe in its hands, right? Sadly, the Privacy Shield Framework, like the Safe Harbor agreement that preceded it, relies on US companies …
It is agreed, but what all these companies carefully avoid to mention is that Privacy Shield presently has a temporary nature - about a year of so if I recall correctly. Especially thanks to the likes of Snowden, it has become very clear that an agreement of that type needs to be backed by legal changes in the US, and I reckon by the time that would ever happen we'll have shopping malls on Mars.
Besides, self certification is akin to a caught thief promising they won't do it again. They'll continue their data grabbing, just hide it better.
Does anyone really think that legal changes in the US would mean a damn thing to the CIA or NSA?
Nope, they've grown way beyond control. There is no way any US government official can assure me (or people more important) that they are still able to exert ANY control over those agencies.
That said, GCHQ appears well on its way to achieve that too. Retrospectively changing laws to legalise activity is a good hint that control has all but vanished.
Don't like us? No worries, we either find some dirt of you, or make sh*t up..
Of course, we aren’t suggesting that Microsoft is failing to comply with Privacy Shield, just that the certification is largely meaningless because companies are allowed to judge for themselves whether they meet the criteria US govt TLAs can ride roughshod over it.
FTFY
To be fair to Microsoft they do seem to be making serious efforts, both in the US courts and in putting in arms length arrangements in their German data centres.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
