Slashdot Mirror
Microsoft Declares Wholehearted Support For Privacy Shield (thestack.com)
An anonymous reader writes: Microsoft has declared its support for the EU-U.S. Privacy Shield. The proposed legislation to govern data transmission between the EU and U.S. has been the subject of much debate. While acknowledging that more work will need to be done after it is adopted, Microsoft has thrown its support behind Privacy Shield, stating that after careful and detailed review, it 'believes wholeheartedly that it represents an effective framework and should be approved.' Microsoft has pledged to sign up for Privacy Shield, to adhere to its current and future guidelines, and to respond to Microsoft user complaints under Privacy Shield within 45 days. Despite the framework being criticized for its inadequacy, Microsoft supports the Privacy Shield in its current form, and believes that further adjustments should be made after the initial adoption.Microsoft is the first company to sign up for EU-U.S. Privacy Shield pact. The EU privacy regulators are yet to share their views on the deal. According to a recent leak, however, it appears they wouldn't approve it. While this shouldn't stop the commission from making a decision, as Fortune explains, "they can't technically stop the commission issuing its adequacy decision, but they can make life very difficult for companies transferring the data if they think the U.S. doesn't offer adequate protections."
>> Despite the framework being criticized for its inadequacy, Microsoft supports the Privacy Shield in its current form
Microsoft prepared to deploy worldwide a clearly not ready half-baked piece of shit? surely not!!
I don't know what it is, but since M$ supports it, it must be bad!
In the off chance it is actually good, this is clearly the "Embrace" step.
There is this story - about adopting a insecure system that is called "Privacy Shield" - to imply that it is secure. Then there is 'secure boot' which requires UEFI - in the end is less secure than an old BIOS. Then the Apple court case - as if an Apple phone is secure....
All is intended to give people the idea that they have a secure-private method to communicate when the opposite is true.
Of course criminals will use the holes/backdoors at some point - could bring down the banking system.
One thing is for sure: if government is involved, you can bet that it does exactly the opposite of what the marketing name implies. For example, a new "initiative" that contains the word "privacy" will actively work against privacy.
This is exactly right.
For example, the "PATRIOT Act" (which basically gutted many provisions in the Constitution), or the "Clear Skies Act of 2003". The Clear Skies Act reduced regulation of polluting companies and increased the amount of pollutants they could release. "Clear Skies", my ass.
My guess is that "Privacy Shield" is filled with provisions and laws that make it easier to violate privacy, not increase or protect it.
Just cruising through this digital world at 33 1/3 rpm...
Feels kinda bad if you're on the receiving end of something like that, eh?
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
So many knee-jerk comments here. Get a grip folks.
This is about how we treat data of a citizen from one large jurisdiction when it moves to or is stored in another large jurisdiction, and removing legal uncertainty for the companies doing so. For example, this very site's account info of EU residents being stored in the US (handle, email and encrypted password). Nothing overly private, but still falls under privacy laws of hundreds of countries, each of which could voice a problem and issue a warrant or subpoena. Without overarching legal frameworks governing and taming this legal diversity and uncertainty, it is basically impossible to run a large website. Plain and simple. If you're an engineer, you absolutely want to be insulated and protected from all this possible BS, regardless of how much of a non-issue your own data collection might be to your engineering mind.
Of course, it's a joke:
- Privacy Shield make companies offer certain guarantees for the way they handle data, and adds a lot of bureaucratic requirements. However, companies are allowed to "self-certify" their compliance. The compliance requirements will be overwhelming for small companies, while the big one will be able to blow them off.
However, the big problem was, frankly, the US government. On this topic:
- Privacy Shield requires "written assurances that government access to EU personal data for national security purposes is subject to clear conditions, limitations, and active oversight." Those assurances would make uncomfortable toilet paper, but won't be good for anything else. "Bulk surveillance" of EU citizens is also still allowed, as long as the US government considers it "necessary and proportionate". Gee golly whiz, I can't wait for the US government to declare it's own spying "unnecessary".
- Oh, and wow: "EU citizens concerned about potential breaches of these binding commitments by the U.S. government can now refer their concerns to a newly appointed Privacy Shield Ombudsman". Who will pat you on the head, and tell you to go be a good little lemming.
The only way to prevent US abuse of data on European citizens is to prohibit the transfer to US servers in the first place. Microsoft has actually done something laudable here: They have set up an Azure data center in Germany, and subcontracted control of this data center to a German company. Theoretically, Microsoft has no access to data in that data center, except through the German company - which would obviously be directly subject to German privacy regulations. That's an excellent solution, if it really is implemented that way.
Enjoy life! This is not a dress rehearsal.