New EU Rules To Curb Transfer of European Data To the U.S.

← Back to Stories (view on slashdot.org)

New EU Rules To Curb Transfer of European Data To the U.S.

Posted by Soulskill on Friday October 18, 2013 @09:52AM from the international-snowden-fallout dept.

dryriver points out a report at The Guardian about new regulations in the European Union that are intended to protect data from foreign government agencies like the NSA. Quoting: "New European rules aimed at curbing questionable transfers of data from E.U. countries to the U.S. are being finalized in Brussels in the first concrete reaction to the Edward Snowden disclosures on U.S. and British mass surveillance of digital communications. Regulations on European data protection standards are expected to pass the European parliament committee stage on Monday after the various political groupings agreed on a new compromise draft following two years of gridlock on the issue. The draft would make it harder for the big U.S. internet servers and social media providers to transfer European data to third countries, subject them to E.U. law rather than secret American court orders, and authorize swingeing fines possibly running into the billions for the first time for not complying with the new rules. ... The current rules are easily sidestepped by the big Silicon Valley companies, Brussels argues. The new rules, if agreed, would ban the transfer of data unless based on E.U. law or under a new transatlantic pact with the Americans complying with E.U. law. ... The proposed ban has been revived directly as a result of the uproar over operations by the U.S.'s National Security Agency."

60 comments

Min score:

Reason:

Sort:

Ohgodohgodohgod by Anonymous Coward · 2013-10-18 09:54 · Score: 1

Slashdot is about to SHUT DOWN get ready people this is it... THIS IS TEH SLAPOCALYPSE!!!!!!!!!!!!!!!!
1. Re:Ohgodohgodohgod by currently_awake · 2013-10-18 14:12 · Score: 3, Insightful
  
  telling a network tech to choose between a fine for the company (EU) or going to prison (USA) is not going to help.
how silly.. by Anonymous Coward · 2013-10-18 09:56 · Score: 0

don't they realize the nsa and cia have european-based operations, too?
1. Re:how silly.. by icebike · 2013-10-18 11:26 · Score: 4, Interesting
  
  don't they realize the nsa and cia have european-based operations, too?
  Actually they do, the story specifically states:
  
  But the proposed rules remain riddled with loopholes for intelligence services to exploit, MEPs admit.
  The EU has no powers over national or European security, for example, nor its own proper intelligence or security services, which are jealously guarded national prerogatives. National security can be and is invoked to ignore and bypass EU rules.
  "This regulation does not regulate the work of intelligence services," said Albrecht. "Of course, national security is a huge loophole and we need to close it. But we can't close it with this regulation."
  So nothing will be solved here, the data will simply flow in the reverse direction and national security agencies of the EU will be filtering EU users data and sending it on to the NSA, and the NSA will do the same for data from the rest of the world.
  New Boss, same as the Old Boss.
  All the Big players will build (or already have) data centers in the EU, and all that they really lose is redundancy in their data backup. But there will be no less spying, it will actually increase the number of national agencies rooting through your data.
  This effort is all for show, as well as smaller players using the whole NSA flap to leverage their position. But even this won't work for them because the EU customers want to have their Facebook and Google and their Twitter just as much and anyone else. So the same big players will establish or beef up their data-centers, and succumb to will of the various member states.
  But hey, lets bitch-slap those goddamed Americans quick and get the infrastructure and employment back in our countries and under our control before anyone figures this out.
  Who will step up and be the European Snowden?
  
  --
  Sig Battery depleted. Reverting to safe mode.
2. Re:how silly.. by Anonymous Coward · 2013-10-18 12:04 · Score: 5, Informative
  
  Not really. I'm afraid you interpreted that statement in a very "american" way. European (*) intelligence agencies aren't saints, but they are definitely subjected to far more oversight than the NSA, and no, they don't do the same. Even if they wanted, they couldn't because they don't have sufficient budgets.
  Obviously data protection rules do not apply to intelligence services, but this doesn't mean that a european intelligence agency can ask a company to give in all its users' data, as it happily happens in the US. In europe they need a court warrant for that, no matter whether it's national security or not. And they cannot share bulk data with the NSA, but only data strictly related to military or terrorist threats. The fact that the EU data protection regulation doesn't apply to intelligence services simply means that once data get (legally) gathered by an intelligence agency, users cannot ask for "the right to be forgotten" or other data protection rights.
  (*) I don't include the UK and the GHCQ in what I call "europe". The first is just an american protectorate, the second an NSA's subsidiary. If any british reader feels offended, I don't care. As a european citizen, I'm waiting for them to get out of the EU, fast.
3. Re:how silly.. by Anonymous Coward · 2013-10-18 14:35 · Score: 1
  
  These guys are probably not true Scotsmen^WEuropeans either.
  And we've yet to see what else those leaks hold about other countries - next batch is about France and Spain, let's see what they have to say about them.
4. Re:how silly.. by G-forze · 2013-10-18 18:05 · Score: 1
  
  Nor are these guys.
  
  --
  "There's someone in my head but it's not me." - Pink Floyd, Dark Side of the Moon
5. Re:how silly.. by Anonymous Coward · 2013-10-18 21:06 · Score: 0
  
  totally agree, it will be a pointless law to make people feel better
6. Re:how silly.. by Anonymous Coward · 2013-10-19 02:41 · Score: 0
  
  ...and the two articles you linked are supposed to prove that Germany or Sweden do the same as the NSA? Really?
  The first is an article about the opinions of some lawyers who compared the intelligence laws in US and Germany, and say that they are not that different. Fine. Small problem: the NSA has clearly violated the american laws. Programs like PRISM or XKeyScore are clearly and blatantly illegal. If american laws had been respected, then there would be no NSA scandal at all. The Patriot Act creator himself said that his law wasn't supposed to authorize what the NSA is doing. If americans don't rally in the streets against NSA's blatantly illegal actions, that's not my problem. Maybe they are ok with that, after all there are so many funny reality shows on TV...
  The second article simply has nothing to do with the NSA, it is about a local wiretapping scandal. Where's the mass surveillance?
  When you find some articles saying (and documenting) that a european (not british) intelligence agency is collecting ALL the communications coming out from submarine cables, and has access to ALL the databases of ALL the telecommunications companies in its country, as the NSA does, then you'll be able to prove that europe is no different from the US.
  As the things stand now, budget figures alone prove the opposite: the NSA is more funded than all the european intelligence agencies put together. Even if they wanted to to the same despite the laws, they simply couldn't.
7. Re:how silly.. by AlphaWolf_HK · 2013-10-19 07:36 · Score: 1
  
  That is really neither here nor there. This law won't protect Europeans' data any more than it already is (or isn't,) and I'm pretty sure that they're well aware of that.
  I think the purpose for this is mainly an economic one: They want to require IT that services be hosted within their own borders, which they probably believe will encourage job growth. However I think that it will just end up being like a tariff, and the result will be that Europeans will pay up the ass for data warehousing compared to the rest of the world, while gaining nothing in return.
  This could have a few other implications as well; namely, that companies who provide these services will only operate in Europe unofficially. Think how mega.co.nz operates out of New Zealand and therefore doesn't have to follow any US laws, meanwhile it contracts with firms all over the world (including the US) for storage and co-hosting. A side effect of that is that they don't have to pay European taxes or have to bother with any European laws at all for that matter.
  The road to hell is paved with good intentions. I think a better approach would be to require mega style encryption among all providers - that is, only the end users hold the keys to their data. Of course, that would make it so that Europe couldn't surveil its own citizens like the NSA, and they don't want that.
  
  --
  Careful with names containing L slashdot.org/~AiphaWolf_HK slashdot.org/~AlphaWoif_HK slashdot.org/~AiphaWoif_HK
Excellent by CaptainOfSpray · 2013-10-18 09:57 · Score: 3, Funny

I'm delighted.
Pity they couldn't ban GCHQ from reading any of it.

--
"Cock Up Your Beaver" does not mean what you think. This sig is intended to clog filters and annoy do-gooders
1. Re: Excellent by tolkienfan · 2013-10-18 10:04 · Score: 3, Interesting
  
  Bingo. This looks promising but GHCQ does the NSAs dirty work and vice versa. And nothing except US limiting the NSA will stop the NSA from using exploits to get the data anyway.
2. Re: Excellent by Anonymous Coward · 2013-10-18 11:31 · Score: 0
  
  Read the fine print. There are specific exceptions for any data deemed to be a threat to national security. This law will not hamper the US or any other countries intelligence services from getting the data. It's just another BS piece of paper that gives the EU the ability to generate revenue since they sure as hell can't contribute any thing useful that anyone would actually pay for in terms of technology or services. As a bonus they give the impression that they are protecting the people from intrusive information gathering. Why do you think almost every country in the EU denied airspace to Bolivia's president because they thought Snowden was on board. They know they are all in deep when it comes to sharing data with the NSA. Can't really stand up and preach against the NSA data collection when you are doing the same damn thing now can you?
3. Re: Excellent by icebike · 2013-10-18 11:38 · Score: 2
  
  Don't forget the Bundesnachrichtendienst. Or the DGSE the DCRI, the CESIS, and 10 or more others.
  The truth is, there will be no difference, EU data can't be protected from EU intelligence services, and
  their partnerships and agreements with each other and with the NSA.
  In fact, having to convince a US judge to issue a warrant for a EU government to Google, Facebook, Amazon, or any of the other
  big players was probably a significant expense and impediment to EU police.
  Tell you what, The EU can host all US data, and the US can host all EU data.
  Requiring some local US sheriff to reach all the way to Brussels in order to sniff US email might be reduce abuse significantly. And Vise-Versa.
  
  --
  Sig Battery depleted. Reverting to safe mode.
4. Re: Excellent by AmiMoJo · 2013-10-19 05:21 · Score: 1
  
  Sure, but the key difference is that GCHQ is subject to EU laws and the European courts. There are already private legal challenges under way and the EU is considering what action to take. On the other hand the EU can't regulate the NSA at all.
  
  --
  const int one = 65536; (Silvermoon, Texture.cs)
  SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
And when they get caught there, they get sent by Anonymous Coward · 2013-10-18 10:05 · Score: 0

to East Germany...
Or somewhere else with really fun jails.
1. Re:And when they get caught there, they get sent by icebike · 2013-10-18 11:29 · Score: 2
  
  Wow. A post straight out of 1988.
  
  --
  Sig Battery depleted. Reverting to safe mode.
They might... by Anonymous Coward · 2013-10-18 10:08 · Score: 0

After all they could be accused of being the UK arm of the NSA... :)
Not going to make much difference by Anonymous Coward · 2013-10-18 10:15 · Score: 0

There are already clauses in cloud email services for example that the user agrees that data may be transferred outside EU and to all third parties and nothing can be expected to be private. It will just be one more line in the EULA and change absolutely nothing.
1. Re:Not going to make much difference by Anonymous Coward · 2013-10-18 10:39 · Score: 5, Informative
  
  It sounds like the EU is outlawing these clauses. I don't know about the US, but here (Brussels) a clause in a contract is invalid if it is illegal.
2. Re:Not going to make much difference by gl4ss · 2013-10-18 19:51 · Score: 2
  
  There are already clauses in cloud email services for example that the user agrees that data may be transferred outside EU and to all third parties and nothing can be expected to be private. It will just be one more line in the EULA and change absolutely nothing.
  
  those clauses get invalidated then. because that's how law works. if you got get around everything by putting it in a contract.. why would any company adhere to any consumer protection laws?
  
  --
  world was created 5 seconds before this post as it is.
What this means by Anonymous Coward · 2013-10-18 10:25 · Score: 1

Expect more datacenters on European soil. This addresses the problem of bulk data transfer and storage.
In other words, the analytics will only get better.
1. Re:What this means by Anonymous Coward · 2013-10-18 13:18 · Score: 1
  
  ...is a gradual loss of US competitiveness. As it now appears, US government is the worst violator my privacy interests. Therefore as (human rights) self defense I will be looking every purchase through the US / non-US lens, probably ad infinitum. Of course, I will actively avoid paying a penny that would later be used for financing the NSA budget - you'd do the same. And I know I'm not the only one. As an EU citizen I think its very sad it has come to this - I really liked USA for a long time.
The logical conclusion follows by Anonymous Coward · 2013-10-18 10:51 · Score: 0

And so it begins...
Then again, these people did invent the word "Balkanization."
1. Re:The logical conclusion follows by Anonymous Coward · 2013-10-18 11:34 · Score: 0
  
  And so it begins...
  Then again, these people did invent the word "Balkanisation."
  FTFY. Please, it's bad enough that you people allow proper nouns in Scrabble without throwing ten-pointers around with such reckless abandon.
2. Re:The logical conclusion follows by Anonymous Coward · 2013-10-18 19:58 · Score: 0
  
  and the usa claimed to be the defender of freedom of the internet
Meaningless... by CrimsonAvenger · 2013-10-18 10:53 · Score: 1

So, they're going to make US Internet companies subject to EU laws rather than American laws?
Somehow, I don't think that's going to work as well as they (pretend to) think it will....

--

"I do not agree with what you say, but I will defend to the death your right to say it"
1. Re:Meaningless... by Anonymous Coward · 2013-10-18 11:12 · Score: 0
  
  The US seems to be pretty good at getting everyone else to be subject to US "laws". Is that something that the EU cannot also do?
2. Re:Meaningless... by newcastlejon · 2013-10-18 11:36 · Score: 2
  
  So, they're going to make US Internet companies subject to EU laws rather than American laws?
  Somehow, I don't think that's going to work as well as they (pretend to) think it will....
  Why not, when so many companies have their "headquarters" in some EU tax haven?
  
  --
  If God forks the Universe every time you roll a die, he'd better have a damned good memory.
3. Re:Meaningless... by Anonymous Coward · 2013-10-18 11:51 · Score: 0
  
  No. Since the EU is nothing but a semi-protectorate of the US that depends on US airpower and seapower to advance its foreign policy. Everyone else follows US law because if they don't they'll be killed. Go to google and search for super-carrier and you'll learn more.
4. Re:Meaningless... by Anonymous Coward · 2013-10-18 12:34 · Score: 0
  
  That post (as questionable as it is, sounds like some crap from prisonplanet) hasn't stopped them trying
  http://www.breakingnews.ie/world/europe-threatens-us-with-sanctions-over-spying-claims-599035.html
5. Re:Meaningless... by Tom · 2013-10-18 12:52 · Score: 1
  
  You are living in a fantasy world. You think there is such a thing as a "US company". You really think those companies have the slightest bit of patriotism? Most of them already route most of their profits through some tax haven in order to not pay a dime more in taxes in the US than they absolutely have to.
  
  --
  Assorted stuff I do sometimes: Lemuria.org
6. Re:Meaningless... by manu0601 · 2013-10-18 14:09 · Score: 1
  
  A US company is a company whose leaders are reachable by US courts, and will therefore comply to anything requested by the US, otherwise they go to jail.
7. Re:Meaningless... by gl4ss · 2013-10-18 19:41 · Score: 2
  
  are you implying that they'll just take up and leave from the EU?
  that might be swell. we would finally get a new search competitor.
  
  --
  world was created 5 seconds before this post as it is.
8. Re:Meaningless... by Anonymous Coward · 2013-10-18 20:08 · Score: 0
  
  Ha ha you would defeat us in a war true but youd have fuck all of quality left to oppress the rest of the world with
9. Re:Meaningless... by Tom · 2013-10-18 21:37 · Score: 1
  
  Again, you are deluded. The 0.1% have already reached what many of us dream of: True international citizenship. They have homes, offices and wealth wherever they want. Right now, the US is attractive to many of them due to excellent infrastructure, security, health care (they can afford it) and so on.
  But look to Europe. Tons of celebrities have their official homes in Monaco, for tax reasons. Same thing as with companies, just on a personal level.
  If the US were to change its laws in any dramatic way that pisses the money elite off, half of them would be officially or actually living somewhere else within the month.
  
  --
  Assorted stuff I do sometimes: Lemuria.org
10. Re:Meaningless... by manu0601 · 2013-10-18 22:57 · Score: 1
  
  I am not sure even a rich person wants to live with many territories, waters and airspace forbidden because of the risk of being arrested. Look at Edward Snowden, trapped in Russia even while he has support from three Latin America nations, and is backed by the powerful fund-gathering Wikileaks (they even proposed him a private jet!)
11. Re:Meaningless... by Tom · 2013-10-19 02:25 · Score: 1
  
  Of course not, comfort means everything to those people.
  But that, exactly, is the point: It's not patriotism. It's about personal well-being.
  
  --
  Assorted stuff I do sometimes: Lemuria.org
12. Re:Meaningless... by manu0601 · 2013-10-19 04:41 · Score: 1
  
  Which means law can constrain them, it just has to make compliance less painful than resistance.
Meanwhile, SWIFT is still in full effect by Anonymous Coward · 2013-10-18 10:54 · Score: 0

This doesn't mean anything, really.
never let a good crisis go to waste by mjwalshe · 2013-10-18 10:55 · Score: 0

This is more about Hitting back at US companies like Google and Facebook
Data Protectionism by TheSync · 2013-10-18 11:12 · Score: 1

Oh great, now that we finally are getting seeing the light at the end of the tunnel for protectionism of trade in goods, now we are going to have protectionism for data!
Do you think the US will retaliate and force data on US citizens to not be stored in Europe?
1. Re:Data Protectionism by johanw · 2013-10-18 11:30 · Score: 1
  
  Who cares wether US data is stored in Europe? The other way aroundis much more dangerous.
  I hope this law will give rise to morecompanies who will refuse to have any representation in the US because it can lead to expensive fines. Perhaps, in time, the US will start to listen to others when their economy crumbles even more and they go down the way any empire has in time.
2. Re:Data Protectionism by Anonymous Coward · 2013-10-18 12:26 · Score: 0
  
  And how do you expect Facebook to comply with the EU? Facebook will just give the EU the middle finger on ANY law they come up with, or are we talking about the great firewall of Europe where Facebook, Google etc are blocked and state approved alternatives are hosted, or even better, have google.com redirect to a European run Google clone (by the government or EU corporation) that has nada nothing to do with the original Google.
  This would lead on to the argument of copyright, in which case, EU could go their own way with that as well. e,g China's Disneyland clone.
3. Re:Data Protectionism by rtb61 · 2013-10-18 12:45 · Score: 1
  
  Retaliate? I don't think you have the right idea about the right to privacy, it wouldn't be retaliation, it would be a reasonable law. Time to lock down and even ban the trade in private data.
  
  --
  Chaos - everything, everywhere, everywhen
4. Re:Data Protectionism by PPH · 2013-10-18 15:01 · Score: 4, Interesting
  
  Facebook and Google will just form European subsidiaries and separate them from the operations of the US entity to a degree necessary to satisfy EU law. That may eventually mean multiple independent subsidiaries and a parent holding company offshore someplace beyond US intelligence and law enforcement data sharing laws. Only the US subsidiary would have to comply and EU citizens would be directed to sites compliant with their own privacy laws.
  
  --
  Have gnu, will travel.
5. Re:Data Protectionism by Anonymous Coward · 2013-10-18 19:18 · Score: 0
  
  Time for the USA to file a WTO complaint. The WTO will agree and the EU will face sanctions unless those protectionist rules are repealed.
6. Re:Data Protectionism by Anonymous Coward · 2013-10-19 00:12 · Score: 0
  
  And even then, you will still get the EU wondering about secret data sharing deals with their USA counterparts, even I wonder about it myself.
  But you're probably right, EU politicians are not known for their intelligence, look at the cookie law for example.
7. Re:Data Protectionism by Anonymous Coward · 2013-10-19 00:23 · Score: 0
  
  Don't make me laugh.
  Europe don't care about the USA's only exports, movies, music and of course, weapons of mass destruction.
8. Re:Data Protectionism by tomtomtom · 2013-10-19 05:25 · Score: 1
  
  And how do you expect Facebook to comply with the EU?
  Mostly because they make significant profits from EU-based customers. The EU can easily cut off their access to EU-originated revenues, which is what FB, Google etc really care about. The users are the product, not the customer remember - and this is one of the very very few instances when this can work in users' favour.
Re:Awful Exchange Rate by Anonymous Coward · 2013-10-18 11:18 · Score: 0

The strength of money isn't necessarily represented by it's exchange rate. It's represented by the change in the exchange rate over time. Now, I do acknowledge that the Euro started with a valuation of 1 to 1 with the U.S. dollar when it was created. However, because most money is measured against the dollar it's just as accurate to say the Euro has deflated against the dollar as it is to say the dollar has inflated.
Meanwhile... by Anonymous Coward · 2013-10-18 11:31 · Score: 0

Here's a list of countries that are considered to have an adequate level of protection...
Andorra, Argentina, Canada, Faroe Island, Guernsey, Isle of Man, Israel, Jersey, New Zealand, Switzerland, Uruguay
The Mouse that Roared by ISoldat53 · 2013-10-18 11:34 · Score: 1, Insightful

The EU better be careful or Wall Street will get mad.
1. Re:The Mouse that Roared by Anonymous Coward · 2013-10-18 12:40 · Score: 1
  
  Europe probably don't give a flying fuck what Wall Street think, at all.
2. Re:The Mouse that Roared by Anonymous Coward · 2013-10-18 15:41 · Score: 1
  
  WHAHAHAHAHA....
  like wallstreet even matters to the world anymore... (Psst, wallstreet isn't real to 95% of the world)
Useless by the+eric+conspiracy · 2013-10-18 13:21 · Score: 1

There are all sorts of cooperation treaties between EU and the US. All will happen is more stuff will move into organizations like NATO.
Microsoft and Nokia by Anonymous Coward · 2013-10-18 18:07 · Score: 0

The dubious Windows Phone deal Nokia did always sounded a bit like NSA wanting to get control of the last big mobile phone manufacturer which wasn't on a conveniently eavesdroppable OS. Anyone remember Microsoft's Skype purchase?
Does the US still get my cc info if I fly near? by Anonymous Coward · 2013-10-19 13:53 · Score: 0

Right now if I fly from anywhere in the EU to anywhere near the US then my personal data, including my name dob and credit card information, gets sent to the US.
Does this mean that this stupidity will cease? So, I can fly from the EU to Toronto (without stopping on US controlled land or flying over the US) and not have to submit my private information to the US in the name of terrorism?