Well, we'll see what the agreement actually entails. But I am deeply skeptical of any agreement that doesn't also include legislative proposals on the US side.
The EU court rulings on US <--> EU data transfers observes, correctly, that US law does not have much in the way of accountability for US law enforcement's access to personal data. That's what all of this has been about. You can't use Standard Contractual Clauses, because US law allows the FBI to override the contracts and demand the data. You can't use Binding Corporate Rules, because US law says a warrant overrides that. You can't fulfill your obligation to notify the data subject, because a National Security Letter requires secrecy.
An agreement to replace Privacy Shield will ultimately not stand up in EU court unless the US curtails the reach of law enforcement access to private data. Which, I'll be happy if that happens, but I'm skeptical.
Yep, just see what happened with FATCA. Where is the US data on EU citizens hiding assets in the US?
Are American's asked when they open a bank account if they are a citizen of another country? Every time I open an account in Switzerland I am specifically asked if I am a US citizen and many banks will not accept your business if you are.
If the US bank doesn't hold up their part of FATCA nothing happens. If a Swiss bank doesn't follow FATCA they can have their ability to deal in dollars removed which is the death of a bank.
So the information is still being exchanged, but as i understand it most stuff is essentially handled by local tax authorities, so for most people they don't need to care about it or fill out forms.
Are American banks required by FATCA to report the same sort of data on EU citizens as EU banks are on American citizens? I.e. are you saying that the US isn't meeting its obligations? I always just assumed the US had negotiated an unequal deal.
edit: Yeah so it seems FATCA never intended any sort of reciprocity:
Also maybe my statement above "...the US had negotiated..." seems off since it doesn't really appear like the US negotiated much at all. Looks more like they just demand it.
edit: Reading that Wikipedia article makes this seem like an even bigger clusterfuck than I ever expected and I have dealt with and hated the implications of FATCA for years.
It's as if the EU enjoys spending time with Max Schrems in court. It's going to fail, again, and businesses are going to pretend they couldn't possibly have seen it coming, again, and nobody is going to care, again.
I worry this coupling will make it harder for laws to evolve. What would GDPR look like if the EU had to coordinate with the US? Probably some muted, compromised version.
The EU court rulings on US <--> EU data transfers observes, correctly, that US law does not have much in the way of accountability for US law enforcement's access to personal data. That's what all of this has been about. You can't use Standard Contractual Clauses, because US law allows the FBI to override the contracts and demand the data. You can't use Binding Corporate Rules, because US law says a warrant overrides that. You can't fulfill your obligation to notify the data subject, because a National Security Letter requires secrecy.
An agreement to replace Privacy Shield will ultimately not stand up in EU court unless the US curtails the reach of law enforcement access to private data. Which, I'll be happy if that happens, but I'm skeptical.