So this happened (Warning: 1st clickthrough opens newsletter subscription window, 2nd clickthrough works, if you accept cookies):
Agencies shall, to the extent consistent with applicable law, ensure that their privacy policies exclude persons who are not United States citizens or lawful permanent residents from the protections of the Privacy Act regarding personally identifiable information.
This basically destroys all legal groundwork necessary for the Privacy Shield to stand on. Privacy Shield is supposed to be the legal framework that enables US companies to process personally identifiable information (PII) of European Citizens in the US.
Privacy Shield replaces for the Safe Harbor Agreement, which has been challenged in court and found inadequate. As a replacement, it is already being found inadequate by many parties, and is being challenged in court again once it becomes active. With the current situation, the viability of the agreement is being weakened even more.
The WSJ reports Trump Executive Order Jeopardizes U.S.-EU Data Pact, Lawfare is also kind of undecided, and EU Observer reports Trump’s anti-privacy order stirs EU angst and quotes
“I need to be reassured that Privacy Shield can remain”, EU justice commissioner Vera Jourova told EUobserver on Friday (27 January) in Malta.
At Papers Please the outlook is less undecided, obviously: “Trump repudiates agreement with EU on PNR data”, and so is diginomica: “Privacy Shield’s wooly thinking just unraveled thanks to President Trump”.
On the other hand, Forbes speaks about “The Anti-Business Implications Of Trump’s Xenophobic Privacy Policies” and the relatively sober National Law Review advises companies:
Recommendation: Companies relying on the Privacy Shield framework as their data transfer mechanism should consider having a “back up” data transfer mechanism for key contracts, such as Standard Contractual Clauses (“Model Clauses”) or Binding Corporate Rules (“BCRs”), in the event the Privacy Shield framework is invalidated. However, given the validity of Model Clauses is being challenged in the Irish High Court, they may not be a perfect solution.
This is Lawyerspeak for GTFO.
So if you are running your shit on US soil, or in a US companies cloud, you should have implemented a backup solution last Friday. Yes, that is your shit on Amazon, GCE or Azure or anything else that’s not European.