Scroll Top

The eerie silence regarding TransAtlantic data transfers

The eerie silence regarding TransAtlantic data transfers

It all started with:
– Julian Assange, in 2010, when he published a series of leaks from US Army intelligence;
– Edward Snowden, who in 2013 revealed the extent of spying WORLDWIDE, in every country, company, organisation, individual AND child by the US National Security Agency.
Since then, anyone who explicitly says they care about your privacy but avoids praising Snowden’s and Assange’s names is a liar. Blatant liar! Every individual, every company, every organisation, every government.

Continuing this thread, in 2015 the EU’s top court struck down the notorious TransAtlantic data transfers and their framework system, known as Safe Harbor, over concerns that US could has unfettered access to EU data. It was a surprise decision that ruffled a lot of feathers in the US.

Immediately, in early 2016 – because these sorts of issues never get bogged down in the labyrinth of bureaucracy – the EU and the US reached an agreement on the Privacy Shield, in which the US guaranteed EU citizens robust privacy protections and their right to judicial review.

The Privacy Shield is for the ONLY 5,300 companies and organisations to siphon and send private, sensitive, intellectual, secret data from the EU to the U.S. This is no surprise as these scandals have shed light on this transatlantic communication: Panama Papers, Global Laundromat, Gürtel case, Maldives papers, FIFA racketeering, Paradise Papers, Facebook-Cambridge Analytica, WhatsApp phone hacks and leaks, iPhone phone hacks, with countless data breaches, ransomware and zero-day vulnerabilities in everything: operating systems, servers, browsers, devices, appliances, medical devices.

In 2020, the EU again took a stance, together with the Austrian privacy advocate Max Schrems, who had campaigned against Meta’s Facebook for privacy violations, and PROVED that multiple US-UK agencies are accessing Europeans’ data. This is during the GDPR, with laws like: consent, right to be forgotten and so on.

Immediately, this time more quickly, in March, during US President Joe Biden’s visit to Brussels, the EU and the United States reached a provisional agreement, with both sides saying they had taken into account the Court’s concerns and include stronger legal safeguards. Emphasis on SAYING, as nothing has changed since.

NOW, in 2023, in the EU and across the European continent … ALL existing companies are using data transfer tools known as standard contractual clauses to transfer data to the UK and US, from services ranging from cloud infrastructure, data hosting, payroll and finance to marketing, advertising and analytics, devices and appliances connected to the Internet of Things. All of this is overseen by the mighty EU’s General Data Protection Regulation (GDPR) and each country’s individual data protection authority.

Hire professionals to manage your WordPress & WooCommerce from an infrastructure provider located in your country BEFORE IT’S TOO LATE! You will also protect your customers, your reputation and your future budget.

And why is this so grim? Because the GDPR and the US Privacy Shield framework are on opposite ends of the spectrum, while the United Kingdom (UK) has NO national constitutional PRIVACY provision. With the UK it’s simple, if they don’t have privacy laws, then they have the exact opposite: complete censorship, surveillance and whatnot. Yay for Brexit!

Regarding the US Privacy Shield Framework – https://www.privacyshield.gov/article?id=1-Sensitive-Data, their stance on transfers is clear and transparent: “An organisation is NOT REQUIRED to obtain affirmative express CONSENT (opt in) with respect to sensitive data where the processing is:”


1 – “in the vital interests of the data subject or another person;” – WOW, vital interest of ANOTHER PERSON, than the EU’s citizen. Wonder who might be. WHO indeed. :)
2 – “necessary for the establishment of legal claims or defences;” – So if you choose to fight through the legal system, you and your organisation will be investigated first. Nice, totally legit and not at all ironic if you open a court complaint regarding a privacy overreach via direct or mass hacking on individuals, companies, politicians, journalists :)
3 – “required to provide medical care or diagnosis;” – a European joke about public health in the US: I CANNOT afford it! :)
4 – “carried out in the course of legitimate activities by a foundation, association or any other non-profit body with a political, philosophical, religious or trade-union aim and on condition that the processing relates solely to the members of the body or to the persons who have regular contact with it in connection with its purposes and that the data are not disclosed to a third party without the consent of the data subjects;” – the infamous foundations and non-profit activism, present in each EU country by the thousands as registered entities and by the legion as fictive citizens. NOT gonna touch this cesspool.
5 – “necessary to carry out the organisation’s obligations in the field of employment law;” – against discriminatory and fair recruitment practices in the EU. Have you ever – and I mean EVER – said anything publicly against what is now considered a TABOO subject? Bummer! Your 2010 self just slapped you in the face in 2023! :D
6 – “related to data that are manifestly made public by the individual” – Just like the World Economic Forum, which urges its “self-appointed leaders” to make “good use” of current and planned future EU mass data collections. (https://www.weforum.org/agenda/2023/04/earth-data-for-better-business-and-community-outcomes/).

Not sure that our managed infrastructure offer is worthy of long-term consideration? Read trough this series! Decide after you compare RISK + IMPACT versus COST.

Related Posts