Trump seeks to "paralyze" the "Privacy and Civil Liberties Oversight Board" (PCLOB). A key element of the EU-US data transfer deal ("TADPF") that allows EU-US data flows.
US-Cloud was always illegal for EU-citizens since GDPR. Privacy shield was just the next try to label it as legal without changing the cause (US having no privacy protection) until it gets disabled again by EU court in 5 to 10 years.
It’s never been illegal at all, you’re oversimplifying the issue. Plenty of use cases that can use US clouds. Not all data is PII and plenty of use cases perform fine by anonymising their data.
Also EU countries aren’t that better than US when it comes to state issued privacy violations; we just don’t do dragnet bullshit (yet) but plenty of requests are served as requested…
That’s not the only way to do it. In quite a lot of situations you can, instead, generate artificial data that is statistically similar to the original data set and use that instead. That works well for things like system testing, performance tuning and integration testing. Done right, you can even still pull out useful corelations without risking deanonymising the data.
There’s plenty of techniques to avoid re-identification… aggregation isn’t the only way. Especially considering that aggregation if using a stupid dimension isn’t helping at all…
Depends on the dimension used. « Shoulds » are meaningless. Let’s not assume everyone is doing shit work, awareness is getting there and people are getting more capable to correctly classify data.
Anyway assuming correct classification there are techniques that changes classification enough to allow exportation of data to shit countries.
Good thing I’m correct as it’s my job to ensure compliance with it for my employer and related companies.
And we call those rights « data subject rights » as it’s not about users but specifically the physical person concerned about the data. But close enough I guess.
US-Cloud was always illegal for EU-citizens since GDPR. Privacy shield was just the next try to label it as legal without changing the cause (US having no privacy protection) until it gets disabled again by EU court in 5 to 10 years.
It’s never been illegal at all, you’re oversimplifying the issue. Plenty of use cases that can use US clouds. Not all data is PII and plenty of use cases perform fine by anonymising their data. Also EU countries aren’t that better than US when it comes to state issued privacy violations; we just don’t do dragnet bullshit (yet) but plenty of requests are served as requested…
Short of aggregating it to get rid of the individual records completely, “anonymizing data” isn’t actually a thing.
That’s not the only way to do it. In quite a lot of situations you can, instead, generate artificial data that is statistically similar to the original data set and use that instead. That works well for things like system testing, performance tuning and integration testing. Done right, you can even still pull out useful corelations without risking deanonymising the data.
There’s plenty of techniques to avoid re-identification… aggregation isn’t the only way. Especially considering that aggregation if using a stupid dimension isn’t helping at all…
An alarming amount of data that should be classed as PII isnt. information in aggregate changes classification, PII should be treated the same.
Depends on the dimension used. « Shoulds » are meaningless. Let’s not assume everyone is doing shit work, awareness is getting there and people are getting more capable to correctly classify data. Anyway assuming correct classification there are techniques that changes classification enough to allow exportation of data to shit countries.
Correct. GDPR doesn’t prevent US services from serving users in Europe. It does enforce some user rights though.
You are also correct about EU countries violating privacy rights, this is a global fight, not limited to the US or US companies.
Good thing I’m correct as it’s my job to ensure compliance with it for my employer and related companies.
And we call those rights « data subject rights » as it’s not about users but specifically the physical person concerned about the data. But close enough I guess.