Trust isn't really the point. The Safe Harbour scheme is what makes it lawful for European businesses to use US services to process personal data about their customers. Without Safe Harbour, any European business that did this without explicit consent from users would be at risk of legal action under the usual data protection legislation. A few activist lawsuits and/or formal action by national data protection regulators would make things like using US-based SaaS or processing payments with services like Stripe a complete no-no. It would also put multinationals with any US element, such as Google and Microsoft, in a difficult position, because even if their formal in-house policy is to keep all such data exclusively within the EEA, EU data protection laws can then conflict with US disclosure requirements.
The article makes it seem like this is a new concern, but in reality this has been on the radar of European businesses concerned about privacy and personal data since at least the initial Snowden revelations that rendered the polite assumption that US companies could actually meet their obligations under Safe Harbour no longer credible. Everyone is just hoping that the obvious economic damage from preventing this kind of trade will be so dangerous that either the US government will back down (highly unlikely) or the European authorities will cave and pragmatically overlook obviously illegal (and rightly so, if you're on the privacy side of the debate) data sharing.
Note that there is no general exception to the European data protection rules permitting disclosure of personal data outside the EEA upon request by foreign authorities under their own laws[1]. Specific international agreements have been created to cover specific cases like PNRs for people travelling abroad. So arguing that the US Safe Harbour scheme is still OK because it's only the US government breaking the rules for its own official purposes has no weight in EU law.
The article makes it seem like this is a new concern, but in reality this has been on the radar of European businesses concerned about privacy and personal data since at least the initial Snowden revelations that rendered the polite assumption that US companies could actually meet their obligations under Safe Harbour no longer credible. Everyone is just hoping that the obvious economic damage from preventing this kind of trade will be so dangerous that either the US government will back down (highly unlikely) or the European authorities will cave and pragmatically overlook obviously illegal (and rightly so, if you're on the privacy side of the debate) data sharing.
Note that there is no general exception to the European data protection rules permitting disclosure of personal data outside the EEA upon request by foreign authorities under their own laws[1]. Specific international agreements have been created to cover specific cases like PNRs for people travelling abroad. So arguing that the US Safe Harbour scheme is still OK because it's only the US government breaking the rules for its own official purposes has no weight in EU law.
[1] https://ico.org.uk/for-organisations/guide-to-data-protectio...