I'm still missing how this could be enforced ? To my layman understanding, this reads the same as if China said : "Meta, Tesla, Valve etc has entities in China therefore we get to see all data they store in the EU and the US.
The UK has Zero jurisdiction in Ireland for example where a lot of EU data may be stored.
The insane overreach was the UK wanting data on people not in the UK
Our noble "we can't have American data in the hands of our enemies," their savage "forcing American companies to turn over user data."
As a child of Portuguese revolution, I am aware of plenty of stories, apparently many folks nowadays think those are stories to scare misbehaved kids.
Those who are charged with stopping cyber crime are very must against this. End to End encryption is one of the better protections they can give you against foreign hackers and they want you to use it.
Meanwhile down the hall are people who are charged with investigating crimes someone in the country commits and they are want this. It is a lot easier to prove someone is involved in some crime if a warrant can get their data, but end to end encryption means they can only get random bytes. (of course they don't want warrants either, but that is a different issue not relevant here so they will specify warrants in this debate)
Note that this is not China apologia: they do the same brazen shit locally, but they're an authoritarian regime. I have lower expectations for human rights there.
George C. Parker was a conman in NYC who multiples times sold the ownership of the Brooklyn Bridge to his victims. Among other cons.
The only way to prevent that is not having any local office, no employees, nothing. Sell physical objects only by the means of local 3rd party resellers which will import goods. Same thing for services. Of course they can ban imports and services or go after those 3rd parties. It depends how nasty they want to be.
By banning Apple from doing business in the UK.
The US used a similar strategy decades ago to break Swiss Bank Secrecy laws (either Swiss banks had to give up the info or they were going to be kicked out of the US).
As someone else here said, Apple would 100% call this bluff. And you can be certain the UK won't have the US to put pressure on Apple for them. All the would happen is the UK Apple users would be with an expensive paperweight.
All evidence that I have seen suggests that consumers by and large do not care about this kind of privacy. They do not buy iPhones instead of other phones due to the privacy properties.
Therefore Apple's shareholders could order Apple to stay in the UK market.
And if not, then Apple's customers could be compensated with money and other UK-held assets that the government could confiscate.
To use poker terminology: I think that if the UK made this bet that Apple would call.
https://www.irishtimes.com/business/technology/uk-spy-base-g...
This is not just a case of the British intelligence services secretly “tapping into” Irish telephonic and internet traffic via land and maritime cables. Rather in most cases they are being provided free (or commercial) access to the information by companies associated with the use, ownership or maintenance of these cables.
Post-Snowden the Irish government retroactively legalised it...
Basically by saying that if they don't comply, they can't do business in the UK.
So it's still a problem. This seems like a looming PR battle.
Imagine Russian Oligarchs on android devices! Polonium will roll, I tell you!
https://en.wikipedia.org/wiki/CLOUD_Act
Note that it the bar is having the ability to access the server, so this law is completely incompatible with most GPDR solutions: It's illegal to store European user data and then refuse to hand it over to US law enforcement, regardless of whether the data is stored in Europe or the request breaks European law.
By the way, this is similar to why for true GDPR compliance, data centers should be operated by EU companies that aren't subsidiaries of US companies, because even if the latter operate data centers located in the EU, they would still be bound to secret orders by the US government.
Not so much because British people love their iPhones to such a extreme degree but because they willing to waste money and resources over something this stupid.
IMHO Apple could bring down the government that tried this if they really wanted to.
This is interesting, I know GDPR does not mandate data localization but I was under the impression that the requirements are a bit more difficult/stringent for transferring data out of the EU region ? While not perfect, it's a bit less 'open door' than it would be if it was hosted in the US.
The US has a law saying "If our spies tell American sysadmins to SSH into a server in the EU and copy data off it, they must do it and they must keep it secret"
