Safe Harbour is dead, long live the Privacy Shield. But is this US data transfer agreement a dead man walking?
Why the hostility? Consider this: the European Court of Justice (ECJ) killed Safe Harbour in October when it ruled that, essentially, the US was more interested in national security and law enforcement matters (also known as snooping the bejesus out of everyone) over and above any guarantees of meaningful privacy. Since then, absolutely nothing has changed. The Privacy Shield framework requires the US to give a written promise, on a yearly basis, that hand-on-heart it won’t participate in mass surveillance of EU citizens. This is laudable in principle and laughable in practice. Any talk of ‘clear limitations and safeguards’, and most of all ‘oversight mechanisms’, in the context of the NSA is, frankly, a crock. Not least because the US explicitly allows mass surveillance of the very kind it’s promising not to carry out.
