Privacy Shield just born already dead

The new move coming form the other side of the Ocean (and yes I mean USA) is aligned with Mr. Trump approach to international agreements.

After Paris climate agreement Donald Trump presidency is shining again in its confrontation with old europe.

The target now is the Privacy Shield Agreement, the agreement that has been reached between USA and EU in order to protect the privacy of EU citizen whose data are collected by USA company.

It should not comes out as a surprise, historically the to side of the ocean have had a deep different approach to personal data protection.

Now accordingly to section 14 of the just signed Trump’s executive order “Executive Order on Public Safety”, USA law enforcement agencies have to explicitly strip out from their privacy policies all non US citizen and Resident.

In other words no protection is assured to the data associated to EU citizen stored in USA datacenters.

Under the Privacy Shield, EU citizens have rights to redress – including judicial redress – for improper disclosure of their data. The Judicial Redress Act (JRA) of 2015, which extended to EU citizens the protections of the Privacy Act of 1974, was critical to European acceptance of the Privacy Shield.

Last month, with a stroke of the pen that could unsettle EU privacy watchdogs, President Trump issued an executive order directing that federal agencies craft their privacy policies to exclude non-US citizens from Privacy Act protections.

This clearly broke the Privacy Shield agreement. For the few of you that remember the story this agreement comes out after the crashing of the previous SafeHarbour agreement.

Safe Harbour was declared ineffective by european supreme court of justice after the Prism activity form USA government was exposed. Now while europe is moving towards GDPR adoption and a strict set of rules in order to protect the privacy of EU citizen and resident, USA has loosen once again the rules exposing, as a matter of fact, EU citizen’s data to risk.

Considering the amount of data (from Facebook to Google, from Microsoft to Apple) that are under this protection act the magnitude of this is enormous, basically this unilateral USA decision put at stake most of the digital economy.

And just to be clear Privacy Shield was not perfect even from an European point of view: in September, an advocacy group known as Digital Rights Ireland asked the second highest European Court to annul the agreement on the grounds that it doesn’t provide enough privacy protection for EU data. Shortly thereafter, a French civil liberties group filed a similar suit. So the new Trump’s administration moves hardly will encounter an easy acceptance in EU.

Now to be fair the impact of the new Executive Order against the Privacy Shield is not clear, someone in Trump administration is suggesting that eventual access to EU citizen data would be not due to mass surveillance and therefore the agreement is not in jeopardy, but considering precedents and the current relationships between USA and EU those sound more like empty words to address the internal USA electoral base (see us EU fault, we’re doing right) than a clear and honest analysis.

Some legal experts, however, have downplayed that concern by pointing out that the order seems to include an exception for Privacy Shield. But given the recent skittishness of European regulators about U.S. surveillance, calls are mounting for the White House to publicly reassure Europeans the order doesn’t affect their data.

We will see what will happen.

For sure the distance between USA and EU have not been bigger, and at the moment (but i am in the EU side) we are in the side for protect our planet from climate change, protect privacy and freedom of citizen from unwanted access.


Dataprotection #EU-U.S. #Privacy Shield  #TrumpPrivacyAct #GDPR


var aid = '6055',
    v = 'qGrn%2BlT8rPs5CstTgaa8EA%3D%3D',
    credomain = '',
    ru = '';

Privacy Shield just born already dead was originally published on The Puchi Herald Magazine

hit by “wannacry” (may be you deserve it) …


Again a ransomware outbreak on the news.

May I say I am not surprised at all?

And may I say that the media coverage has been ridiculous and instead of presenting the event as something that should highlight the incompetent behaviour of managers targeted by this issue they claims about “cyberattack” which is a completely different thing.

And yet people asking why? how come? how this can be possible? again really?

We know that CyberSecurity is always a side though from most of the management no matter where. The proof, beside the claims from CEO, IT Managers and generally speaking CxO, is always there, on the data of the malware spreading.

Today is wannacry (wannacryptor or whatever you want to call it), tomorrow will be something else.


But for once let us try to be serious on those stuff….

First dig it a little on the specific here:

not ask ourselves a few questions.

Why Ransomware Strike?

ransomware are becoming increasingly common. The spread is due to 3 main reasons:

  1. a ransomware is a damn easy peace of code to write, because it leverage the read, write and modify rights to access files so does need any Rocket Science behind to make damage.
  2. the cryptocurrency gave to ransomware what was needed, the possibility to monetize the attack in a fairly secure way. Before bitcoin and co was quite difficult to make money transfers without being caught…
  3. the security level of the IT in the world is still at the caveman age surrounded and filled by incompetence and a great deal of stupidity.

Let us be clear, the patch to close the vulnerability used by this last piece of ransomware was available since a few… but it is quite interesting to notice how, as of now, patching is still considered a minor activity in many IT infrastructures.

Who is responsible of this situation? Of course of a higher management blind and irresponsible that does not even think for a moment (till it is too late) that nowadays we all depend of our digital infrastructure.

the infection start with a mail or a usb infected key…. really?

How long we will avoid to train properly our workforce to teach them how to deal with email and attachment?

the infection leveraged a vulnerability on windows that were already covered by a patch from Microsoft… really?

How long we will consider patching the systems a useless activity or, at least, a minor one?

Sad truth sometimes would be easy to protect from those outbreak just simply implementing a minimum sound IT system, good backup policies, good patch management and … but we are telling those things since the very beginning of time.

The whole point is that till we will not manage the security aspects of our digital infrastructure in a serious and comprehensive way we will be exposed to this spread of junk again and again. And the more we rely on computers and digital infrastructure the more we will become targets.

So when you ask yourself who is to blame for this or other outbreaks, who is behind this worldwide attack?


Blame our stupidity.

Next could be worse.



var aid = '6055',
    v = 'qGrn%2BlT8rPs5CstTgaa8EA%3D%3D',
    credomain = '',
    ru = '';

hit by “wannacry” (may be you deserve it) … was originally published on The Puchi Herald Magazine