EU High Court To Review US-EU Data Safe Harbor Agreement

jfruh (300774) writes with news that a complaint in Irish Court against Facebook for possibly sharing personal data of EU citizens with the NSA has escalated to the European Court of Justice which will review the continuance of the U.S./EU Safe Harbor Framework in light of PRISM. Under European laws, personal data of EU citizens can't be transferred to countries that don't meet EU standards for data protection. The U.S. doesn't meet those standards, but American companies have worked around this by using EU standards for the data of European citizens, even that data stored on servers outside of Europe. Now the EU's highest court will decide if this workaround is good enough — especially in light of revelations of the NSA's Prism data-mining program.

It's not. But neither is the EU protection

[Opportunist]

Considering that the USA don't even need it but could essentially siphon the data directly from European countries with the aid of European governments... does it really matter?

That's essentially pondering whether the front door should be locked when the back door is opened from the inside by those we employ to guard it.

Re:It's not. But neither is the EU protection

> That's essentially pondering whether the front door should be locked when the back door is opened from the inside by those we employ to guard it.

"One Down and One to Go" vs "None Done and Two to Go". I vote for the first.

Re:It's not. But neither is the EU protection

What does it matter?... It would basically make it impossible for facebook and google to send user data to non-EU datacenters, and that means that the company and EU-side workers will be liable if EU customer data is siphon'ed off at those non-EU datacenters. Basically they cannot longer hide behind the safe harbor framework.

About the GCHQ/etc sucking up all our data as it moves between datacenters... well that comes under the requirement that the companies keep private data safe. That's another lawsuit for another time.

Re:It's not. But neither is the EU protection

[amias]

I see this as the EU looking to make US companies lobby their government to stop spying

the USA is not a full signatory to most international treaties which is a pisstake given its puritanical stance towards the rest of the world.

Re:It's not. But neither is the EU protection

[Opportunist]

If one was down, I might consider thinking about pondering to agree. Even though I still follow the rule that your defense is only as good as your weakest side is. What's the worth of a castle with a missing fourth wall?

Re:It's not. But neither is the EU protection

[Luckyo]

It means you only need to build that fourth wall, instead of third and fourth.

Re:It's not. But neither is the EU protection

[Xest]

Plus it seems pretty clear that GCHQ is in breach of the Data Protection Act in the UK, which makes allowance for law enforcement, but obviously by harvesting all data GCHQ goes beyond that. The specific exemptions in law are:

- the prevention or detection of crime;
- the capture or prosecution of offenders; and

Obviously harvesting data of innocent non-crime committing people achieves neither of these things. Which is why I suspect GCHQ's acts wont survive subsequent court challenges anyway - even if they succeed in national courts, they'll get slapped down at European level as whilst the creation of the UK's supreme court has created a puppet for parliament in the judiciary they still have no way of manipulating the European Court of Justice.

So it's a multi-pronged approach. Saying "Well there's no point fixing this, because that is broken" is stupid when "that" is also being targeted for fixing also. As you imply, just because there's more than one issue doesn't mean we should deal with none of them, it just means they have to be dealt with as separate cases.

Re:It's not. But neither is the EU protection

[Opportunist]

Coulda, woulda, shoulda... all meaningless when the attack is already underway.

Re:It's not. But neither is the EU protection

[Luckyo]

So in your opinion, it's best to just surrender instead of trying to build defences one by one?

Apply that in real life and kill yourself then. I'm sure there are plenty of problems you can't solve in one swoop, and clearly since solving them piece by piece is a wrong approach, you should just end it now.

Re:It's not. But neither is the EU protection

[drinkypoo]

Obviously harvesting data of innocent non-crime committing people achieves neither of these things. Which is why

...governments favor excessively complicated legal codes, under which nearly everyone commits multiple crimes every day. Everyone is a criminal. Given that, they can use the 'detection' excuse readily.

Re:It's not. But neither is the EU protection

[Megol]

Yeah. Except that isn't true. Unlike in the US and most other countries the EU have strict laws about gathering and sharing information and many countries have even stricter local laws. The EU also thinks personal privacy should be protected (within reasonable limits). Some countries even require registration before storing public information into databases, that is non-sensitive, non-secret data. Why? Because using a lot of public data cross referenced with each other can be used to extract patterns hinting to other things that are either private or secret. It is a whole world of difference in just this view on data.

The big problem is in the "mini-me" of the US - the UK. And even there the really big problems are most likely done by intelligence people breaking local laws. The problem is that the UK (like their idol US) have things like secret trials and a long experience in covering up severe crimes of the intelligence service and other departments.

Re:It's not. But neither is the EU protection

could essentially siphon the data directly from European countries with the aid of European governments... does it really matter?

I can only speak for Ireland but Vodafone wikileaked by Snowden and they are a big provider in Ireland. It emerged that by Irish law they weren't able to snoop as they were in other countries. You're seeing the situation from America. You are on the other side of the door || "but American companies have worked around this by using EU standards for the data of European citizens"

You're not seeing it: Facebook and other American companies are using American standards (or lack thereof) for American citizens.

Re:It's not. But neither is the EU protection

[yacc143]

Well, first of all, it's about declaring an obvious fabrication as such (that an US company can, even they wanted to, comply with EU regulations, which US courts have ruled they are not allowed to, so it's obviously a fairy tale). That completely leaves the situation open concerning government aided spying, which by the way, European governments have been trying under cover. Well, vermin likes it dark.

On a commercial side, currently the situation is completely unsatisfactorily: European companies are forced to deal with privacy issues (privacy is a human right written into the EU treaties), while US companies are allowed basically to ignore the rules. So either enforce privacy rules against all comers, or get rid of the limitations on the EU IT industry.

What this might mean is that US companies will have to disassociate themselves rather strongly from their EU subsidiaries so that US courts cannot enforce US "national security laws" against them. (Hint, US companies had no problems supporting Nazi-Germany, creating the necessary legal separation. Google Dehomag if you don't believe me.)

The funny part here is, that the European High Court has had, in the past more than once kicked ass, by enforcing European law over convenient national law in the past (e.g. it has basically killed data retention no matter what the politicians wanted), and Privacy is a basic human right which means that simple economic considerations are irrelevant.

Re:It's not. But neither is the EU protection

[yacc143]

Worse, if the question ever ends up before the EU Court, I'm almost certain that it would not look very favourable on this "everything outside Germany is external for purposes of surveillance" idea (substitute Germany for the your favourite EU member country), considering that the "Common Market" makes exactly that thought forbidden by default. As in, you need a very very good reason, and claiming national security might not get you far in the context of an European Court.

Re:It's not. But neither is the EU protection

[yacc143]

Well, stopping to spy won't be enough. It's that "US security complex uber alles" tune that would need to be stopped, but D.C. seems to like that perfectly fine.

Re:It's not. But neither is the EU protection

[yacc143]

Actually, the US don't get the concept of privacy as it's understood in the EU.

And basically all EU members have legislation about privacy on the books, because it's rooted in the EU data protection directive (basically, that's how the EU legal process works, and in any EU member not having legislation on the books fulfilling the requirements of the directive, the directive becomes directly applying law).

The only thing currently is that the implementation of the law and it's enforcement are done at the member country level, which means that some edge cases might be handled differently in each country. Plus the fines for illegal conduct are usually so tiny, that for international companies paying them is an rounding error in accounting.

That's what the current privacy discussion in the EU is about, moving the implementation of data protection (aka Privacy) laws to the EU level, basically meaning it's the same everywhere, plus adding fines that are big enough that they might make a dint in a balance sheet.

Re:It's not. But neither is the EU protection

Obviously harvesting data of innocent non-crime committing people achieves neither of these things. Which is why

...governments favor excessively complicated legal codes, under which nearly everyone commits multiple crimes every day. Everyone is a criminal. Given that, they can use the 'detection' excuse readily.

I keep hearing this "Everyone commits several crimes everyday" line but I don't recall any solid irrefutable proof that this is the case, more so that this line came about before the internet, so I doubt that GCHQ would notice anything if all these crimes happen offline.

We also have to remember the saying "If one would give me six lines written by the hand of the most honest man, I would find something in them to have him hanged." which is a good response to "Nothing to hide, nothing to fear"

I can see why they didn't investigate

[timrod]

The decision by the Irish DPC not to investigate makes perfect sense - this case is essentially all politics, and nothing more. The finding is inevitably going to be that the existence of the NSA violates European data privacy laws, but there really isn't a whole lot the EU could do about it - they can't tell the US to shut down the NSA, and they can't revoke the ability of non-EU servers to host EU data without effectively creating a second Great Firewall. Nothing can ultimately be done about it, and so the only real result would be this "Europe-v-Facebook" group scoring some political points.

Re:I can see why they didn't investigate

If this was honest, it would notice the ~30 spy agencies from EU member countries who do exactly the same thing that the NSA is in trouble for, but do so with full legal support.

Don't take this as a defense of the NSA citizen-spying, but the same sort of action is somewhere between legal and mandatory in each EU member state (and more often than not mandatory in non-EU nations around the world), so all foreign outrage is just grandstanding for popular opinion. You're right not to trust the NSA, but you're a fool if you trust any other government to respect you even as little as the NSA does.

Re:I can see why they didn't investigate

[i+kan+reed]

You can punish the hell out of a perpetrator of the crime(assuming they have presence in the EU). That's what's being considered. Giving companies that have business in the EU pause about mindlessly toadying to US government organizations.

Re:I can see why they didn't investigate

[Sique]

It could give all the european intelligence agencies cold feet for cooperating with the NSA. It could give all the citizens angry about the constant surveillance and the nonchalance of their politicians about it a boost. It makes everyone liable who gives material support to the NSA from within the E.U., which in turn makes the life miserable for David Cameron and the GCHQ.

Re:I can see why they didn't investigate

[timrod]

If that were the case, this "Europe-v-Facebook" group should have gone after GCHQ, which is in an EU member nation and which is under the jurisdiction of the EU high courts. Heck, they could even make the exact same case: GCHQ collects data on EU citizens on the grounds that if they use any service located outside of the EU it counts as foreign, and sends some of that data to the NSA, who undoubtedly do not have the required EU privacy regulations in place. The EU courts could then regulate GCHQ and other EU intelligence agencies and force them to cease cooperation with the NSA, which would likely be a major blow to their global surveillance plans.

They probably won't do that, because if they did, GCHQ would likely send representatives to the court and fight it, which would cost tons of money and result in a prolonged legal battle even if GCHQ is ultimately in the wrong. It would also result in fewer political points for the group bringing the suit, because GCHQ would no doubt counter with a wave of "Mass surveillance is necessary to keep the citizens of the United Kingdom, and by proxy all of the EU member nations, safe from terrorism. Any attempt to regulate us might result in secrets leaking and allow terrorists to harm EU citizens", and some people are going to agree with that, as misguided as it is.

In contrast, the NSA is an easy target - they won't care because they know full well the EU can do absolutely nothing to stop them directly. They probably wouldn't even acknowledge legitimacy by sending someone to represent them.

There were better ways to do this ,but this group picked the route that would help them the most politically rather than potentially bring about reform.

Re:I can see why they didn't investigate

[Charliemopps]

They could fine Facebook until they hosted European data in Europe. If they refused they could seize their assets, and deny them revenue from European companies. The end result being that facebook and other companies like them would go screaming mad to congress. So yes, there's plenty that could be done.

Re:I can see why they didn't investigate

[Sique]

The GCHQ could claim administrative priviledge (as they actually did, linked PDF), but if the transfer of data itself ist forbidden, they have an administrative priviledge with no one to actually priviledge on.

Re:I can see why they didn't investigate

[yacc143]

Nope, fascinatingly, this is not about the NSA as such.

The issue is that for many reasons, US companies cannot implement European standards in data privacy laws. That starts from some lowly county judge issuing subpoenas and at the other end you've got the "America uber alles" chanting federal intelligence apparatus, e.g. NSLs, all kind of regulations in the Patriot Act, giving Teleco providers retroactively immunity for cooperating with the government, and so on.

So now we've got the situation where there is a law that all cars sold need to have seat belts. (privacy) But US companies are allowed to sell cars without seat belts, because they claim that they equivalent protection, because their local guru has prayed for the safety of their customers. (Safe Harbor Agreement). Now somebody has decided to call a spade a spade, and mentioned in the correct forum, that a prayer by whatever guru cannot fulfil the safety regulation in any possible way. (That's the kid that cried that the Emperor is naked.)

Worst from the "Postprivacy" faction is that EU Court has been known to issue rulings in the past that pissed of politicians, just because it's the law. And privacy is a basic human right in the EU treaties. The fact that it's inconvenient for the US companies or many Politicians (whose are seldom champions of privacy, well they only become privacy advocates when it comes to their own privacy) is not really very relevant in the context of a basic right.

Re:I can see why they didn't investigate

[yacc143]

It's not about the spy agencies.

There are many many things in the US legal environment that make it incompatible with EU privacy laws.

Re:I can see why they didn't investigate

[yacc143]

It's not about the spy agencies. It's about US companies having a business model that is very very edge case in relationship to EU privacy laws.

Now the US companies promised to follow EU regulations voluntarily to be allowed to transfer data from the EU to the US. This guy basically has proven that Facebook (just one random example) does not even the business processes setup to to comply with EU laws. And now it has reached a new level, because they basically said that the Safe Harbour Agreement cannot work at all, because the legal environment in the US is incompatible. That's where the NSA comes in, but only on the sidelines, as one of the things that make the SHA not workable.

Re:I can see why they didn't investigate

Facebook on the other hand, could move all their assets and offices out of Europe, refuse to care about the lack of financials from European ads (because you're the product that's being sold, after all) and BAM, Facebook sticks fingers in ears and going "lalala cannot hear you."

Re:I can see why they didn't investigate

That would be great! That means we have *two* possible positive outcomes instead of just one. Progress.

At what point

[maz2331]

When are the US-based companies going to simply shut down their satellite offices in the EU, keep all personnel in the USA, and change their TOS such that any use is under US and California law? They could simply outsource their sales operations to a third-party in foreign jurisdictions.

Re:At what point

[Sique]

To what end? That means that they can't use the irish tax havens anymore. That means that they have no footing if they want to sue. That means that even mediocre european companies will eat their marketshare because they are present in the E.U.. And if the sales company in the E.U. sues them for falsely representing the actual handling of the data, they aren't off the hook either.

Yes, an U.S. based company could avoid the fallout. But is it worth it?

Re:At what point

[bigtrike]

When the revenue of such a decision is greater than the expenses, they will do it.

Re:At what point

[Poeli]

And leave behind a 500M people market? Abandon all their current contract and cloud services? I don't think so. The EU is the second biggest market after China.

Even if they do, several European companies will quickly fill the void (like in China) and the USA based companies will have an extra couple of competitors in the world.

Re:At what point

[Xest]

At the point they forget that that also means they can't sell ads in Europe without having a European operation such that they're shutting themselves out of the world's largest economy (the European Union) I would imagine.

So sure they could do that, but they'd rapidly lose the race to global competitors who are willing to simply play ball with privacy and data protection law in Europe and it would be goodbye silicon valley, enjoy your trip into irrelevance.

I'm not sure anyone in silicon valley actually wants that. There's far more profit in behaving themselves and playing global than being isolationist dicks.

Re:At what point

[turp182]

One word, use tax havens in the Caribbean. Who doesn't do that?

If a company says that what you do is public, there is no recourse. As long as what they are sharing is clearly stated (how it's used, I'm not so sure). If a company says blatantly that certain information is public, then it can be so.

For a while I worked for an US based international insurance company, with several years on an underwriting project (medical record images and data). The project didn't involve business in the US, there was already a system for that. We kept UK data in our UK servers. European data was stored in Canada (latency is a bitch). The Asian/Australian data was in Australia, Malaysia, and Hong Kong. South African and Indian data were in South Africa.

One day the Indian office was told that keeping the personal records (medical info) in South Africa wasn't good enough for Indian records. Data privacy. We had to move personal data to the UK.

The distributed service design I put together allowed us to move personally identifying data to the UK (database moves), and a simple endpoint update to the client configuration was all that was needed on the code side. The latency increase was substantial (> 1 second per request for personal info) but the regulatory requirements were met.

International data can be complicated, but if it is made clear that things are public the situation is much more simple.

Re:At what point

[yacc143]

Hint, using tax heavens is not as simple.

The IRS have it's own idea what's okay or not.

Going through a number of countries, "First World" countries to be exact what makes this feasible. Because for the IRS, their "contact" is in Ireland. Ireland has a number of interesting regulations, as many other countries.

Dealing directly with a "low taxation" place is usually a no go, you invite problems, the nicest would be an extreme level of auditing from your local tax authorities. Instead you invoice stuff multiple times, at each step removing the taxable income away from the place where the authorities care, to a place where they are happy for some tiny fees.

E.g. our local politicians had the curious idea to shift a number of burdens onto entities doing business with tax havens. Interestingly that did not raise any objections, OTOH, a number of people in industries known for jurisdiction shopping anyway commented "well, that means one invoice more, and one UK Ltd. more, sigh."

So yes, US companies can use other tax dodges, but getting kicked out of the EU could mean still some pain.

Facebook broke the law.

The site must be shut down and everything there destroyed (except the employees), effective IMMEDIATELY. DO IT NOW.

Stopping this would stop snooping in the UK too.

[Hammeh]

It was announced this week that GCHQ don't need permission to snoop on UK citizen's activity when the services being used are located abroad as they class it as "external communication" (for the likes of Facebook, Twitter and Google). It wouldn't surprise me in the light of recent events, if the UK government back this plan, to only turn around and say, "Yes you need to keep the data in Europe, but we don't want it here." just so they can continue to *legally* spy on the people via this "external" (overseas) communication loophole.

The problem with safe harbor

[L-One-L-One]

With the safe harbour agreement american companies basically "promise" to follow some rules related to privacy, which are compatible with European values. But to make such an approach effective, someone has to verify that the "promises" are real and eventually impose sanctions if they are not. That someone is -- in theory -- the FTC.

The problem with safe harbor is that it is been very weakly enforced. In the first decade since it was created, there has been no real enforcement action that I've heard of. This gives the impression that Safe Harbor is pretty toothless. FTC has only recently (2014) began to enforce this framework, because Europeans threatened to abandon it.

Re:The problem with safe harbor

[Alain+Williams]

The trouble is that facebook et al are subject to the patriot act - this means that all the govt of the USA needs to do is say ''give me this data'' and they have to do it. The data can be anywhere in the world, if they can access it they need to give it to the NSA/... upon demand and can be stopped from telling anyone what they have done.

This could result in these companies being put into an impossible position where they have to meet conflicting demands both of which they must absolutely obey. The only way that they will survive is to lie, either ''we do not have the data'' or ''we did not give it away''. I suspect that the NSA will, at least initially, win this and they will just lie to tell the EU regulators ''we did not give it away''.

Re:The problem with safe harbor

[Jahta]

The trouble is that facebook et al are subject to the patriot act - this means that all the govt of the USA needs to do is say ''give me this data'' and they have to do it. The data can be anywhere in the world, if they can access it they need to give it to the NSA/... upon demand and can be stopped from telling anyone what they have done.

No, the trouble is that the jurisdiction of the Patriot Act (and all other US laws) ends at the US border; regardless of what agencies like the NSA like to believe. If US companies won't (or feel they can't) abide by the laws of the foreign countries in which they trade, then they'll just have to stop trading in those countries.

The economic impact on US tech companies of Prism, the Patriot Act, etc. is not exactly news; NSA's Prism Could Cost U.S. Cloud Companies $45 Billion - InformationWeek.

Re:The problem with safe harbor

[stenvar]

The trouble is that facebook et al are subject to the patriot act

And in Europe, E-mail providers are subject to European data protection laws, which are generally weak when it comes to government spying and police action.

Relying on laws to protect your data is futile. What you can rely on is government enmities and obstacles. Put your data on US servers, and the NSA may read it, but the UK government won't unless they have evidence that you're a terrorist. Put your data on a UK server, and chances are the UK government, security services, and police have easy ways of getting at it.

Re:The problem with safe harbor

[CrimsonAvenger]

No, the trouble is that the jurisdiction of the Patriot Act (and all other US laws) ends at the US border; regardless of what agencies like the NSA like to believe.

Got bad news for you. It is NOT illegal for the NSA to spy on foreigners.

Any more than it is illegal for the espionage agencies in your country to spy on foreigners.

That is, in fact, what espionage agencies are for - to spy on people.

Re:The problem with safe harbor

It is NOT illegal for the NSA to spy on foreigners in the USA, it may very well be illegal in some other country and its about time Europe stopped being Americas poodle you do Nohting that is in our interest.

If we catch your NSA operatives plying their trade they should be given a trial and if found guilty executed as spies under international law. For too long its been a nudgem nudge, wink, wink club between the spies and the politicos.

   

Re:The problem with safe harbor

[Jahta]

No, the trouble is that the jurisdiction of the Patriot Act (and all other US laws) ends at the US border; regardless of what agencies like the NSA like to believe.

Got bad news for you. It is NOT illegal for the NSA to spy on foreigners.

Any more than it is illegal for the espionage agencies in your country to spy on foreigners.

That is, in fact, what espionage agencies are for - to spy on people.

Got bad news for you. While the activities of the NSA may be technically legal *inside* the US, they are certainly not legal anywhere *outside* the US. The same is true in reverse; the US certainly doesn't operate a "live and let live" policy towards foreign espionage agencies operating inside its borders.

In any event, the point here is that US companies operating in foreign countries can't use the Patriot Act (or any other US law) as an excuse for flouting local laws. The personal data of EU citizens is protected under EU law. If US companies want to do business in Europe then they must abide by those laws.

The US wouldn't tolerate foreign companies breaking US law in America. What makes you think other countries should tolerate US companies breaking their laws?

Re:The problem with safe harbor

[drinkypoo]

Got bad news for you. It is NOT illegal for the NSA to spy on foreigners.

Not in this country. If they take actions in other countries, those actions can be violations of the laws of those countries. There used to be a spying agreement between the US and Germany but it was dropped. I read something about talks about a new anti-spying treaty agreement, but I didn't go into it.

Re:The problem with safe harbor

[yacc143]

Got even worse news, yes it's illegal, just not by US laws. And if they do it outside of the US, it becomes illegal, if the local laws don't have loophole. In many cases such loopholes might exist, but in some, where in the past the NSA and local buddies relied more on secrecy, it might be actually criminal.

The question is of enforcing stuff, which funnily, the EU High Court is probably one of the places where this might hurt even the US (basically, even US-friendly Politicians that like to snoop on their own citizens cannot just ignore any rulings coming from them, and the EU Court has been known in the past just to follow the law. Sucks that Privacy is a basic human right.)

Ummm

[Ryanrule]

Most of the euro governments willingly handed over information to the NSA so they could stick their fingers in the big ass pie the US was baking.
UK, Germany, France, all complicit.
Clean your own house europe.

Re:Ummm

Clean your own house europe.

The same can be said for the US.

Because the US has become the biggest enemy to free societies on the planet, but they are doing it in the open and acting like it's all OK.

Fuck America, and fuck any government which allows this to happen. This is pretty much bringing in the global surveillance society.

Re:Ummm

[dave420]

This is what's happening. It's strange you acted so very defensively when criticism of the US was made. You do realise that attitudes such as yours guarantees that the US's own house isn't cleaned, right?

Re:Ummm

[yacc143]

Well, it's about US companies not following EU laws. It's not about spying agencies.

Duh!

Put all of your personal data on a commercial US web site, and expect privacy?
Duh

Re:Stopping this would stop snooping in the UK too

[stiggle]

Even if the servers were located in the UK - they would snoop on them as they'd be snooping on overseas traffic coming into the servers, or just route the traffic offshore and back again (fat pipe to the Isle of Man or Ireland?) so they can snoop it.

USA can route traffic via Canada to legally snoop on American citizens, as its being snooped in Canada.

Europe Needs To Spy Hard

[JimSadler]

Considering that terror attacks in Europe have been far more frequent and ongoing the various nations need to collect information and share it to an even greater level than the US. Most people will never make note that revolutions occur across cultures. For example France, England and the US had revolutions close in time to each other. We are almost one culture and share a common majority race. Right now revolutions are in progress in the Arab nations. The cultures of Arab nations vary a bit but the majority race is about the same. In response to that Arab revolution we are seeing a revolution is spying and data collection within the US which may well be far more lasting than the violence in the Arab world. The hope is that intense data accumulation can provide all kinds of incidental joys as well as prevent future attacks. For example we may be able to kind cures for diseases or causes of diseases by using data compilation. We might even help solve traffic congestion or problems that we are unaware of completely. To that end the compiled data should be released across the board so that all research and every industry could make use of the fruits of all of that publicly funded data collection. Think for a moment of the tens of thousands of convicts who have either escaped or jumped parole. Data mining could probably be used to capture all of them.

Re:Europe Needs To Spy Hard

[stenvar]

Your posting is proof that any sufficiently advanced sarcasm is indistinguishable from stupidity.

translation

[stenvar]

The translation of all this is: "build more data centers in Europe; we need the jobs, and our governments want to have easier access to the data directly on European soil".

Re:translation

If it were the European Commission that was behind this, you might have a point but in this case it's the European Court of Justice and thus your cynical theory doesn't hold water.

Re:Stopping this would stop snooping in the UK too

[stenvar]

Are you kidding? Many European nations have gigantic loopholes in privacy protection when it comes to government spying on their own citizens. European governments absolutely hate your data being on US servers because, while the NSA may be able to get at it, the US won't share that data except when it serves its own interests, which is rarely. Furthermore, European nations don't have a prayer to tap data in the US by technical means.

European governments are itching to force their citizens to store their data on their domestic servers, both so that it becomes more easily accessible to European spy agencies and police forces, and also because European telecoms are lobbying and hoping to be able to take back a slice of the market that they lost.

Re:Stopping this would stop snooping in the UK too

[davester666]

By "external communications" GCHQ meant that the communications left a person's house, not the country. Once the signal leaves your property line, it's fair game for them, no matter what technology is used to transmit it [copper, optical cable, airwaves]

But they don't care

[viperidaenz]

Because the UK GCSB still intercepts the data without a warrant.