If you read the European Commission’s announcement on the EU-US Privacy Shield (summary here), you may have come away with a more positive impression of its protections than is actually warranted.
Here’s one of the critiques that have appeared in the past few days. Klint Finley reports:
Companies like Facebook and Google can continue transferring data from the European Union to their servers in the US under a new deal between the two governments that privacy advocates still say isn’t good enough.
[…]
Under the Privacy Shield, US companies will be able to “self-certify” that they follow the privacy principles outlined in the framework. The agreement establishes an “ombudsperson” in the US State Department who will address privacy-related questions and complaints from people in the EU.
Privacy advocates say those protections are inadequate and want to see the Privacy Shield quashed. The ombudsperson will have limited power to fix problems and won’t be all that independent since that person will report to the Secretary of State, argues Privacy International.
Read more on Wired.