We know what comes next...
"Can we have a moratorium?"
The Privacy Shield agreement – which governs the flow of personal data between America and Europe – should be suspended if the US doesn't comply by 1 September, the European Parliament has said. At the plenary session of the European Parliament today, MEPs voted 303 to 223 in favour of a resolution that criticises the US and …
Alternatively you could just train people in GDPR compliance, with maybe a footnote that there are these fudges that might cover their arses for a few more years while they sort themselves out, but be prepared to have to rearrange the deckchairs every so often if you go down that route.
Only if it hits the Trump (extended) family, Russian Oligarchs, or some Saudi Princes. America has a variety of people, and businesses, but the ones not on the most-favored list can hold their breaths until blue (or red) in the face and their concerns will not be addressed.
Note that the businesses most likely to take a financial hit are on a very different list. Except maybe Palantir.
Privacy Shield 'on both sides' is a way to avoid real responsibility. The joke is on us! When it suits Germany, France, UK they shit all over EU users privacy in backroom bilateral US data exchanges...
--------------
http://www.bbc.co.uk/news/world-europe-36148107
http://www.bbc.co.uk/news/world-europe-32529277
http://www.theregister.co.uk/2015/05/01/german_spying_allegations_eu_commish_says_its_on_the_ball/
http://www.theregister.co.uk/2015/05/07/germany_curtails_nsa_snoop_assistance/
http://www.theregister.co.uk/2015/05/13/wikileaks_bundestag_nsa_probe_files/
http://www.theregister.co.uk/2015/02/04/germany_bnd_muscles_in_on_metadata_mass_surveillance/
keep in mind, U.S. law does not have to bow down to EU law. GDPR is a good idea in theory, but Con-Grab is going to have to legislate it. And NOBODY over here cares about "disobeying an EU law".
If you want something from U.S. Law, give something in return... then let Con-grab legislate it. That's how things work.
Here's a thought: what's the penalty for NON-compliance? whack our pee-pees ? take away our birthdays? Point fingers and make fun of us? Call Donald Trump 'Herr Drumpf" ??
Yeah, do better, make a deal, see results.
U.S. law does not have to bow down to EU law
Very true, and actually no-one is saying that it should - it is entirely a choice for the US government to make as to how it handles things.
Basically it comes down to this :
If you are based in the EU and hold/process personal information on any EU citizen or any person resident in the EU, then you have to abide by certain regulations. What's more, those regulations aren't actually very complicated. But a key thing is that you cannot transfer/store/process that personal data to anywhere where it is not adequately protected - and that still says nothing about US laws.
What is does mean is that if the US decides not to create an environment compatible with EU GDPR, then that's fine - it's own choice - but the ramification is that it becomesstays illegal for any business with a presence in the EU to put such personal data anywhere "within reach" of any business with a US presence. It still does not say what the US must do about laws - just that if the US chooses not to be compatible then it cannot expect to get/retain the business.
In a way there is the usual (and usually broken) analogy with cars. A US manufacturer is free to decide whether to make cars that comply with EU regulations - no one is forcing them to. The flip side is that if they do not, then they cannot sell cars into the EU.
TL;DR - Basically, if you want to play in our playground then you have to play by our rules.
The EU have no guts to get involved in any serious scuffle, let alone with our (their) (ex)protector. They are already shitting themselves about the looming trade war with US (but hey, UK is safe, non?! ;) never mind puffing and huffing, so this is just an empty threat, sorry.
You seem to make the common mistake of thinking of the EU as a single body.
The EU commission is largely made of gov wonks and tend to do the same sort of shady back-room deals that most governments do, but at least their masters can join the tabloids in blaming the "Evil EU" for making them do what they were lobbying for in the background anyway. Just like the UK gov and the telco data retention directive, for example. These are the ones trying to put a plaster on the current EU-US deal.
Then you have the MEPs who actually do a public debate and (mostly) democratic vote as they don't have much of a party-political goal scoring agenda like most lower houses. These are the ones who seem to be standing up for individual rights, just a shame our own MPs seem to care for none of it.
It would be even better had we (the UK) not voted in wasters like Farage who, whether you are pro-EU or anti-EU, did SFA to help any UK interest in any debates or votes.
.. I was just telling our shiny new in-house lawyer that the reason I was restructuring certain things in the organisation was because I fully expected Privacy Shield to fail, not because of recent events, but because it was just as much a non-fix from a legal perspective that it must have been a political stopgap to prevent a trade war - and we all know what Trump is starting right now.
That said, I wasn't quite expected to be proven right on the same day, I thought we had a few more months.
Oh well, hello overtime budget :)