Slashdot Mirror

← Back to Stories (view on slashdot.org)

Privacy Shield Data Pact Gets European Approval (bbc.com)

Posted by msmash on from the for-now dept.

A commercial data transfer pact provisionally agreed by the EU executive and the United States in February received the green light from EU governments on Friday, the European Commission said, paving the way for it to come into effect next week. This will end months of legal limbo for companies such as Facebook, Google, and MasterCard after the EU's top court struck down the previous data transfer framework, Safe Harbour, on concerns about intrusive U.S surveillance. BBC reports: Member states of the European Commission have given "strong support" to the Privacy Shield said the EC's Justice Commissioner Vera Jourova in a statement. Ms Jourova said the approval paved the way for the formal adoption of the agreement early next week. "The EU-US Privacy Shield will ensure a high level of protection for individuals and legal certainty for business," said Commissioner Jourova. "It is fundamentally different from the old Safe Harbour." The adoption of the Privacy Shield ends months of uncertainty for many tech companies such as Google and Facebook after the European court found the Safe Harbour agreement wanting. The agreement covers everything from personal information about employees to the detailed records of what people do online, which is often used to aid targeted advertising. The Safe Harbour pact let US companies skirt tough European rules that govern how this data can be treated, by letting them generate their own reports about the steps they took to stop it being misused.Ars Technica's report further explains the matter.

19 comments

  1. Nice name by Anonymous Coward · · Score: 1

    too bad these things invariably mean the European people end up with less privacy than they'd had before "data sharing" or whatever the euphemism is this week.

    1. Re: Nice name by Anonymous Coward · · Score: 0

      Yep. Never trust an american.

  2. Friday Friday by Anonymous Coward · · Score: 0

    Gotta get down on Friday
    Everybody's looking forward to the weekend

    1. Re:Friday Friday by Anonymous Coward · · Score: 0

      Fun fun fun fun

  3. Right by Anonymous Coward · · Score: 0

    But does it come with bacon and a side of ranch? No? Then who fucking cares

    1. Re:Right by Opportunist · · Score: 1

      Since this is the EU we're talking, you can rest assured it doesn't just come with bacon but with a few barrels of pork.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  4. European pizza approval by Anonymous Coward · · Score: 0

    We took our regular DEEP!DEEP! Dish pizza and loaded more than 3 ½ feet of cheese right into the crunchy crust to create one of our most indulgent pizzas ever.

    Starting March 21, the decadent Stuffed Crust DEEP!DEEP! Dish pizza will be available for a limited time for just $10 plus tax where applicable at participating locations. The pizza will be offered all day, and available HOT-N-READY between 4 p.m. and 8 p.m.

  5. coming up soon... by ooloorie · · Score: 2

    After the "Safe Harbor" and the "Privacy Shield", why not go for some spicier names for the next few rounds of this?

    "Data Chastity Belt"
    "Information Condom"
    "The Internet Dildo"

  6. So is it good or bad for privacy? by houghi · · Score: 1

    I have read the article and the last line says "Privacy watchers predict that the deal will end up before the CJEU again before too long." and I am still none the wiser if it is stricter or less strict or what.

    --
    Don't fight for your country, if your country does not fight for you.
    1. Re:So is it good or bad for privacy? by aicrules · · Score: 1

      I believe the privacy of this deal has been successfully protected then!

    2. Re:So is it good or bad for privacy? by aicrules · · Score: 3, Informative

      It allows a data transfer between the US and EU that wasn't going to be allowed before. From that perspective some group of people's privacy has been eroded. The provisions that have been finally approved make the way that data transfer is handled supposedly safer and therefore less likely to have that group of people's private data exposed to people who aren't supposed to get the data as part of the data transfer. Net result is affected group's privacy has been lessened.

    3. Re:So is it good or bad for privacy? by Anonymous+Brave+Guy · · Score: 2

      The trouble is that the fundamental paradox still exists.

      On the one hand, European privacy standards are stronger than the US. In particular, there is no magic exemption in the European privacy rules where the US government should be allowed to arbitrarily spy on European citizens if their data is exported to or via a company with assets in the US. Clearly the US government disagrees with this principle and wants access to everything, and it is well established that the US government does in fact take measures to do that monitoring and does consider that data its for the taking. In short, Snowden and the like have undermined the polite fiction that underpinned the previous Safe Harbor arrangement, which in theory leaves any European data controller that exports personal data to a US partner at risk of violating the data protection rules.

      On the other hand, European and US businesses have a lot more options and can provide better and cheaper services to their customers if they can work together. Working together inevitably involves passing some data around that actually is reasonable and necessary for what the customer actually wants. If the companies involved are basically responsible in how they handle that data then being able to work together does little practical harm compared to European companies working with other European companies, since our own governments pose essentially the same threat to privacy and there are plenty of alliances with the US in that respect.

      So this is basically a matter of principle -- the US government wants access to all the data it can find in a dragnet, which is contrary to the basic privacy rules in Europe -- vs a matter of pragmatism -- governments are widely ignoring the rules and either breaking the laws or changing their own laws to allow this kind of behaviour anyway, and banning all personal data sharing because of that special case may be throwing the baby out with the bathwater if the businesses in the US are otherwise constrained to handle any exported personal data to the same standards as businesses in Europe.

      --
      If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
    4. Re:So is it good or bad for privacy? by Anonymous Coward · · Score: 0

      The US companies could simply provide few paragraphs in the ToS describing the use of personal information for intelligence gathering and law enforcement purposes. Job done and privacy officials happy! The real problem is the US Cult of Secrecy.

    5. Re:So is it good or bad for privacy? by Anonymous+Brave+Guy · · Score: 1

      Nope, because then you violate the European rules about collecting and sharing personal data. You aren't allowed to just put riders in some contract or terms somewhere saying you can collect whatever you want and use it for whatever you want and then claim the user gave their consent or something.

      In practice it's rarely enforced because there aren't the resources to go after every little business that doesn't fully comply, and no-one has much interest in doing so anyway as long as they're following the spirit of the rules. But for larger companies that are big enough and doing enough with the data to attract real scrutiny and potentially real penalties, this is a legitimate concern.

      --
      If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
    6. Re:So is it good or bad for privacy? by Anonymous Coward · · Score: 0

      You aren't allowed to just put riders in some contract or terms somewhere saying you can collect whatever you want and use it for whatever you want and then claim the user gave their consent or something.

      That is, if the user cannot opt out for the collection or if using the service is somehow dependent of agreement even if it's not necessary for providing the service. Like in the case of Fuckbook.. I mean Facebook.
        The new data protection regulation 2016/679 mentions that it doesn't apply to the cases related to national security or those related to common foreign policy. The US companies might as well provide their data through national officials working with the US or other officials. Same results all around.

  7. Cue the next law suit by Errol+backfiring · · Score: 1

    It was long known that this new treaty was as flawed as the previous one. This means that another law suit is needed to overthrow it again. The European Commission feels it is only accountable to foreign countries and companies, not to actual European people. You can read more on New “Shield”, Old Problems.

    --
    Nae king! Nae laird! Nae yurrupiean pressedent! We willna be fooled again!
    1. Re:Cue the next law suit by rtb61 · · Score: 1

      Actually it comes off as a bit of a trap. It seems to be written to be broken, the exposed as bring broken and then far stricter rules being justified. It's like they fully expect the US government to break those rules in it's grab for total power and control and so the new shield is designed to fail. Stricter and stricter privacy rules as slowly but surely coming into being and corrupt government agencies and equally corrupt corporations are fighting them to the bitter end. It seems to have become a regular annual cycle, privacy laws are implemented, found to be insufficient and are tightened up, and this cycle is repeated again and again. M$ and windows 10 is directly threatened by these laws.

      --
      Chaos - everything, everywhere, everywhen
  8. Summary by Anonymous Coward · · Score: 0

    ... let US companies skirt tough European rules ...

    It's interesting they put the main point last. Also they don't mention how the new framework solves the 2 biggest problems: "intrusive U.S surveillance" and aggregating data within reach of US laws. Given that this is an admitted dilution of the rules, one must assume these problems have been solved by the "Don't ask, don't tell" mantra.