Deal allowing tech companies to transfer data between US and EU is invalid (opens in new tab)

(arstechnica.com)

49 pointsAtlas10y ago14 comments

14 comments

Data Sovereignty is being negotiated in TTIP and TISA treaties, http://www.euractiv.com/sections/infosociety/dont-forget-big...

"It is crystal clear what corporations want in the Transatlantic trade agreement (TTIP) and the other treaties being negotiated: a commitment to allow cross border data flows and data-processing across all services sectors, including financial services, without any limitations. They consider requirements to use local network infrastructure or local servers as discriminatory, with potentially adverse effects on trade."

From 2014, http://www.zdnet.com/article/wikileaks-leak-shows-data-sover...

"50 countries including Australia and the US may be signing away rights to ensure sensitive customer data remains in its country of origin."

fredkbloggs10y ago

But it seems that such a treaty would fall afoul of EU law, no? That's the basis of this position if it were to become a final ruling. The AG's position here is that data privacy is a fundamental right that cannot be negotiated away by the EU or its member states. Am I misunderstanding?

spiralpolitik10y ago

Yes, assuming the country was a signatory to the European Convention on Human Rights which all member states are required to be. In particular "Everyone has the right to respect for his private and family life, his home and his correspondence" with Rotaru v. Romania (2000) being the appropriate case law.

https://en.wikipedia.org/wiki/Article_8_of_the_European_Conv...

buffoon10y ago

This is a major thing for us. We've got half a ton of stuff on AWS which is being moved back to physical kit at the moment. Turns out the cloud is a geopolitical risk and being in finance in Europe, our data protection regulations and compliance obligations are pretty heavy.

Incidentally it's working out much cheaper, simpler with less API lock in than AWS was as our workloads are fairly predictable and we make a lot of money off it.

ClintEhrlich10y ago

This is an interesting legal issue, but I doubt it will have any practical effect on the NSA's future access to data.

As long as the NSA is collaborating with GCHQ, it doesn't need to transfer anything outside of the EU. If anything, the intercepts provided by the UK government are subject to fewer safeguards than those gathered in domestic surveillance programs.

crivabene10y ago

The title of the article does not represent correctly the size of the issue. It's not just tech companies, it's every company leveraging Safe Harbor agreement, which potentially covers almost every US-based company with EU subsidiaries.

bluejekyll10y ago

The thing that concerns me is the possible implications this may have on the ability of US based companies to operate saas services for customers in Europe. Following this to its logical conclusion, it could create two seperate internets, where one services the US and the other Europe stifling innovation and limiting adoption of new technologies.

We already have to deal with the walled garden of China, are we seeing the beginnings of something similar with Europe?

TazeTSchnitzel10y ago

"Stifling innovation"? I doubt this is the case. It is actually possible to run data centres in multiple countries, in fact.

Privacy is more important, anyway.

bluejekyll10y ago

For any company, putting feet on the ground in multiple countries is cost prohibitive. So are you implying that running data centers in multiple countries is somehow cheap? Obviously using public cloud infrastructure is the only option for small companies, but it still means operating more assets than otherwise necessary.

I'm not debating privacy btw, just the concern over operational cost. There are other ways to secure data that are far better than simple data residency laws.

1 more reply

dingaling10y ago

There is already a "soft firewall" in the opposite direction because US companies are often reluctant to use European data centers.

Where I worked previously we included the geographic questions at the start of our standard RFI document. In asset least one case we had to drop the technically-best SaaS product because they only had data centers in France.

Even using Canadian or Australian data centers was often problematic. For employee data we could require that individual to provide consent for cross-border transfer as part of their contract but that wasn't possible for customers.

darkr10y ago

> The Advocate General Bot agreed with Schrems that the EU-US Safe Harbour system did not meet the requirements of the Data Protection Directive

Wonder if she's based on Hubot, or something else entirely.

4jandals10y ago

j / k navigate · click thread line to collapse

14 comments

walterbell10y ago

Data Sovereignty is being negotiated in TTIP and TISA treaties, http://www.euractiv.com/sections/infosociety/dont-forget-big...

From 2014, http://www.zdnet.com/article/wikileaks-leak-shows-data-sover...

"50 countries including Australia and the US may be signing away rights to ensure sensitive customer data remains in its country of origin."

fredkbloggs10y ago

spiralpolitik10y ago

https://en.wikipedia.org/wiki/Article_8_of_the_European_Conv...

buffoon10y ago

Incidentally it's working out much cheaper, simpler with less API lock in than AWS was as our workloads are fairly predictable and we make a lot of money off it.

ClintEhrlich10y ago

This is an interesting legal issue, but I doubt it will have any practical effect on the NSA's future access to data.

crivabene10y ago

bluejekyll10y ago

We already have to deal with the walled garden of China, are we seeing the beginnings of something similar with Europe?

TazeTSchnitzel10y ago

"Stifling innovation"? I doubt this is the case. It is actually possible to run data centres in multiple countries, in fact.

Privacy is more important, anyway.

bluejekyll10y ago

I'm not debating privacy btw, just the concern over operational cost. There are other ways to secure data that are far better than simple data residency laws.

1 more reply

dingaling10y ago

There is already a "soft firewall" in the opposite direction because US companies are often reluctant to use European data centers.

darkr10y ago

> The Advocate General Bot agreed with Schrems that the EU-US Safe Harbour system did not meet the requirements of the Data Protection Directive

Wonder if she's based on Hubot, or something else entirely.

4jandals10y ago

j / k navigate · click thread line to collapse