undefined | Better HN

0 pointskarambahh13y ago0 comments

Saying it is indeed possible is akin to say that "tax evasion is possible".... possible yes, legal, I don't think so

My understanding of my (EU) country law is that you cannot send data outside the EU to have it processed if the data is deemed "sensitive". Even if you are allowed to export it, you have to guarantee that data won't sold once it has left EU.

0 comments

4 comments · 1 top-level

belorn13y ago· 3 in thread

For patient data, there are some exceptional laws in some countries. While I hope it does become EU law someday, we are not there yet. I have never heard of any laws that allow one to export data but then to give some guarantee that the data won't be sold. Source?

But for the general case (ie a normal business venture), people are already using services that will exploit/refine any personal data being sent there. Gmail is one, but Facebook is a better example. Facebook will use the data even if it about someone who aren't a Facebook user. Cloud services could be doing things, but I am not sure its true in practice yet. Mobile apps are already getting and selling data, and has a long history of doing exactly that.

Webshops that use paypal are sending their customer data to paypal. If one read their privacy policy, one can see that they use the data to: a) compare information and verify it with third parties. b) Send to companies that perform marketing and "other services" for paypal. c) Send aggregated statistical data to their business partners. d) send any data to eBay Inc. corporate family—like eBay, Skype or Shopping.com (https://cms.paypal.com/au/cgi-bin/marketingweb?cmd=_render-c...)

jrabone13y ago

That PayPal data almost certainly also goes directly to Palantir (another Peter Thiel company), to be added to the vast corpus of information they (and by association the three letter agencies & DoD contractors) hold on you. Palantir arose from the anti-fraud work that PayPal was having to do 10 years ago and is now supposed to be a big deal in data mining for govt, defence etc. Want to bet that they have quite a few "exceptional laws" on their side?

karambahhOP13y ago

Except that Gmail and Facebook are US companies. I tend to think that using a belgian/czech/italian (you get the idea) website, my data couldn't be easily exported/sold outside the EU.

I am currently building a data crunching company in the EU. I chose, both from a legal and marketing standpoint, not to export any of my (customers') data outside of EU. In fact, I chose not to export any data outside of my country's borders.

It simplifies (a bit) my legal paperwork, but it also serves as a marketing claim along the tune of "we are doing no evil with your data, and not putting them into the hands of anyone else".

thisone13y ago

I'd bring up the Safe Harbor[1] framework

Though, the last time I read a report on the audit of Safe Harbor[2] and US companies that say they abide by it, I decided not to recommend trusting our data to US companies.

1: http://export.gov/safeharbor/

2: http://www.galexia.com/public/research/assets/safe_harbor_fa...

j / k navigate · click thread line to collapse