The prospect of getting legal redress in the United States is also an iffy proposition. "Republican insistence on exceptions for what they see as U.S. national security interests could complicate compliance even further," the Chicago Tribune points out. "Republican senators are looking to insert a provision that would oblige the Attorney General to certify whether a country whose citizens will have redress don't have policies that endanger U.S. national security."
Not to mention that "we all know how good the NSA is at hiding what it's actually doing from oversight bodies,"TechDirt writes. "[By] focusing the agreement on how to allow data transfers without actually tackling how to stop mass surveillance is inevitably a fake solution."
Several privacy groups have called on the United States to improve its privacy laws to match those in Europe. "The problem is that the U.S. remains unchanged," said Marc Rotenberg, president of the Electronic Privacy Information Center.
Max Schrems, whose complaints about Facebook's handling of personal data ultimately brought down Safe Harbor, was skeptical Privacy Shield would withstand legal challenge: "The [European] Court has explicitly held that any generalized access to such data violates the fundamental rights of EU citizens. [And] the Commissioner herself has said this form of surveillance continues to take place in the US."
European data protection authorities also have doubts about Privacy Shield. "We have concerns, in particular with the scope of the surveillance and the remedies," said Isabelle Falque-Pierrotin, France's privacy chief.
Ultimately, EU-US Privacy Shield is what Computerworld calls a win-win in diplomatic terms: "The EU gets a solemn promise of privacy protections, which its voters want. And the U.S. gets no delays in data transfers, which U.S. companies want."
It remains to be seen whether European privacy advocates -- and courts -- will be content with a lose-win in reality.
Sign up for CIO Asia eNewsletters.