back to article EU-US Privacy Shield not up to snuff, data tap should be turned off – MEPs

The deal governing transatlantic data flows doesn't properly protect European Union citizens and should be suspended unless the United States complies with its terms, MEPs have said. The Privacy Shield agreement, which aims to protect personal data transferred from the EU to the US, was set up after a legal challenge by …

  1. SotarrTheWizard

    Perhaps it's a silly question. . .

    . . . .but how do EU Laws bind the United States ?

    1. Anonymous Coward
      Anonymous Coward

      Re: Perhaps it's a silly question. . .

      They don't.

      Inter-country agreements agree things like this though. The US made commitments to safeguard the data of EU citizens in return for EU companies being allowed to export data to those US companies.

      These commitments are being broken, so the privilege they were granted is being revoked.

      1. Paul Hovnanian Silver badge

        Re: Perhaps it's a silly question. . .

        "in return for EU companies being allowed to export data to those US companies"

        How much of this data leakage is company-to-company and how much is it individual EU citizens signing up for a US service? You sign up on a US server, read the EULA (several dozen pages wherein the jurisdiction of US law and playing fast and loose with personal data are mentioned). Who made the decision to export your personal data in these cases?

        1. Doctor Syntax Silver badge

          Re: Perhaps it's a silly question. . .

          "You sign up on a US server, read the EULA (several dozen pages wherein the jurisdiction of US law and playing fast and loose with personal data are mentioned)."

          EULAs have a habit of not being enforcible due to clashes with consumer law. Now they have GDPR to contend with as well. Conditions of service based on playing fast and loose with personal data will be hit hard with this.

        2. strum

          Re: Perhaps it's a silly question. . .

          >EULA (several dozen pages wherein the jurisdiction of US law and playing fast and loose with personal data are mentioned

          Irrelevant. Within the EU, EU law prevails, regardless of any foreign EULA.

    2. Anonymous Coward
      Anonymous Coward

      Re: Perhaps it's a silly question. . .

      but how do EU Laws bind the United States ?

      You want to operate here, you have to follow those laws.

      This pretty much confirms what I have been saying from before Max Schrems "broke" Safe Harbour with Facebook vs Europe - a political fix is simply not enough.

      1. Anonymous Coward
        Anonymous Coward

        Re: Perhaps it's a silly question. . .

        "...a political fix is simply not enough."

        The U.S. has been a very important market for E.U. goods and the reason why so much time has been spent on trying to find a political solution, and kowtowing to the U.S. in general through various lop-sided agreements, was to preserve that market. However, the recent introduction by the U.S. of import tariffs on E.U. goods could have an effect here, as it makes the U.S. a less valuable and desirable market.

        If the U.S. pushes too hard on agreements that favour only itself it may find that other countries will conclude it's just easier to forge new alliances and develop new markets on a more equitable basis.

        No single country in the world is as powerful and important as the U.S. seems to believe it is.

        1. Anonymous Coward
          Anonymous Coward

          "The U.S. has been a very important market for E.U. goods"

          But EU is also a very important market for US services. The Trump administration looks to be unable to understand that not only a lot of US goods may arrive in Europe directly from China but profits go to US companies (Apple...), but it also sells a lot of services which pumps a lot of EU money into US company (even if they keep them offshore as long as US taxes are not favourable - but that was a US issues, not an EU one).

          These services are usually based on people's data - and I would be very careful to avoid to kill such kind of market...

    3. Voland's right hand Silver badge

      Re: Perhaps it's a silly question. . .

      EU Laws bind the United States

      They do not. They do, however, bind USA companies operating in Eu. Same as anywhere else in the world. If you want to operate on the local market you have to comply with the local market rules and regulations.

    4. Anonymous Coward
      Anonymous Coward

      "but how do EU Laws bind the United States ?"

      When the Unites States want to access data stored outside their jurisdiction and under EU one...

      While I understand the need to find agreements to speed up investigations since digital data can be moved so quickly and easily, the CLOUD Act is an arrogant one-sided decision, and any US company forced to obey it could also break EU laws.

    5. TheVogon

      Re: Perhaps it's a silly question. . .

      "but how do EU Laws bind the United States ?"

      US companies and the US government have to obey EU laws if they want access to EU markets and EU data. Simples.

      The EU is after all a larger market with a larger population and a greater GDP, so it's not surprising that the US often has to do what it's told.

  2. Anonymous Coward
    Anonymous Coward

    Facebook and Cambridge Analytica – are both certified under the Privacy Shield.

    Lets not forget the third demon in this devilish pact ... Palantir Peter Thiel... Or shall we accept the word of professional liars, that it was just a few rogue Palantir employees helping CA out?!!! Lets face the wider truth here: Its time for EU data to stay on Servers hosted in Europe... i.e. No transfer!

    1. big_D Silver badge
      Facepalm

      Re: Facebook and Cambridge Analytica – are both certified under the Privacy Shield.

      No transfer, and no servers owned by US companies or their subsidiaries, because the CLOUD Act means that the US sees the data on non-US servers as being held on US servers, if the company owning the servers (or subsidiary) has a presence in the US.

      1. Anonymous Coward
        Anonymous Coward

        The CLOUD Act means that the US sees the data on non-US servers as being held on US servers

        That's it... Because as we know the US doesn't like being told what it can and can't do. So we can all be sure the US won't comply. Where there is doubt, there is no doubt: No Transfer!

      2. Voland's right hand Silver badge

        Re: Facebook and Cambridge Analytica – are both certified under the Privacy Shield.

        No transfer, and no servers owned by US companies or their subsidiaries, because the CLOUD Act means that the US sees the data on non-US servers as being held on US servers, if the company owning the servers (or subsidiary) has a presence in the US.

        You sound almost as if you were saying this in Russian. Funny, we laughed at them and said that they will "break the internet" for their citizens and "deprive their people of valuable services" when they did EXACTLY THAT two years ago.

        I have been saying this for a decade now - it is advisable to follow their legal pipeline and their regs. Because what happens there will be repeated here in 2-3 years time.

  3. Anonymous Coward
    Anonymous Coward

    Elephant in the room ?

    Until the PATRIOT Act is repealed, no US company can abide by anything agreed between the US and EU.

    No amount of dancing around the maypole changes that.

  4. Doctor Syntax Silver badge

    It was always a fig-leaf, not a shield. Giving them until Sep 1 is just another fudge. Just call it dead and gone until the US comes back with an already implemented package that's compliant with EU law.

    1. Aitor 1

      Disagree

      You have to give your trade partners time to comply. Going into a trade war is bad for everyone, and some times it is more beneficial for you to have a slightly unfair agreement than no agreement at all.

      1. Doctor Syntax Silver badge

        Re: Disagree

        "You have to give your trade partners time to comply."

        How much time do they need?

        As the article says, it was set up, reviewed after a year and some matters were found to need attention and, months later, still outstanding. Then the CLOUD act has made matters worse. They're not going to comply, at least not under more duress than just continuing threats to shut it down without doing so.

        AFAICS the only effective pressure will be to shut down and put the ball in the US's court if they want it restarted.

        1. heyrick Silver badge

          Re: Disagree

          "How much time do they need?"

          Apparently a LONG time... http://www.tronc.com/gdpr/baltimoresun.com/

  5. 0laf
    Meh

    Meh they'll just fall back to model clauses and the whole circus will roll on

    1. Remy Redert

      Right up until the first time such an arrangement is challenged and fines start getting slapped on because it's bloody obvious they can never comply with the GDPR requirements as long as they're based in the US.

    2. Doctor Syntax Silver badge

      "Meh they'll just fall back to model clauses"

      I think GDPR has probably killed a lot of those.

  6. Anonymous Coward
    Anonymous Coward

    People don't seem to understand that Trump is following the Bannon/Putin agenda for deconstructing the world. He's killing trade ties with allies that have done reasonable well since WW2. He's strengthening ties with authoritarian regimes like Russia, China, North Korea potentially. He is hoping and fully expects to establish a ruling dynasty in the US with him as the progenitor of that dynasty. If you think I'm crazy read this...

    https://www.salon.com/2017/09/12/harvard-psychiatrist-lance-dodes-donald-trump-is-a-sociopath-and-a-very-sick-individual/

  7. Dan 55 Silver badge
    Meh

    "if needed, to remove such companies from the Privacy Shield list"

    I can see that happening.

  8. ratfox
    Holmes

    No shit Sherlock

    The EU will either have to admit they cannot protect the privacy of their citizens, or grow some balls and demand from all US companies to only store private data in EU-owned datacenters.

    1. Doctor Syntax Silver badge

      Re: No shit Sherlock

      "demand from all US companies to only store private data in EU-owned datacenters."

      The CLOUD act makes it necessary to go a step further. There needs to be something like an EU-owned trustee such as the Microsoft/Deutsche Telekom arrangement or a franchise arrangement so the data, as opposed to the datacentre, is out of US control.

  9. Phil Endecott

    AWS.

    Google.

    Microsoft Azure.

    Digital Ocean.

    etc. etc.

    All US companies.

    Where are the EU alternatives that aren’t completely shite?

    1. JimmyPage Silver badge
      Stop

      Where are the EU alternatives that aren’t completely shite?

      If you dig, you'll find they were probably bought out by a US company and borged or borked.

      It's SOP to buy put your rivals where you can.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like