cross-posted from: https://sopuli.xyz/post/14006758

Yikes.

“In the adequacy decision, the European Commission estimated that the U.S. ensures a level of protection for personal data transferred from the EU to U.S companies under the new framework that is essentially equivalent to the level of protection within the European Union.” (emphasis added)

Does the EU disregard the Snowden revelations?

And what a missed opportunity. California state specifically has some kind of GDPR analogue, so it might be reasonable if CA specifically were to satisfy an adequacy decision, (still a stretch) but certainly not the rest of the country. Such a move could have motivated more US states to do the necessary.

I must say I’ve lost some confidence and respect for the #GDPR.

  • dotslashme@infosec.pub
    link
    fedilink
    English
    arrow-up
    8
    ·
    6 months ago

    Hardly an expert, but isn’t these rules basically the same as in privacy shield?

    AFAIK the US are not going to change anything about FISA 702 and with this agreement in place it sounds like business as usual for the NSA.

    • freedomPusher@sopuli.xyzOP
      link
      fedilink
      arrow-up
      4
      ·
      edit-2
      6 months ago

      I wasn’t aware of the “Privacy Shield”, but the article mentions that:

      “In the Schrems II judgement, the CJEU raised several points regarding the U.S. intelligence agencies’ access to EU data. The EU-U.S. Data Privacy Framework tackles them and includes significant improvements compared to the mechanism having existed under the Privacy Shield.”

      Found this and this to help me catch up on this.

      (edit) in this doc I counted 81 “should”s and 33 “shall”s, to get an idea of the strength.