Slashdot Mirror
New EU Rules To Curb Transfer of European Data To the U.S.
dryriver points out a report at The Guardian about new regulations in the European Union that are intended to protect data from foreign government agencies like the NSA. Quoting:
"New European rules aimed at curbing questionable transfers of data from E.U. countries to the U.S. are being finalized in Brussels in the first concrete reaction to the Edward Snowden disclosures on U.S. and British mass surveillance of digital communications. Regulations on European data protection standards are expected to pass the European parliament committee stage on Monday after the various political groupings agreed on a new compromise draft following two years of gridlock on the issue. The draft would make it harder for the big U.S. internet servers and social media providers to transfer European data to third countries, subject them to E.U. law rather than secret American court orders, and authorize swingeing fines possibly running into the billions for the first time for not complying with the new rules. ... The current rules are easily sidestepped by the big Silicon Valley companies, Brussels argues. The new rules, if agreed, would ban the transfer of data unless based on E.U. law or under a new transatlantic pact with the Americans complying with E.U. law. ... The proposed ban has been revived directly as a result of the uproar over operations by the U.S.'s National Security Agency."
I'm delighted.
Pity they couldn't ban GCHQ from reading any of it.
"Cock Up Your Beaver" does not mean what you think. This sig is intended to clog filters and annoy do-gooders
It sounds like the EU is outlawing these clauses. I don't know about the US, but here (Brussels) a clause in a contract is invalid if it is illegal.
don't they realize the nsa and cia have european-based operations, too?
Actually they do, the story specifically states:
But the proposed rules remain riddled with loopholes for intelligence services to exploit, MEPs admit.
The EU has no powers over national or European security, for example, nor its own proper intelligence or security services, which are jealously guarded national prerogatives. National security can be and is invoked to ignore and bypass EU rules.
"This regulation does not regulate the work of intelligence services," said Albrecht. "Of course, national security is a huge loophole and we need to close it. But we can't close it with this regulation."
So nothing will be solved here, the data will simply flow in the reverse direction and national security agencies of the EU will be filtering EU users data and sending it on to the NSA, and the NSA will do the same for data from the rest of the world.
New Boss, same as the Old Boss.
All the Big players will build (or already have) data centers in the EU, and all that they really lose is redundancy in their data backup. But there will be no less spying, it will actually increase the number of national agencies rooting through your data.
This effort is all for show, as well as smaller players using the whole NSA flap to leverage their position. But even this won't work for them because the EU customers want to have their Facebook and Google and their Twitter just as much and anyone else. So the same big players will establish or beef up their data-centers, and succumb to will of the various member states.
But hey, lets bitch-slap those goddamed Americans quick and get the infrastructure and employment back in our countries and under our control before anyone figures this out.
Who will step up and be the European Snowden?
Sig Battery depleted. Reverting to safe mode.
Wow. A post straight out of 1988.
Sig Battery depleted. Reverting to safe mode.
So, they're going to make US Internet companies subject to EU laws rather than American laws?
Somehow, I don't think that's going to work as well as they (pretend to) think it will....
Why not, when so many companies have their "headquarters" in some EU tax haven?
If God forks the Universe every time you roll a die, he'd better have a damned good memory.
Not really. I'm afraid you interpreted that statement in a very "american" way. European (*) intelligence agencies aren't saints, but they are definitely subjected to far more oversight than the NSA, and no, they don't do the same. Even if they wanted, they couldn't because they don't have sufficient budgets.
Obviously data protection rules do not apply to intelligence services, but this doesn't mean that a european intelligence agency can ask a company to give in all its users' data, as it happily happens in the US. In europe they need a court warrant for that, no matter whether it's national security or not. And they cannot share bulk data with the NSA, but only data strictly related to military or terrorist threats. The fact that the EU data protection regulation doesn't apply to intelligence services simply means that once data get (legally) gathered by an intelligence agency, users cannot ask for "the right to be forgotten" or other data protection rights.
(*) I don't include the UK and the GHCQ in what I call "europe". The first is just an american protectorate, the second an NSA's subsidiary. If any british reader feels offended, I don't care. As a european citizen, I'm waiting for them to get out of the EU, fast.
telling a network tech to choose between a fine for the company (EU) or going to prison (USA) is not going to help.
Facebook and Google will just form European subsidiaries and separate them from the operations of the US entity to a degree necessary to satisfy EU law. That may eventually mean multiple independent subsidiaries and a parent holding company offshore someplace beyond US intelligence and law enforcement data sharing laws. Only the US subsidiary would have to comply and EU citizens would be directed to sites compliant with their own privacy laws.
Have gnu, will travel.
are you implying that they'll just take up and leave from the EU?
that might be swell. we would finally get a new search competitor.
world was created 5 seconds before this post as it is.
There are already clauses in cloud email services for example that the user agrees that data may be transferred outside EU and to all third parties and nothing can be expected to be private. It will just be one more line in the EULA and change absolutely nothing.
those clauses get invalidated then. because that's how law works. if you got get around everything by putting it in a contract.. why would any company adhere to any consumer protection laws?
world was created 5 seconds before this post as it is.