Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Microsoft Privacy Security Technology Your Rights Online

Microsoft Declares Wholehearted Support For Privacy Shield (thestack.com) 64

An anonymous reader writes: Microsoft has declared its support for the EU-U.S. Privacy Shield. The proposed legislation to govern data transmission between the EU and U.S. has been the subject of much debate. While acknowledging that more work will need to be done after it is adopted, Microsoft has thrown its support behind Privacy Shield, stating that after careful and detailed review, it 'believes wholeheartedly that it represents an effective framework and should be approved.' Microsoft has pledged to sign up for Privacy Shield, to adhere to its current and future guidelines, and to respond to Microsoft user complaints under Privacy Shield within 45 days. Despite the framework being criticized for its inadequacy, Microsoft supports the Privacy Shield in its current form, and believes that further adjustments should be made after the initial adoption.Microsoft is the first company to sign up for EU-U.S. Privacy Shield pact. The EU privacy regulators are yet to share their views on the deal. According to a recent leak, however, it appears they wouldn't approve it. While this shouldn't stop the commission from making a decision, as Fortune explains, "they can't technically stop the commission issuing its adequacy decision, but they can make life very difficult for companies transferring the data if they think the U.S. doesn't offer adequate protections."
This discussion has been archived. No new comments can be posted.

Microsoft Declares Wholehearted Support For Privacy Shield

Comments Filter:
  • to be breached "heartedly"
  • Comment removed based on user account deletion
    • by Anonymous Coward

      One thing is for sure: if government is involved, you can bet that it does exactly the opposite of what the marketing name implies. For example, a new "initiative" that contains the word "privacy" will actively work against privacy.

      • Re:What doies it do? (Score:5, Interesting)

        by JustAnotherOldGuy ( 4145623 ) on Monday April 11, 2016 @11:35AM (#51885149) Journal

        One thing is for sure: if government is involved, you can bet that it does exactly the opposite of what the marketing name implies. For example, a new "initiative" that contains the word "privacy" will actively work against privacy.

        This is exactly right.

        For example, the "PATRIOT Act" (which basically gutted many provisions in the Constitution), or the "Clear Skies Act of 2003". The Clear Skies Act reduced regulation of polluting companies and increased the amount of pollutants they could release. "Clear Skies", my ass.

        My guess is that "Privacy Shield" is filled with provisions and laws that make it easier to violate privacy, not increase or protect it.

        • Companies that trade on your data have no interest in enhancing privacy. While MSFT isn't exactly FB in terms of profiting off compiling data about you and selling it to advertisers, the fact that there is a market for this means MSFT will be trying to get into it.

          • While MSFT isn't exactly FB in terms of profiting off compiling data about you ... yet

            Remember the Scroogle Ad campaign? Well they are doing the very thing they said they weren't doing. They are now going after that market.

    • The most useful legislation for these things is "facilitation by limitation": doing X is a liability nightmare and legally ambiguous, thus we write laws describing when and how you can do X and banning any doing of X outside these limitations. In this case, a useful law would facilitate the transfer of data between countries by describing how those transfers are handled and what legal and contractual agreements for handling that data must be in place, including requirements for mutual legal protections (

    • by Anonymous Coward

      It is obviously to shield corporations from privacy laws.

    • On the face of it, it seems the US Government is recognizing privacy rights of EU citizens -- that the US does not give its own citizens. What does the US get out of this? More profits for MS, Google, et al.? I would support it if the US was willing to step up to European standards of privacy for everybody.

    • by HiThere ( 15173 )

      IIUC the "Privacy Shield" is intended to replace the current data-sharing arrangement between the US and the EU. An EU court said that the current arrangement violated the rights of EU citizens, but gave them some time to craft a replacement program.

      Since the US is in favor of "Privacy Shield" one may guess that it's a bit pervious, but that's not proof, and I'm no lawyer.

      OTOH, my cynicism is such that if MS in in favor of it, I expect that it would be bad for me.

  • Surely not! (Score:5, Funny)

    by JustNiz ( 692889 ) on Monday April 11, 2016 @11:14AM (#51884945)

    >> Despite the framework being criticized for its inadequacy, Microsoft supports the Privacy Shield in its current form

    Microsoft prepared to deploy worldwide a clearly not ready half-baked piece of shit? surely not!!

  • slashdot bot (Score:4, Insightful)

    by Merk42 ( 1906718 ) on Monday April 11, 2016 @11:14AM (#51884949)
    I don't know what it is, but since M$ supports it, it must be bad!
    In the off chance it is actually good, this is clearly the "Embrace" step.
    • This is why you don't run an evil corporation and get a bad reputation. It sticks with you for years, and years, and decades afterwards. There are people today who are still angry at the Ford Motor Company for what they did with the Ford Pinto, and that was in the 1970s. [howstuffworks.com] Calling for a megabillion dollar corporation to be treated fairly, when they themselves never felt any obligation to do any such thing, is asking rather a lot.
    • The Privacy Shield is an agreement on how to handle data. It has no legal binding until agreed on by the EU courts, and even then can be challenged by members of the EU. Most would consider it a gentleman's agreement at this point.

      Since Microsoft has a history of not being a gentleman I doubt anyone takes their faith in this agreement seriously at all. As soon as the US Government said "Give us the data" Microsoft has historically complied. I'm not sure how you are supposed to trust them on this one, bu

  • by xtronics ( 259660 ) on Monday April 11, 2016 @11:22AM (#51885035) Homepage

    There is this story - about adopting a insecure system that is called "Privacy Shield" - to imply that it is secure. Then there is 'secure boot' which requires UEFI - in the end is less secure than an old BIOS. Then the Apple court case - as if an Apple phone is secure....

    All is intended to give people the idea that they have a secure-private method to communicate when the opposite is true.

    Of course criminals will use the holes/backdoors at some point - could bring down the banking system.

    • by Curate ( 783077 )

      Then there is 'secure boot' which requires UEFI - in the end is less secure than an old BIOS.

      Are you saying Secure Boot (using UEFI) is less secure than traditional BIOS, or that UEFI by itself is less secure than traditional BIOS? And either way, I'm curious why you think that?

      • The old BIOSs did not have a way to write to your hard-drive or connect to the internet(all one needs to compromise your computer). UEFI is a proprietary mini operating system with code no one can see. You can not get the information needed to install coreboot - (by design - at the request of three letter agencies) - no computer younger than 5 years appears to be secure-able.

        Of course there is also the problem with the firmware on hard-drives. Or even processor microcode - closed source means not secure..

  • by Anonymous Coward

    Just as Patriot act was actually a treason, and just as Free Trade acts are actually about limiting trade and creating state-supported monopolies, this "Privacy Shield" is actually about viciously attacking individual privacy. You have to replace the words with their antonyms to get the true meaning.

  • Microsoft also promises not to come in your mouth.

  • Not like anything ever is on topic around here but does anyone what kind of encryption is in windows phones or anywhere that says? Specifically Lumia 950. With all the apple/fbi stuff the detailed quite well what tech was inside but all i can find for windows is some bumf and how to turn it on.
  • by cweber ( 34166 ) <cwebersdNO@SPAMgmail.com> on Monday April 11, 2016 @01:16PM (#51885985)

    So many knee-jerk comments here. Get a grip folks.

    This is about how we treat data of a citizen from one large jurisdiction when it moves to or is stored in another large jurisdiction, and removing legal uncertainty for the companies doing so. For example, this very site's account info of EU residents being stored in the US (handle, email and encrypted password). Nothing overly private, but still falls under privacy laws of hundreds of countries, each of which could voice a problem and issue a warrant or subpoena. Without overarching legal frameworks governing and taming this legal diversity and uncertainty, it is basically impossible to run a large website. Plain and simple. If you're an engineer, you absolutely want to be insulated and protected from all this possible BS, regardless of how much of a non-issue your own data collection might be to your engineering mind.

  • by bradley13 ( 1118935 ) on Monday April 11, 2016 @01:57PM (#51886365) Homepage

    Of course, it's a joke:

    - Privacy Shield make companies offer certain guarantees for the way they handle data, and adds a lot of bureaucratic requirements. However, companies are allowed to "self-certify" their compliance. The compliance requirements will be overwhelming for small companies, while the big one will be able to blow them off.

    However, the big problem was, frankly, the US government. On this topic:

    - Privacy Shield requires "written assurances that government access to EU personal data for national security purposes is subject to clear conditions, limitations, and active oversight." Those assurances would make uncomfortable toilet paper, but won't be good for anything else. "Bulk surveillance" of EU citizens is also still allowed, as long as the US government considers it "necessary and proportionate". Gee golly whiz, I can't wait for the US government to declare it's own spying "unnecessary".

    - Oh, and wow: "EU citizens concerned about potential breaches of these binding commitments by the U.S. government can now refer their concerns to a newly appointed Privacy Shield Ombudsman". Who will pat you on the head, and tell you to go be a good little lemming.

    The only way to prevent US abuse of data on European citizens is to prohibit the transfer to US servers in the first place. Microsoft has actually done something laudable here: They have set up an Azure data center in Germany, and subcontracted control of this data center to a German company. Theoretically, Microsoft has no access to data in that data center, except through the German company - which would obviously be directly subject to German privacy regulations. That's an excellent solution, if it really is implemented that way.

In the long run, every program becomes rococco, and then rubble. -- Alan Perlis

Working...