undefined | Better HN

0 pointsestefan10y ago0 comments

I think the parent is getting at if you're in the EU and your data cannot be transferred to the US, and a friend in the US has data that cannot be transferred to the EU (if they were to follow suit) you wouldn't be able to create a list of friends in both localities because of the restriction to send data around, without incurring intercontinental latencies. Obviously the list itself could reside in either location, but the service provider would need to perform an intercontinental join each time you wanted to view the names of friends in your list.

0 comments

5 comments · 1 top-level

weddpros10y ago· 4 in thread

Thank you! You got my point.

simonh10y ago

But user names in e.g. Facebook aren't private information, they are explicitly public. As are messages you publish to people. That's just not an issue. The issue concerns private information associated with your account that you have not chosen to share such as your personal phone number, physical address, date of birth, etc. Of course if you send that information around in public messages that's your problem, but if you keep it in your account, then the company, such as Facebook, transferring that account information to the US it is a problem.

DanBC10y ago

My name is private data and should be treated as such. Companies need to have my permission to gather my name, and they need to tell me what they use it for and how long they store it, they should not gather it if they don't need it, they should store it securely, they should not share it with other people without getting my explicit opt-in.

That doesn't make it impossible for Facebook to do business. It just means Facebook needs to be more careful with what they gather and store.

1 more reply

estefanOP10y ago

Where it gets really tricky is caching. Say you do your intercontinental join but then want to cache HTML fragments for performance, well, is that classed as "transferring data" because technically it is...

buro910y ago

I think it will be reasonably argued that data in this context is the master record. The source of truth to which queries are sent.

A cache is not that, and you need only look at something like the EU e-commerce directive to find exceptions for caches and networks on the basis of being a "mere conduit" for the communication.

It is not as if the data is now toxic and cannot be cached or communicated outside of the EU, only that the data must be stored in the EU and should not be replicated to any database or storage outside of the EU that would prevent EU privacy law taking effect. That's important as EU privacy law already has enough exceptions to allow reasonable scenarios like caching to function.

And if you are going to say "well I could just query my cache", then I'd suggest that if your cache is able to do much more than a single key|value lookup to retrieve the cached item then it is in fact a database you'd lose the protections of being a cache and you're back in the world of not storing EU data outside of the EU.

1 more reply

j / k navigate · click thread line to collapse

0 comments

5 comments · 1 top-level

weddpros10y ago· 4 in thread

Thank you! You got my point.

simonh10y ago

DanBC10y ago

That doesn't make it impossible for Facebook to do business. It just means Facebook needs to be more careful with what they gather and store.

1 more reply

estefanOP10y ago

buro910y ago

I think it will be reasonably argued that data in this context is the master record. The source of truth to which queries are sent.

A cache is not that, and you need only look at something like the EU e-commerce directive to find exceptions for caches and networks on the basis of being a "mere conduit" for the communication.

1 more reply

j / k navigate · click thread line to collapse