EU May Forbid the Transfer of Personal Data To the US

← Back to Stories (view on slashdot.org)

EU May Forbid the Transfer of Personal Data To the US

Posted by samzenpus on Thursday September 24, 2015 @04:27PM from the no-data-for-you dept.

An anonymous reader writes: As the Snowden revelations have shown, personal data stored in the United States of America is not protected from the US government, be it through warrantless eavesdropping or national security letters. In light of this, the general attorney for the Court of Justice of the European Union has just issued an opinion requiring the US to be removed from the list of "safe harbors", where the transfer of personal data of European citizens is permitted. If the court follows his opinion, the change will have deep impact in the operations of large transnational Internet companies, between a US government that wants to keep on spying, and European authorities that will punish them if they let it happen.

14 of 202 comments (clear)

Min score:

Reason:

Sort:

The US needs a serious spanking by msobkow · 2015-09-24 16:29 · Score: 5, Insightful

The US needs to wake up to the fact that it doesn't set policy for the world, and that other jurisdictions have their own laws and regulations that US companies have to abide by if they want to do business there.
Enough with jackboot "treaties" that the US doesn't even try to abide by after signing them. :(

--
I do not fail; I succeed at finding out what does not work.
1. Re:The US needs a serious spanking by msobkow · 2015-09-24 17:04 · Score: 5, Insightful
  
  No one is making claims under the agreement. What they are saying is that the US does not abide by the terms of the agreement, so the agreement should be nullified.
  This isn't a decision being made by courts; it's a decision being made by the government. Totally different ballgame.
  The US does not get to dictate law to foreign nations, no matter how much they'd like to.
  
  --
  I do not fail; I succeed at finding out what does not work.
2. Re:The US needs a serious spanking by Lonewolf666 · 2015-09-24 17:45 · Score: 5, Informative
  
  The EU is trying to dictate the law to companies that are doing business in Europe, not against the US government or congress. Which every country does on its territory. Note that the case is against Facebook, not the US government.
  Some of these companies happen to be US companies. Who may be in a bind soon, as the European Court of Justice is likely to invalidate the Safe Harbor Agreement, as it usually follows the advice of its general attorney. If that happens, said US companies are no longer allowed to store data of EU citizens outside the EU, but at the same time they may be told by the US via national security letter to hand over those data.
  If both the US and the EU stay adamant, companies like Facebook may have to choose between doing business in the US or in Europe.
  
  --
  C - the footgun of programming languages
3. Re: The US needs a serious spanking by Anonymous Coward · 2015-09-24 17:55 · Score: 4, Insightful
  
  What handouts? Maybe you should feed your own starving citizens before even dreaming about some handouts? US "handouts" always come with strings attached, nobody in their right mind should touch them. If you want to build your country in the image of 1984 please do, but don't be surprised when the rest of thwe world refuses to use it as a manual on society building.
4. Re:The US needs a serious spanking by Sique · 2015-09-24 18:56 · Score: 4, Interesting
  
  Actually, what you're saying is false. The case stems from a complaint brought by an Austrian citizen against Facebook. That constitutes bringing a claim against a US organization. The Irish Data Protection Commissioner ruled against the claim, so it was appealed to the European Court of Justice.
  That might be the origin, but that's not the question the Attorney General issued an opinion about. The Irish High Court refused to hear a claim about Facebook's transfer of data and referred to the Safe Harbour treaty, and thus there was the question to the European High Court if the Irish High Court has to consider if the actual conditions of the Safe Harbour provisions were met. And now the Attorney General opinionated that the U.S. does not met the the regulations for the Safe Harbour treaty because European citizens have no legal recourse against the wholesale spying performed by the NSA and other organisations in the U.S.. The NSA spying was called unspecific and without clear goal and thus in violation of the privacy rights of European citizens. This is the first time that an European institution actually took the Snowden allegations as fact (until now most courts opinionated that the allegations have not been proven yet), and thus issued a statement that the U.S. is not adhering to the provisions and thus the European Commission can't declare the U.S. a safe harbour, thus all treaties with the U.S. about data protections are void.
  
  --
  .sig: Sique *sigh*
5. Re:The US needs a serious spanking by bug1 · 2015-09-24 19:15 · Score: 4, Insightful
  
  The US needs to wake up to the fact that it doesn't set policy for the world,and that other jurisdictions have their own laws and regulations
  The US government happily violates its own constitution. Its expecting too much for any nation to have more respect for foreign laws than their own.
6. Re:The US needs a serious spanking by viperidaenz · 2015-09-24 19:37 · Score: 5, Insightful
  
  Isn't Facebook an Irish company?
7. Re:The US needs a serious spanking by Richard_at_work · 2015-09-24 20:11 · Score: 4, Insightful
  
  With all due respect, its not down to the US government to accept that US companies have to obey foreign laws - the conflict is something that solely needs to be handled by the companies in question, they have to decide how they can follow both sets of laws if required to.
  A US company operating in a foreign country doesn't suddenly fall outside US jurisdiction - if they do find themselves in conflict between the laws of the country they (or their owning umbrella company) are incorporated in and the laws of the country they are doing business in, then its up to the company to decide whether they can resolve that or leave one of the jurisdictions (stop doing business in that country or change the country of incorporation or ownership).
  The EU passing laws requiring foreign companies to solely follow EU jurisdiction doesn't solve anything - it doesn't stop the companies being in the jurisdiction of their home country, all it does is create further conflict.
  The only thing that can satisfy this situation are completely, entirely and utterly unconnected companies - Amazon SARL having no ownership or connection to Amazon.com Inc. If there is any ownership or similar connection between the two companies, its entirely legitimate for Amazon.com Inc's legal jurisdiction to cascade down the chain of ownership.
8. Re:The US needs a serious spanking by gl4ss · 2015-09-24 20:16 · Score: 4, Insightful
  
  if facebook had no european operations it would not be having any problems, as the data would already be in USA.
  but they're doing business and hosting in the EU, so there's that. nothing forcing them to try to prosecute in the usa.
  bottom line is that USA isn't complying.
  
  --
  world was created 5 seconds before this post as it is.
9. Re: The US needs a serious spanking by nospam007 · 2015-09-24 22:17 · Score: 4, Insightful
  
  "So what? We can still kill your economy and a sizeable part of your population without breaking a sweat. "
  Only if the Chinese loan you the money to do it.
Re:Weigh it up. by Anonymous Coward · 2015-09-24 16:47 · Score: 5, Insightful

Or
US corporation stay within the USA, missing out on doing business with 96% of the worlds population.
At one point the USA made up about 60% of the worlds GDP, that meant doing business with the US.
Now the US is about 1/3 of the worlds GDP, meaning more money can be made dealing with everyone else.
The US is no longer able to dictate to the world, and that scares US politicians shitless, they don't know how to behave when not in charge.
Re:Weigh it up. by msobkow · 2015-09-24 17:06 · Score: 4, Insightful

This.
There is no "right" for US corporations to participate in foreign markets. If they don't want to abide by the terms of a foreign nation's laws, they're free not to do business there.
They are not free to impose US law on those nations.

--
I do not fail; I succeed at finding out what does not work.
Re:BS article summary by Schmorgluck · 2015-09-24 17:49 · Score: 4, Informative

Nope, it's absolutely necessary for US companies to either be certified under the International Safe Harbor Privacy Principles, or otherwise demonstrate to the EU that they abide by those principles, in order to be allowed to transfer personal data to the US. Any other scenario would be a violation of the Data Protection Directive, because the USA doesn't provide adequate level of protection, and never has.
The problem is that the certification process is easier, and totally unreliable, especially when it comes to big fishes. The FTC hasn't shown any willingness to make any effort to enforce it significantly (FTC: "Are you complying to the Safe Harbor Principles?" Big Data: "Yes we are." FTC: "Good. Here's your certification."), making it de facto a vast scam.

--
There's nothing like $HOME
Re:BS article summary by Schmorgluck · 2015-09-24 18:49 · Score: 4, Interesting

Nope, it's illegal. The USA don't have sufficient data protection laws, therefore the transfer of personal data from the EU to the USA is prohibited by default (article 57 of 95/46/EC), with some exceptions (article 58 of 95/46/EC), unless particular measures are taken (article 59 of 95/46/EC).

--
There's nothing like $HOME