The notional purpose of the EU-US Privacy Shield is to establish a framework that allows personal data for commercial purposes to be transferred between the European Union and the United States.
Personal data that is received by US companies operating in Europe is ostensibly governed by EU privacy laws. Pick any notable US organization and they have an office in Europe, typically serving the EMEA region.
But for the purposes of this rant suffice to say that we need only consider Google, Apple, Microsoft, Twitter, and Facebook (a.k.a “Farcebook”).
Do not buy into the high profile privacy battles that these organizations now raise high as examples of their commitment to their customers’ privacy. These are PR tactics.
All of these organizations were more than happy to be secretly willing accomplices to US intelligence agency antics and law-breaking before their activities were exposed and they suffered a backlash. They have been vigourously back-pedalling and papering over the cracks ever since. It is all meaningless posturing.
They are inherently compromised, every day, and in every way.
The EU-US Privacy Shield replaces what was called the International Safe Harbor Privacy Principles (ISHPP). Lofty names for a veneer that actually contains no verifiable substance or oversight when you examine the vast amount of exceptions and undermining laws that in fact render them all moot.
In late 2015 , the ISHPP was declared invalid in its entirety by the EU at a hearing in the European Court of Justice.
But like a smarmy salesperson, the US simply flicked the pages on the sales brochure asking “well, what about this?” – “no?” – “this?” – “no?” – “this?” – until some browbeaten Brussels technocrat bought the bullshit and agreed a new name for the same abuses.
In the usual garbled and meaningless language of the European Commission it was declared on 2nd February 2016 that the EU and the US had found new common ground on the privacy issue and an “Adequacy Decision” was published. (What exactly is an “Adequacy Decision” when it is at home eating chips and eavesdropping on its neighbours?)
In a Chamberlain-esque pose the EU held up this new agreement and declared that it was “…. equivalent to the protections offered by EU law.”
It is not.
For more scholarly and considered thinking, read Joint letter to European Commission on EU-US Privacy Shield (July 26, 2017) from Human Rights Watch and Amnesty International to the European Commission to urge a re-evaluation of its Implementing Decision 2016/1250 on the adequacy of the protection provided by the EU-U.S. Privacy Shield on the basis that the United States of America (United States) does not ensure a level of fundamental rights protection regarding the processing of personal data that is essentially equivalent to that guaranteed within the European Union (EU).