Irony Alert: US Could Block Personal Data Transfers To Ireland, European Home Of Digital Giants, Because GDPR Is Not Being Enforced Properly

from the biter-bit dept

Last year, the EU's top court threw out the Privacy Shield framework for transferring personal data between the EU and US. The court decided that the NSA's surveillance practices meant that the personal data of EU citizens was not protected to the degree required by the GDPR when it was sent to the US. This was the second time that such an agreement had been struck down: before, there was Safe Harbor, which failed for similar reasons. The absence of a simple procedure for sending EU personal data to the US is bad news for companies that need to do this on a regular basis. No wonder, then, that the US and EU are trying to come up with a new legal framework to allow it, as this CNBC story notes:

Officials from the EU and U.S. are "intensifying negotiations" on a new pact for transatlantic data transfers, trying to solve the messy issue of personal information that is transferred between the two regions.

Even if they manage to come up with one, there's no guarantee that it won't be shot down yet again by the courts, unless the underlying issues of NSA surveillance are addressed in some way -- no easy task. Meanwhile, there's been a fascinating development on the US side, reported here by The Irish Times:

The US Senate is to debate a proposal to limit foreign countries' access to US citizens' personal data and to introduce a licence requirement for foreign companies that trade in this information.

The draft "Protecting Americans' Data From Foreign Surveillance Act", presented on Thursday by Democratic Senator Ron Wyden of Oregon, is aimed primarily at curbing the sale and theft of data by "shady data brokers" to "hostile" foreign governments such as China.

The law may be aimed primarily at China, but its reach is wide, and it could hit an unlikely target. As the Irish Council for Civil Liberties (ICCL) explains, the new Bill (pdf) aims to stop the personal data of US citizens being transferred to locations with inadequate data protection -- just as the EU's GDPR does. But according to the ICCL, one country that may fall into this category of dodgy data handling is Ireland:

ICCL understands from those who wrote the draft Bill that Ireland's failure to enforce the GDPR is of particular concern. The Bill intentionally uses language from the GDPR, and targets this enforcement failure. The draft Bill makes clear that merely enacting strong data protection law such as the GDPR is not enough. That law must be enforced.

Most digital giants have their European headquarters in Ireland. Under the GDPR, it is Ireland's Data Protection Commission (DPC) that must investigate and ultimately fine these companies for their GDPR infringements anywhere in the EU. The DPC has opened many data privacy inquiries (pdf), but has so far failed to impose serious fines. Without strict enforcement by the Irish authorities, there is a growing feeling that the GDPR could be fatally undermined. Hence the risk that the US might not allow personal data to be transferred to Ireland, if the new "Protecting Americans' Data From Foreign Surveillance Act" becomes law. Given the long-standing concerns over the protection of personal data flows from the EU to the US, that would be a rather ironic turn of events.

Follow me @glynmoody on Twitter, Diaspora, or Mastodon.

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: data brokers, data transfers, gdpr, ireland, privacy, privacy shield, ron wyden, surveillance, us


Reader Comments

Subscribe: RSS

View by: Thread


  • This comment has been flagged by the community. Click here to show it
    identicon
    Anonymous Coward, 23 Apr 2021 @ 2:03pm

    profit harboring corporate criminals, get sanctioned

    entirely NOT irony

    reply to this | link to this | view in chronology ]

    • This comment has been flagged by the community. Click here to show it
      identicon
      Anonymous Coward, 23 Apr 2021 @ 2:04pm

      Re: profit harboring corporate criminals, get sanctioned

      YET AGAIN dozens of tries to get in to what appears a plain HTML box but is in fact censored out of sight

      reply to this | link to this | view in chronology ]

    • This comment has been flagged by the community. Click here to show it
      identicon
      Anonymous Coward, 23 Apr 2021 @ 2:06pm

      Re: profit harboring corporate criminals, get sanctioned

      and now that I'm in, works for a while, so I'll add this to point up is NOT "spam", that is, commercial, but only my ordinary opinion, not out of the ordinary on OTHER sites, that is, just that Techdirt has to discriminate against ordinary viewpoints or its corporatist advocacy falls apart

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 23 Apr 2021 @ 2:29pm

        Re: Re: profit harboring corporate criminals, get sanctioned

        That's for making it clear that you are writting stupid-pointless-annoying-message.

        (HINT: a message that is comprised of "this is not spam" and basically nothing else... is spam)

        reply to this | link to this | view in chronology ]

        • icon
          Stephen T. Stone (profile), 23 Apr 2021 @ 2:37pm

          Spam also need not be commercial in nature to be spam. Just ask Twitch streamers. 😄

          reply to this | link to this | view in chronology ]

          • identicon
            Anonymous Coward, 23 Apr 2021 @ 2:39pm

            Re:

            Absolutely true: but I don't have proof yet that they can grok one written idea, I didn't want to risk getting all the points lost by including two.

            reply to this | link to this | view in chronology ]

            • icon
              Scary Devil Monastery (profile), 26 Apr 2021 @ 6:38am

              Re: Re:

              "but I don't have proof yet that they can grok one written idea"

              Pretty sure by now that Baghdad Bob's actually managed the trick of learning to write without learning to read. Nine times out of ten his "contribution" on this forum is a recounting on how many times he spammed the thread for that one comment to get in.

              And the tenth is always an implied complaint about being silenced by Mike Masnick for, apparently, being a threat to the CIA's agenda of corporate overlordship or some deranged and gleeful rant about how pirates and corporatists will all end up punished.

              Never any indication he's actually read the OP.

              reply to this | link to this | view in chronology ]

      • icon
        PaulT (profile), 24 Apr 2021 @ 12:06am

        Re: Re: profit harboring corporate criminals, get sanctioned

        "I'll add this to point up is NOT "spam", that is, commercial"

        Whenever you get around to looking at how spam filters work (hint: it's not a person clicking on your emails to spite you), you might also want to check the definition of the word - spam need not be commercial by nature.

        You're also not "ordinary" by any stretch of the imagination. You're a rather unique moron.

        reply to this | link to this | view in chronology ]

        • icon
          Scary Devil Monastery (profile), 26 Apr 2021 @ 6:41am

          Re: Re: Re: profit harboring corporate criminals, get sanctioned

          "You're also not "ordinary" by any stretch of the imagination. You're a rather unique moron."

          No he's not? There are plenty of homeless, drunk, and/or insane people who act just like him. It's just that where the average village idiot on a bad trip rants about the gubmint being in cahoots with dem aliens who probed his ass, Baghdad Bob does the equivalent online.

          reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 26 Apr 2021 @ 8:49pm

        Re: Re:

        Wipe that Cary Sherman off your face, blue, or Jhon Smith will start shitposting again.

        reply to this | link to this | view in chronology ]

  • icon
    That One Guy (profile), 23 Apr 2021 @ 2:19pm

    'How dare you ignore the law we're ignoring ourselves?!'

    Privacy Shield gets tossed because an EU court doesn't trust the NSA to exercise self-control and not violate the GDPR, and now turnabout risks being applied thanks to Ireland not actually enforcing the GDPR and only paying lipservice to it. Both sides may have valid points but they are really shooting their own feet here and undermining their credibility by their actions and inactions respectively.

    As a side-note the fact that the NSA's penchant for snooping and grabbing everything it can tanked the previous two data-transfer agreements and is still apparently a sticking point is rather damning of the US here, as if that is the point of contention the fix would be to simply force the NSA to stop doing that, yet apparently that's seen as unacceptable.

    reply to this | link to this | view in chronology ]

    • icon
      Stephen T. Stone (profile), 23 Apr 2021 @ 2:21pm

      “Those pesky Americans aren’t going to just give up all their data to us!” — the NSA in justifying its continual snooping and hoovering, probably

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 24 Apr 2021 @ 9:01am

    The data regulator in ireland is investigating facebook for the massive data leak of 500 million accounts,
    under gdpr it should inform users of any data breach but its claiming its just a case of data scraping not a hack.
    of course nsa wants to grab everything but at this point almost every adult who uses the web in america must have had personal user data hacked and this info is still out there .
    there seem to be companys hacked with millions of user accounts almost every week.
    the usa has a point in that when theres fines for tech companys
    it always seems to be from the usa regulator.

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Close

Add A Reply

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Insider Shop - Show Your Support!

Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Recent Stories
.

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.