Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

The article says "The U.S. government on July 3 said it had fulfilled its requirements under the agreement." But the article detailing that "fulfillment" is behind a paywall. Does anyone know what changes the US made?

It would be encouraging if pressure from the EU actually resulted in improved privacy protections in the US.



The decision from the Commission lists what the US did (linked from the article).[0] Although, I'll admit, I am not great at reading language that verbose.

[0] https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae6...


So, reading section 3.2.1, which details the legal basis for collection under national security purposes, all of it seems to hang on EO 14086, which "replaces Presidential Policy Directive (PPD-28) to a large extent, strengthens the conditions, limitations and safeguards that apply to all signals intelligence activities (i.e. on the basis of FISA and EO 12333), regardless of where they take place, and establishes a new redress mechanism through which these safeguards can be invoked and enforced by individuals (see in more detail recitals 176-194). In doing so, it implements in U.S. law the outcome of the talks that took place between the EU and U.S. following the invalidation of the Commission’s adequacy decision on the Privacy Shield by the Court of Justice (see recital 6). It is, therefore, a particularly important element of the legal framework assessed in this Decision."

A short check tells me that any current or future president can revoke an executive order at any time. So, the commissions decision in regards to FISA (which this is mainly about) hangs on Bidens word that neither he nor one of his successors will change it? Yeah ... I don't see how that's gonna fly with the EUCJ.

(The article also stated it, but I wanted to check in the original documents if that's really all they base their "all is good with FISA now" decision on)


Interesting. If i understand correctly, this means US processors and controllers must be certified annually by the FTC and/or DoT.

The certification is based on Principles outlined in the document and are very GDPR-ey


> FTC and/or DoT.

... none of which are European, or much aligned with European interests in any way

I call BS.


I believe the changes go back to an execute order from October 2022. https://www.linklaters.com/en/insights/blogs/digilinks/2022/... has a summary.

One key issue was that European citizens should have a way to make complaints (it wasn't clear which US agency was responsible and if they'd act), another that intelligence agencies don't get a blank check looking at all data.


Nothing has changed except some wording. Basically it boils down to this:

Either GDPR is removed as law in the EU or Non-US citizens are given full constitutional rights under US law. That's it.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: