EU May Forbid the Transfer of Personal Data To the US

← Back to Stories (view on slashdot.org)

EU May Forbid the Transfer of Personal Data To the US

Posted by samzenpus on Thursday September 24, 2015 @04:27PM from the no-data-for-you dept.

An anonymous reader writes: As the Snowden revelations have shown, personal data stored in the United States of America is not protected from the US government, be it through warrantless eavesdropping or national security letters. In light of this, the general attorney for the Court of Justice of the European Union has just issued an opinion requiring the US to be removed from the list of "safe harbors", where the transfer of personal data of European citizens is permitted. If the court follows his opinion, the change will have deep impact in the operations of large transnational Internet companies, between a US government that wants to keep on spying, and European authorities that will punish them if they let it happen.

36 of 202 comments (clear)

Min score:

Reason:

Sort:

The US needs a serious spanking by msobkow · 2015-09-24 16:29 · Score: 5, Insightful

The US needs to wake up to the fact that it doesn't set policy for the world, and that other jurisdictions have their own laws and regulations that US companies have to abide by if they want to do business there.
Enough with jackboot "treaties" that the US doesn't even try to abide by after signing them. :(

--
I do not fail; I succeed at finding out what does not work.
1. Re:The US needs a serious spanking by Anonymous Coward · 2015-09-24 16:52 · Score: 2, Interesting
  
  Yep that is what the TPPA, TISA etc are all about. Shoring up US influence.
  The US does not know what to do when its no longer in charge, they are like the pushing little kid who has to make up all the rules of every game to ensure they win every time, and if they can't they don't want to play with everyone else.
2. Re:The US needs a serious spanking by Anonymous Coward · 2015-09-24 16:56 · Score: 2, Informative
  
  No one has made a claim yet
  And the ability of the US to dictate terms to anyone is plummeting .
  Turns out the rest of the world is far more interesting.
3. Re:The US needs a serious spanking by msobkow · 2015-09-24 17:04 · Score: 5, Insightful
  
  No one is making claims under the agreement. What they are saying is that the US does not abide by the terms of the agreement, so the agreement should be nullified.
  This isn't a decision being made by courts; it's a decision being made by the government. Totally different ballgame.
  The US does not get to dictate law to foreign nations, no matter how much they'd like to.
  
  --
  I do not fail; I succeed at finding out what does not work.
4. Re:The US needs a serious spanking by Anonymous Coward · 2015-09-24 17:13 · Score: 3, Informative
  
  Actually, what you're saying is false. The case stems from a complaint brought by an Austrian citizen against Facebook. That constitutes bringing a claim against a US organization. The Irish Data Protection Commissioner ruled against the claim, so it was appealed to the European Court of Justice.
  And, let's be clear, the EU is actually the one trying to dictate the law to the US. Schrems' lawyer was quoted as saying, "If the United States doesn't change its laws in order to guarantee a minimum of data protection to European citizens, U.S. companies will have to process their data in the EU."
  I despise mass surveillance like what's going on in the US. I actually think EU citizens have a right to be angry that their data is being handed over to the US en masse. I just don't think the treaty is being followed by the EU and that the EU is actually trying to tell the US what US laws should be. It doesn't necessarily mean they're wrong to despise the mass surveillance.
5. Re:The US needs a serious spanking by Lonewolf666 · 2015-09-24 17:45 · Score: 5, Informative
  
  The EU is trying to dictate the law to companies that are doing business in Europe, not against the US government or congress. Which every country does on its territory. Note that the case is against Facebook, not the US government.
  Some of these companies happen to be US companies. Who may be in a bind soon, as the European Court of Justice is likely to invalidate the Safe Harbor Agreement, as it usually follows the advice of its general attorney. If that happens, said US companies are no longer allowed to store data of EU citizens outside the EU, but at the same time they may be told by the US via national security letter to hand over those data.
  If both the US and the EU stay adamant, companies like Facebook may have to choose between doing business in the US or in Europe.
  
  --
  C - the footgun of programming languages
6. Re: The US needs a serious spanking by Anonymous Coward · 2015-09-24 17:55 · Score: 4, Insightful
  
  What handouts? Maybe you should feed your own starving citizens before even dreaming about some handouts? US "handouts" always come with strings attached, nobody in their right mind should touch them. If you want to build your country in the image of 1984 please do, but don't be surprised when the rest of thwe world refuses to use it as a manual on society building.
7. Re:The US needs a serious spanking by Anonymous Coward · 2015-09-24 18:00 · Score: 2, Informative
  
  The treaty doesn't give US a permission to spy. And yeah, there is a treaty, now the EU is questioning the treaty, and if US will keep on spying there will soon be no treaty. Dictating laws? Well, the thing is, nobody is dictating anything, just stating that US and EU laws are in conflict, and if some side doesn't change there can't be a treaty. You really expect them to first suggest they should drop all privacy protections from their own citizens?
8. Re:The US needs a serious spanking by shockwaverider · 2015-09-24 18:29 · Score: 2
  
  You're kidding right?
  Export.gov requires safe harbor companies to self certify. - The companies state every year that they provide adequate protection.
  
  Self-certifying to the U.S.-EU Safe Harbor Framework will ensure that EU organizations know that your organization provides "adequate" privacy protection
  That's all. No checks are made. No audit performed. There's noting to stop them lying, and companies HAVE lied - in their droves.
  
  --
  Remember kids! Guns don't kill people - Americans kill people.
9. Re:The US needs a serious spanking by Sique · 2015-09-24 18:56 · Score: 4, Interesting
  
  Actually, what you're saying is false. The case stems from a complaint brought by an Austrian citizen against Facebook. That constitutes bringing a claim against a US organization. The Irish Data Protection Commissioner ruled against the claim, so it was appealed to the European Court of Justice.
  That might be the origin, but that's not the question the Attorney General issued an opinion about. The Irish High Court refused to hear a claim about Facebook's transfer of data and referred to the Safe Harbour treaty, and thus there was the question to the European High Court if the Irish High Court has to consider if the actual conditions of the Safe Harbour provisions were met. And now the Attorney General opinionated that the U.S. does not met the the regulations for the Safe Harbour treaty because European citizens have no legal recourse against the wholesale spying performed by the NSA and other organisations in the U.S.. The NSA spying was called unspecific and without clear goal and thus in violation of the privacy rights of European citizens. This is the first time that an European institution actually took the Snowden allegations as fact (until now most courts opinionated that the allegations have not been proven yet), and thus issued a statement that the U.S. is not adhering to the provisions and thus the European Commission can't declare the U.S. a safe harbour, thus all treaties with the U.S. about data protections are void.
  
  --
  .sig: Sique *sigh*
10. Re:The US needs a serious spanking by Anonymous Coward · 2015-09-24 18:58 · Score: 3, Insightful
  
  Let them handle Putin, ISIS, and the refugees, all over on their side of the world. Not the US's problem.
  You know that the rise of ISIS and the refugee crisis is the result of the US conquest in the middle east, right?
  What your are calling "Not the US's problem." is the consequences of US politics a decade ago. The US has been criticized for it but never took responsibility for the shit that was stirred up.
  Dealing with the refugees could be as easy as building a wall like the one Trump suggested towards the Mexican borders, but that is not very humanitarian.
  The insanity that is Putin is the result of the cold war. I'm a bit too young to remember what led to what and how people in "intelligence"-agencies ended up that way so I can't really point out how he ended up like that. The only thing I can say for sure is that he doesn't act differently from people who work in similar agencies in the west.
  From a pragmatic standpoint it could be useful to have paranoid people around to let them think about all the possible threats, but it is very unwise to take their fears at face value or to put them in a position of power.
11. Re: The US needs a serious spanking by Anonymous Coward · 2015-09-24 19:12 · Score: 3, Informative
  
  The US infrastructure is ageing.... badly.
  The US debt is increasing
  The US is no longer the worlds largest, that goes to China with India and Brazil rising
  The only things the US is No1 in is military spending and prison population.
  All other metrics the US barely makes it into the top 10, if ever.
  Education, Welfare, freedom of the press, Honesty, life expectancy, health, racial harmony, corruption.
12. Re:The US needs a serious spanking by bug1 · 2015-09-24 19:15 · Score: 4, Insightful
  
  The US needs to wake up to the fact that it doesn't set policy for the world,and that other jurisdictions have their own laws and regulations
  The US government happily violates its own constitution. Its expecting too much for any nation to have more respect for foreign laws than their own.
13. Re:The US needs a serious spanking by viperidaenz · 2015-09-24 19:37 · Score: 5, Insightful
  
  Isn't Facebook an Irish company?
14. Re:The US needs a serious spanking by Anonymous Coward · 2015-09-24 19:55 · Score: 3, Informative
  
  Actually, the end of the Cold War was expedited considerably because Bush Sr and James Baker promised Gorbachev they would not expand NATO eastward. "Not one inch" was the phrase at the time.
  Now NATO have added basically all of eastern Europe, and are trying to incorporate Ukraine.
  Doesn't make Putin a good guy, he patently is not. But without this context it is not actually possible to understand the situation.
  Consider how the US would react if Russia were spending billions toward unconstitutional regime change in Mexico with the aim of installing a virulently anti-american regime there? 'Cause that is pretty much what happened in Ukraine.
15. Re:The US needs a serious spanking by Carewolf · 2015-09-24 20:02 · Score: 2
  
  Isn't Facebook an Irish company?
  As much as Apple and Google are.
16. Re:The US needs a serious spanking by Schmorgluck · 2015-09-24 20:08 · Score: 2
  
  As employees who wish to retain our employment contracts, we have no opt-out option.
  Anonymous denunciation to the geographically relevant data protection agency. Opt-out is mandatory. Data may only be collected for a legitimate purpose that must be explicitly justified. Every database holding personal informations must be declared to the data protection agency so it can check for compliance.
  
  --
  There's nothing like $HOME
17. Re:The US needs a serious spanking by Anonymous Coward · 2015-09-24 20:10 · Score: 2, Insightful
  
  So the US never violates international treaties then? Do some research outside your local corporational propaganda channels and wake up..
18. Re:The US needs a serious spanking by Richard_at_work · 2015-09-24 20:11 · Score: 4, Insightful
  
  With all due respect, its not down to the US government to accept that US companies have to obey foreign laws - the conflict is something that solely needs to be handled by the companies in question, they have to decide how they can follow both sets of laws if required to.
  A US company operating in a foreign country doesn't suddenly fall outside US jurisdiction - if they do find themselves in conflict between the laws of the country they (or their owning umbrella company) are incorporated in and the laws of the country they are doing business in, then its up to the company to decide whether they can resolve that or leave one of the jurisdictions (stop doing business in that country or change the country of incorporation or ownership).
  The EU passing laws requiring foreign companies to solely follow EU jurisdiction doesn't solve anything - it doesn't stop the companies being in the jurisdiction of their home country, all it does is create further conflict.
  The only thing that can satisfy this situation are completely, entirely and utterly unconnected companies - Amazon SARL having no ownership or connection to Amazon.com Inc. If there is any ownership or similar connection between the two companies, its entirely legitimate for Amazon.com Inc's legal jurisdiction to cascade down the chain of ownership.
19. Re:The US needs a serious spanking by gl4ss · 2015-09-24 20:16 · Score: 4, Insightful
  
  if facebook had no european operations it would not be having any problems, as the data would already be in USA.
  but they're doing business and hosting in the EU, so there's that. nothing forcing them to try to prosecute in the usa.
  bottom line is that USA isn't complying.
  
  --
  world was created 5 seconds before this post as it is.
20. Re:The US needs a serious spanking by The+Grassy+Knoll · 2015-09-24 20:31 · Score: 3, Insightful
  
  companies like Facebook may have to choose between doing business in the US or in Europe.
  Win Win for Europeans!
  
  --
  They will never know the simple pleasure of a monkey knife fight
21. Re:The US needs a serious spanking by a_n_d_e_r_s · 2015-09-24 21:12 · Score: 2
  
  US courts forces US companies to non-comply with EU laws.
  EU Supreme Court dont like that and now forces the companies to follow the law.
  So this is EU Supreme Court appling tit for tat.
  
  --
  Just saying it like it are.
22. Re: The US needs a serious spanking by nospam007 · 2015-09-24 22:17 · Score: 4, Insightful
  
  "So what? We can still kill your economy and a sizeable part of your population without breaking a sweat. "
  Only if the Chinese loan you the money to do it.
23. Re:The US needs a serious spanking by NostalgiaForInfinity · 2015-09-24 22:42 · Score: 2
  
  I actually think EU citizens have a right to be angry that their data is being handed over to the US en masse. [...] Actually, what you're saying is false. The case stems from a complaint brought by an Austrian citizen against Facebook.
  You make it sound like Facebook forces does something with EU citizen data against their will. In fact, Schrems chooses to use Facebook and enter private data, knowing that it will end up on US servers, and that's the same with all other EU citizens whose data ends up on US servers: you do business with a US company (directly or indirectly) and your data ends up in the US.
  It works the same the other way around too: when I do business with European companies, my data ends up on European servers, with their shitty data protection against access by European governments. Of course, that's less of a problem because Europe has so few Internet companies worth doing business with.
  
  I despise mass surveillance like what's going on in the US.
  And how is that different from what is going on in Europe?
24. Re:The US needs a serious spanking by moronoxyd · 2015-09-25 01:04 · Score: 2
  
  I actually think EU citizens have a right to be angry that their data is being handed over to the US en masse. [...] Actually, what you're saying is false. The case stems from a complaint brought by an Austrian citizen against Facebook.
  You make it sound like Facebook forces does something with EU citizen data against their will. In fact, Schrems chooses to use Facebook and enter private data, knowing that it will end up on US servers, and that's the same with all other EU citizens whose data ends up on US servers: you do business with a US company (directly or indirectly) and your data ends up in the US.
  Except, not.
  I never used Facebook. Yet Facebook send me emails suggesting that I know this or that Facebook user (mostly they were correct about me knowing those people) and that I might want to join Facebook to stay in contact with them.
  Which means that Facebook has information about me (from acquaintances that uploaded their address book) and processed that information about me to get even more data about me, with me ever agreeing to anything. I never did business with Facebook, yet data about me is on their US servers.
Re:Weigh it up. by Anonymous Coward · 2015-09-24 16:47 · Score: 5, Insightful

Or
US corporation stay within the USA, missing out on doing business with 96% of the worlds population.
At one point the USA made up about 60% of the worlds GDP, that meant doing business with the US.
Now the US is about 1/3 of the worlds GDP, meaning more money can be made dealing with everyone else.
The US is no longer able to dictate to the world, and that scares US politicians shitless, they don't know how to behave when not in charge.
Re:Yeah! Only EU countries can spy on the EU! by EzInKy · 2015-09-24 17:05 · Score: 2

At least the EU gives lip service to protecting its citizens private information. Here in the good old USA the government makes no secret that it wants to become increasingly more both invasive and pervasive.

--
Time is what keeps everything from happening all at once.
Re:Weigh it up. by msobkow · 2015-09-24 17:06 · Score: 4, Insightful

This.
There is no "right" for US corporations to participate in foreign markets. If they don't want to abide by the terms of a foreign nation's laws, they're free not to do business there.
They are not free to impose US law on those nations.

--
I do not fail; I succeed at finding out what does not work.
Re:BS article summary by Schmorgluck · 2015-09-24 17:49 · Score: 4, Informative

Nope, it's absolutely necessary for US companies to either be certified under the International Safe Harbor Privacy Principles, or otherwise demonstrate to the EU that they abide by those principles, in order to be allowed to transfer personal data to the US. Any other scenario would be a violation of the Data Protection Directive, because the USA doesn't provide adequate level of protection, and never has.
The problem is that the certification process is easier, and totally unreliable, especially when it comes to big fishes. The FTC hasn't shown any willingness to make any effort to enforce it significantly (FTC: "Are you complying to the Safe Harbor Principles?" Big Data: "Yes we are." FTC: "Good. Here's your certification."), making it de facto a vast scam.

--
There's nothing like $HOME
Re:BS article summary by Kkloe · 2015-09-24 18:33 · Score: 2

Actually the companies dont need to show anything, a company can just transfer the data to the u.s if they want, if they are breeched or find that the data has been used to do some things that the treaty doesnt allow then the company might get shit for it, but thats about it and it is a big IF
Re:BS article summary by Schmorgluck · 2015-09-24 18:49 · Score: 4, Interesting

Nope, it's illegal. The USA don't have sufficient data protection laws, therefore the transfer of personal data from the EU to the USA is prohibited by default (article 57 of 95/46/EC), with some exceptions (article 58 of 95/46/EC), unless particular measures are taken (article 59 of 95/46/EC).

--
There's nothing like $HOME
Re:Dear Europe: by viperidaenz · 2015-09-24 19:44 · Score: 2

When who is as rich as who?
USA GDP: 16 trillion
EU GDP: 18 trillion
It's been obvious for a long time that by Maritz · 2015-09-24 20:14 · Score: 3, Informative

The US isn't a safe place to store anyone's personal data. Never has been. The subtext/attitude has always been 'anything you give us is ours to do with as we please'. The irony here sadly is that "EU" includes the UK (for the time being at least) and here the GHCQ do whatever they like. There is no meaningful oversight nor will there ever be.

--
I do not want your cheap brainburning drugs. They are useless for work. And I am a working man today.
1. Re:It's been obvious for a long time that by jaklode · 2015-09-24 20:53 · Score: 2
  
  As if any intelligence agency would not do the same. Where do people live, in fantasy wonderland?
Re:Weigh it up. by a_n_d_e_r_s · 2015-09-24 21:09 · Score: 3, Informative

Won't help. As long as they are US companies the US Courts think they can force them to divulge information stored in EU.
From an actual court case still active against Microsoft.

--
Just saying it like it are.
Pot, kettle, black by GuB-42 · 2015-09-25 02:52 · Score: 2

Your data is probably safer in the US than it is in the EU. European countries have spies too, you know...
At least, US citizens seem to make a big deal out of it and they are allowed to speak it out. In the EU, we don't need a Snowden to know that the government spies on us, yet, few people seem to care, of their control of the press is much more effective than in the US.