Slashdot Mirror

← Back to Stories (view on slashdot.org)

New EU Rules To Curb Transfer of European Data To the U.S.

Posted by Soulskill on from the international-snowden-fallout dept.

dryriver points out a report at The Guardian about new regulations in the European Union that are intended to protect data from foreign government agencies like the NSA. Quoting: "New European rules aimed at curbing questionable transfers of data from E.U. countries to the U.S. are being finalized in Brussels in the first concrete reaction to the Edward Snowden disclosures on U.S. and British mass surveillance of digital communications. Regulations on European data protection standards are expected to pass the European parliament committee stage on Monday after the various political groupings agreed on a new compromise draft following two years of gridlock on the issue. The draft would make it harder for the big U.S. internet servers and social media providers to transfer European data to third countries, subject them to E.U. law rather than secret American court orders, and authorize swingeing fines possibly running into the billions for the first time for not complying with the new rules. ... The current rules are easily sidestepped by the big Silicon Valley companies, Brussels argues. The new rules, if agreed, would ban the transfer of data unless based on E.U. law or under a new transatlantic pact with the Americans complying with E.U. law. ... The proposed ban has been revived directly as a result of the uproar over operations by the U.S.'s National Security Agency."

34 of 60 comments (clear)

  1. Ohgodohgodohgod by Anonymous Coward · · Score: 1

    Slashdot is about to SHUT DOWN get ready people this is it... THIS IS TEH SLAPOCALYPSE!!!!!!!!!!!!!!!!

    1. Re:Ohgodohgodohgod by currently_awake · · Score: 3, Insightful

      telling a network tech to choose between a fine for the company (EU) or going to prison (USA) is not going to help.

  2. Excellent by CaptainOfSpray · · Score: 3, Funny

    I'm delighted.
    Pity they couldn't ban GCHQ from reading any of it.

    --
    "Cock Up Your Beaver" does not mean what you think. This sig is intended to clog filters and annoy do-gooders
    1. Re: Excellent by tolkienfan · · Score: 3, Interesting

      Bingo. This looks promising but GHCQ does the NSAs dirty work and vice versa. And nothing except US limiting the NSA will stop the NSA from using exploits to get the data anyway.

    2. Re: Excellent by icebike · · Score: 2

      Don't forget the Bundesnachrichtendienst. Or the DGSE the DCRI, the CESIS, and 10 or more others.

      The truth is, there will be no difference, EU data can't be protected from EU intelligence services, and
      their partnerships and agreements with each other and with the NSA.

      In fact, having to convince a US judge to issue a warrant for a EU government to Google, Facebook, Amazon, or any of the other
      big players was probably a significant expense and impediment to EU police.

      Tell you what, The EU can host all US data, and the US can host all EU data.
      Requiring some local US sheriff to reach all the way to Brussels in order to sniff US email might be reduce abuse significantly. And Vise-Versa.

      --
      Sig Battery depleted. Reverting to safe mode.
    3. Re: Excellent by AmiMoJo · · Score: 1

      Sure, but the key difference is that GCHQ is subject to EU laws and the European courts. There are already private legal challenges under way and the EU is considering what action to take. On the other hand the EU can't regulate the NSA at all.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
  3. What this means by Anonymous Coward · · Score: 1

    Expect more datacenters on European soil. This addresses the problem of bulk data transfer and storage.

    In other words, the analytics will only get better.

    1. Re:What this means by Anonymous Coward · · Score: 1

      ...is a gradual loss of US competitiveness. As it now appears, US government is the worst violator my privacy interests. Therefore as (human rights) self defense I will be looking every purchase through the US / non-US lens, probably ad infinitum. Of course, I will actively avoid paying a penny that would later be used for financing the NSA budget - you'd do the same. And I know I'm not the only one. As an EU citizen I think its very sad it has come to this - I really liked USA for a long time.

  4. Re:Not going to make much difference by Anonymous Coward · · Score: 5, Informative

    It sounds like the EU is outlawing these clauses. I don't know about the US, but here (Brussels) a clause in a contract is invalid if it is illegal.

  5. Meaningless... by CrimsonAvenger · · Score: 1

    So, they're going to make US Internet companies subject to EU laws rather than American laws?

    Somehow, I don't think that's going to work as well as they (pretend to) think it will....

    --

    "I do not agree with what you say, but I will defend to the death your right to say it"
    1. Re:Meaningless... by newcastlejon · · Score: 2

      So, they're going to make US Internet companies subject to EU laws rather than American laws?

      Somehow, I don't think that's going to work as well as they (pretend to) think it will....

      Why not, when so many companies have their "headquarters" in some EU tax haven?

      --
      If God forks the Universe every time you roll a die, he'd better have a damned good memory.
    2. Re:Meaningless... by Tom · · Score: 1

      You are living in a fantasy world. You think there is such a thing as a "US company". You really think those companies have the slightest bit of patriotism? Most of them already route most of their profits through some tax haven in order to not pay a dime more in taxes in the US than they absolutely have to.

      --
      Assorted stuff I do sometimes: Lemuria.org
    3. Re:Meaningless... by manu0601 · · Score: 1

      A US company is a company whose leaders are reachable by US courts, and will therefore comply to anything requested by the US, otherwise they go to jail.

    4. Re:Meaningless... by gl4ss · · Score: 2

      are you implying that they'll just take up and leave from the EU?

      that might be swell. we would finally get a new search competitor.

      --
      world was created 5 seconds before this post as it is.
    5. Re:Meaningless... by Tom · · Score: 1

      Again, you are deluded. The 0.1% have already reached what many of us dream of: True international citizenship. They have homes, offices and wealth wherever they want. Right now, the US is attractive to many of them due to excellent infrastructure, security, health care (they can afford it) and so on.

      But look to Europe. Tons of celebrities have their official homes in Monaco, for tax reasons. Same thing as with companies, just on a personal level.

      If the US were to change its laws in any dramatic way that pisses the money elite off, half of them would be officially or actually living somewhere else within the month.

      --
      Assorted stuff I do sometimes: Lemuria.org
    6. Re:Meaningless... by manu0601 · · Score: 1

      I am not sure even a rich person wants to live with many territories, waters and airspace forbidden because of the risk of being arrested. Look at Edward Snowden, trapped in Russia even while he has support from three Latin America nations, and is backed by the powerful fund-gathering Wikileaks (they even proposed him a private jet!)

    7. Re:Meaningless... by Tom · · Score: 1

      Of course not, comfort means everything to those people.

      But that, exactly, is the point: It's not patriotism. It's about personal well-being.

      --
      Assorted stuff I do sometimes: Lemuria.org
    8. Re:Meaningless... by manu0601 · · Score: 1

      Which means law can constrain them, it just has to make compliance less painful than resistance.

  6. Data Protectionism by TheSync · · Score: 1

    Oh great, now that we finally are getting seeing the light at the end of the tunnel for protectionism of trade in goods, now we are going to have protectionism for data!

    Do you think the US will retaliate and force data on US citizens to not be stored in Europe?

    1. Re:Data Protectionism by johanw · · Score: 1

      Who cares wether US data is stored in Europe? The other way aroundis much more dangerous.

      I hope this law will give rise to morecompanies who will refuse to have any representation in the US because it can lead to expensive fines. Perhaps, in time, the US will start to listen to others when their economy crumbles even more and they go down the way any empire has in time.

    2. Re:Data Protectionism by rtb61 · · Score: 1

      Retaliate? I don't think you have the right idea about the right to privacy, it wouldn't be retaliation, it would be a reasonable law. Time to lock down and even ban the trade in private data.

      --
      Chaos - everything, everywhere, everywhen
    3. Re:Data Protectionism by PPH · · Score: 4, Interesting

      Facebook and Google will just form European subsidiaries and separate them from the operations of the US entity to a degree necessary to satisfy EU law. That may eventually mean multiple independent subsidiaries and a parent holding company offshore someplace beyond US intelligence and law enforcement data sharing laws. Only the US subsidiary would have to comply and EU citizens would be directed to sites compliant with their own privacy laws.

      --
      Have gnu, will travel.
    4. Re:Data Protectionism by tomtomtom · · Score: 1

      And how do you expect Facebook to comply with the EU?

      Mostly because they make significant profits from EU-based customers. The EU can easily cut off their access to EU-originated revenues, which is what FB, Google etc really care about. The users are the product, not the customer remember - and this is one of the very very few instances when this can work in users' favour.

  7. Re:how silly.. by icebike · · Score: 4, Interesting

    don't they realize the nsa and cia have european-based operations, too?

    Actually they do, the story specifically states:

    But the proposed rules remain riddled with loopholes for intelligence services to exploit, MEPs admit.

    The EU has no powers over national or European security, for example, nor its own proper intelligence or security services, which are jealously guarded national prerogatives. National security can be and is invoked to ignore and bypass EU rules.

    "This regulation does not regulate the work of intelligence services," said Albrecht. "Of course, national security is a huge loophole and we need to close it. But we can't close it with this regulation."

    So nothing will be solved here, the data will simply flow in the reverse direction and national security agencies of the EU will be filtering EU users data and sending it on to the NSA, and the NSA will do the same for data from the rest of the world.

    New Boss, same as the Old Boss.

    All the Big players will build (or already have) data centers in the EU, and all that they really lose is redundancy in their data backup. But there will be no less spying, it will actually increase the number of national agencies rooting through your data.

    This effort is all for show, as well as smaller players using the whole NSA flap to leverage their position. But even this won't work for them because the EU customers want to have their Facebook and Google and their Twitter just as much and anyone else. So the same big players will establish or beef up their data-centers, and succumb to will of the various member states.

    But hey, lets bitch-slap those goddamed Americans quick and get the infrastructure and employment back in our countries and under our control before anyone figures this out.

    Who will step up and be the European Snowden?

    --
    Sig Battery depleted. Reverting to safe mode.
  8. Re:And when they get caught there, they get sent by icebike · · Score: 2

    Wow. A post straight out of 1988.

    --
    Sig Battery depleted. Reverting to safe mode.
  9. The Mouse that Roared by ISoldat53 · · Score: 1, Insightful

    The EU better be careful or Wall Street will get mad.

    1. Re:The Mouse that Roared by Anonymous Coward · · Score: 1

      Europe probably don't give a flying fuck what Wall Street think, at all.

    2. Re:The Mouse that Roared by Anonymous Coward · · Score: 1

      WHAHAHAHAHA....
      like wallstreet even matters to the world anymore... (Psst, wallstreet isn't real to 95% of the world)

  10. Re:how silly.. by Anonymous Coward · · Score: 5, Informative

    Not really. I'm afraid you interpreted that statement in a very "american" way. European (*) intelligence agencies aren't saints, but they are definitely subjected to far more oversight than the NSA, and no, they don't do the same. Even if they wanted, they couldn't because they don't have sufficient budgets.

    Obviously data protection rules do not apply to intelligence services, but this doesn't mean that a european intelligence agency can ask a company to give in all its users' data, as it happily happens in the US. In europe they need a court warrant for that, no matter whether it's national security or not. And they cannot share bulk data with the NSA, but only data strictly related to military or terrorist threats. The fact that the EU data protection regulation doesn't apply to intelligence services simply means that once data get (legally) gathered by an intelligence agency, users cannot ask for "the right to be forgotten" or other data protection rights.

    (*) I don't include the UK and the GHCQ in what I call "europe". The first is just an american protectorate, the second an NSA's subsidiary. If any british reader feels offended, I don't care. As a european citizen, I'm waiting for them to get out of the EU, fast.

  11. Useless by the+eric+conspiracy · · Score: 1

    There are all sorts of cooperation treaties between EU and the US. All will happen is more stuff will move into organizations like NATO.

  12. Re:how silly.. by Anonymous Coward · · Score: 1

    These guys are probably not true Scotsmen^WEuropeans either.

    And we've yet to see what else those leaks hold about other countries - next batch is about France and Spain, let's see what they have to say about them.

  13. Re:how silly.. by G-forze · · Score: 1

    Nor are these guys.

    --
    "There's someone in my head but it's not me." - Pink Floyd, Dark Side of the Moon
  14. Re:Not going to make much difference by gl4ss · · Score: 2

    There are already clauses in cloud email services for example that the user agrees that data may be transferred outside EU and to all third parties and nothing can be expected to be private. It will just be one more line in the EULA and change absolutely nothing.

    those clauses get invalidated then. because that's how law works. if you got get around everything by putting it in a contract.. why would any company adhere to any consumer protection laws?

    --
    world was created 5 seconds before this post as it is.
  15. Re:how silly.. by AlphaWolf_HK · · Score: 1

    That is really neither here nor there. This law won't protect Europeans' data any more than it already is (or isn't,) and I'm pretty sure that they're well aware of that.

    I think the purpose for this is mainly an economic one: They want to require IT that services be hosted within their own borders, which they probably believe will encourage job growth. However I think that it will just end up being like a tariff, and the result will be that Europeans will pay up the ass for data warehousing compared to the rest of the world, while gaining nothing in return.

    This could have a few other implications as well; namely, that companies who provide these services will only operate in Europe unofficially. Think how mega.co.nz operates out of New Zealand and therefore doesn't have to follow any US laws, meanwhile it contracts with firms all over the world (including the US) for storage and co-hosting. A side effect of that is that they don't have to pay European taxes or have to bother with any European laws at all for that matter.

    The road to hell is paved with good intentions. I think a better approach would be to require mega style encryption among all providers - that is, only the end users hold the keys to their data. Of course, that would make it so that Europe couldn't surveil its own citizens like the NSA, and they don't want that.

    --
    Careful with names containing L slashdot.org/~AiphaWolf_HK slashdot.org/~AlphaWoif_HK slashdot.org/~AiphaWoif_HK