New EU Rules To Curb Transfer of European Data To the U.S.

dryriver points out a report at The Guardian about new regulations in the European Union that are intended to protect data from foreign government agencies like the NSA. Quoting: "New European rules aimed at curbing questionable transfers of data from E.U. countries to the U.S. are being finalized in Brussels in the first concrete reaction to the Edward Snowden disclosures on U.S. and British mass surveillance of digital communications. Regulations on European data protection standards are expected to pass the European parliament committee stage on Monday after the various political groupings agreed on a new compromise draft following two years of gridlock on the issue. The draft would make it harder for the big U.S. internet servers and social media providers to transfer European data to third countries, subject them to E.U. law rather than secret American court orders, and authorize swingeing fines possibly running into the billions for the first time for not complying with the new rules. ... The current rules are easily sidestepped by the big Silicon Valley companies, Brussels argues. The new rules, if agreed, would ban the transfer of data unless based on E.U. law or under a new transatlantic pact with the Americans complying with E.U. law. ... The proposed ban has been revived directly as a result of the uproar over operations by the U.S.'s National Security Agency."

Excellent

[CaptainOfSpray]

I'm delighted.
Pity they couldn't ban GCHQ from reading any of it.

Re: Excellent

[tolkienfan]

Bingo. This looks promising but GHCQ does the NSAs dirty work and vice versa. And nothing except US limiting the NSA will stop the NSA from using exploits to get the data anyway.

Re:Not going to make much difference

It sounds like the EU is outlawing these clauses. I don't know about the US, but here (Brussels) a clause in a contract is invalid if it is illegal.

Re:how silly..

[icebike]

don't they realize the nsa and cia have european-based operations, too?

Actually they do, the story specifically states:

But the proposed rules remain riddled with loopholes for intelligence services to exploit, MEPs admit.

The EU has no powers over national or European security, for example, nor its own proper intelligence or security services, which are jealously guarded national prerogatives. National security can be and is invoked to ignore and bypass EU rules.

"This regulation does not regulate the work of intelligence services," said Albrecht. "Of course, national security is a huge loophole and we need to close it. But we can't close it with this regulation."

So nothing will be solved here, the data will simply flow in the reverse direction and national security agencies of the EU will be filtering EU users data and sending it on to the NSA, and the NSA will do the same for data from the rest of the world.

New Boss, same as the Old Boss.

All the Big players will build (or already have) data centers in the EU, and all that they really lose is redundancy in their data backup. But there will be no less spying, it will actually increase the number of national agencies rooting through your data.

This effort is all for show, as well as smaller players using the whole NSA flap to leverage their position. But even this won't work for them because the EU customers want to have their Facebook and Google and their Twitter just as much and anyone else. So the same big players will establish or beef up their data-centers, and succumb to will of the various member states.

But hey, lets bitch-slap those goddamed Americans quick and get the infrastructure and employment back in our countries and under our control before anyone figures this out.

Who will step up and be the European Snowden?

Re:how silly..

Not really. I'm afraid you interpreted that statement in a very "american" way. European (*) intelligence agencies aren't saints, but they are definitely subjected to far more oversight than the NSA, and no, they don't do the same. Even if they wanted, they couldn't because they don't have sufficient budgets.

Obviously data protection rules do not apply to intelligence services, but this doesn't mean that a european intelligence agency can ask a company to give in all its users' data, as it happily happens in the US. In europe they need a court warrant for that, no matter whether it's national security or not. And they cannot share bulk data with the NSA, but only data strictly related to military or terrorist threats. The fact that the EU data protection regulation doesn't apply to intelligence services simply means that once data get (legally) gathered by an intelligence agency, users cannot ask for "the right to be forgotten" or other data protection rights.

(*) I don't include the UK and the GHCQ in what I call "europe". The first is just an american protectorate, the second an NSA's subsidiary. If any british reader feels offended, I don't care. As a european citizen, I'm waiting for them to get out of the EU, fast.

Re:Ohgodohgodohgod

[currently_awake]

telling a network tech to choose between a fine for the company (EU) or going to prison (USA) is not going to help.

Re:Data Protectionism

[PPH]

Facebook and Google will just form European subsidiaries and separate them from the operations of the US entity to a degree necessary to satisfy EU law. That may eventually mean multiple independent subsidiaries and a parent holding company offshore someplace beyond US intelligence and law enforcement data sharing laws. Only the US subsidiary would have to comply and EU citizens would be directed to sites compliant with their own privacy laws.