Slashdot Mirror
Leaked TISA Documents Reveal Privacy Threat
schwit1 writes with some Wikileaks-enabled news at Forbes about the Trade in Services Agreement, a treaty currently under negotiation between the U.S., the European Union and nearly two dozen other parties. Wikileaks' release of 17 documents from the negotiating countries puts some bad light on some of the provisions being considered: From the Forbes report: Under the draft provisions of the latest trade deal to be leaked by Wikileaks, countries could be barred from trying to control where their citizens' personal data is held or whether it's accessible from outside the country. ... These negotiating texts are supposed to remain secret for five years after TISA is finalized and brought into force. Like TTIP and TPP, TISA could be sped through Congress using Trade Promotion Authority (TPA), also known as fast-track authority, which has been passed by the US Senate and may be taken up in the House this month. Under TPA, Congress is barred from making amendments to the trade deals, and most simply give yes-or-no approval.
That's not what the Constitution says. A treaty does not have the same effect as the Constitution and its Amendments. Article VI says that the Constitution, Federal laws, and treaties are the supreme law of the land with regards to State constitutions and State laws. But clearly despite the grouping of the Constituion and Federal laws, Federal laws are not supreme over the Constitution, and the same goes for treaties. (In fact, treaties normally take effect via the passage of implementation laws - regular Federal laws - by the Congress.)
Not true.
The EU has similar rules. Data cannot leave or be processed outside the country without SOMEONE in the EU taking the fall for allowing it to happen should something go wrong.
EU data protection is pretty hard. Google, Microsoft etc. provide guarantees to EU governments that school data on their apps (e.g. Google Apps for Education/Government etc.) are never stored nor transmitted to non-EU datacentres. I know, because as part of my job, I have a legal duty to check that this is the case of any company I hand our pupil's data off to.
Just because we don't want US noses in our data doesn't mean we're being malicious. It just means we have a set of rules and if you're not prepared to follow those rules, you can't have our data. Rules like "We have a right to see the data stored on ourselves", "We have the right to correct that information if it's incorrect", "We have a right to know what's happening to our data and who processes it and for what purpose" and so on.
There's a reason that I cannot allow use of Apple iCloud on-site. Apple refuse to provide such guarantees. Therefore their cloud service is dead to us (for many other reasons as well, but that's just Apple). There's a reason that I cannot use a software supplier from Sri Lanka who wants our business - because they can't provide the correct guarantees of our data and thus I personally, can be held *LEGALLY* liable if they take our data and some of it leaks out (for the purposes of the EU data protection laws, leak of any personally-identifiable information can result in fines and prosecution with personal liability - personally-identifiable information might be, say, one name with, say, one date-of-birth. Game over).
Sorry, but there's a reason that Dropbox, Twitter, Facebook, Google, Microsoft and everyone else has an Irish datacenter - they have to control and process UK and EU user's data within the EU, according to strict laws, or risk enormous fines. The US divisions "demanding" access to the EU data is the impetus of the last year to separate the companies geographically so they can legally comply with EU regulations and not have to give data to the overbearing demands of the US court system that has no such jurisdiction.
We protect our data. Just because you don't, that doesn't make us terrorists or police states. In fact, it skews towards the exact opposite.