
Deal allowing tech companies to transfer data between US and EU is invalid - Atlas
http://arstechnica.com/tech-policy/2015/09/eu-us-data-flows-using-safe-harbour-may-be-illegal-because-of-nsa-spying/
======
walterbell
Data Sovereignty is being negotiated in TTIP and TISA treaties,
[http://www.euractiv.com/sections/infosociety/dont-forget-
big...](http://www.euractiv.com/sections/infosociety/dont-forget-big-data-
ttip-and-tisa-314487)

 _" It is crystal clear what corporations want in the Transatlantic trade
agreement (TTIP) and the other treaties being negotiated: a commitment to
allow cross border data flows and data-processing across all services sectors,
including financial services, without any limitations. They consider
requirements to use local network infrastructure or local servers as
discriminatory, with potentially adverse effects on trade."_

From 2014, [http://www.zdnet.com/article/wikileaks-leak-shows-data-
sover...](http://www.zdnet.com/article/wikileaks-leak-shows-data-sovereignty-
threat/)

 _" 50 countries including Australia and the US may be signing away rights to
ensure sensitive customer data remains in its country of origin."_

~~~
fredkbloggs
But it seems that such a treaty would fall afoul of EU law, no? That's the
basis of this position if it were to become a final ruling. The AG's position
here is that data privacy is a fundamental right that cannot be negotiated
away by the EU or its member states. Am I misunderstanding?

~~~
spiralpolitik
Yes, assuming the country was a signatory to the European Convention on Human
Rights which all member states are required to be. In particular "Everyone has
the right to respect for his private and family life, his home and his
correspondence" with Rotaru v. Romania (2000) being the appropriate case law.

[https://en.wikipedia.org/wiki/Article_8_of_the_European_Conv...](https://en.wikipedia.org/wiki/Article_8_of_the_European_Convention_on_Human_Rights)

------
buffoon
This is a major thing for us. We've got half a ton of stuff on AWS which is
being moved back to physical kit at the moment. Turns out the cloud is a
geopolitical risk and being in finance in Europe, our data protection
regulations and compliance obligations are pretty heavy.

Incidentally it's working out much cheaper, simpler with less API lock in than
AWS was as our workloads are fairly predictable and we make a lot of money off
it.

------
ClintEhrlich
This is an interesting legal issue, but I doubt it will have any practical
effect on the NSA's future access to data.

As long as the NSA is collaborating with GCHQ, it doesn't need to transfer
anything outside of the EU. If anything, the intercepts provided by the UK
government are subject to fewer safeguards than those gathered in domestic
surveillance programs.

------
crivabene
The title of the article does not represent correctly the size of the issue.
It's not just tech companies, it's every company leveraging Safe Harbor
agreement, which potentially covers almost every US-based company with EU
subsidiaries.

------
bluejekyll
The thing that concerns me is the possible implications this may have on the
ability of US based companies to operate saas services for customers in
Europe. Following this to its logical conclusion, it could create two seperate
internets, where one services the US and the other Europe stifling innovation
and limiting adoption of new technologies.

We already have to deal with the walled garden of China, are we seeing the
beginnings of something similar with Europe?

~~~
TazeTSchnitzel
"Stifling innovation"? I doubt this is the case. It is actually possible to
run data centres in multiple countries, in fact.

Privacy is more important, anyway.

~~~
bluejekyll
For any company, putting feet on the ground in multiple countries is cost
prohibitive. So are you implying that running data centers in multiple
countries is somehow cheap? Obviously using public cloud infrastructure is the
only option for small companies, but it still means operating more assets than
otherwise necessary.

I'm not debating privacy btw, just the concern over operational cost. There
are other ways to secure data that are far better than simple data residency
laws.

~~~
TazeTSchnitzel
Companies have multiple datacentres anyway to avoid latency

~~~
bluejekyll
But not in every country... To reduce latency, it's much cheaper to reach
customers in that last mile with CDNs, not replicating your entire
infrastructure and all of you data stores.

------
darkr
> The Advocate General Bot agreed with Schrems that the EU-US Safe Harbour
> system did not meet the requirements of the Data Protection Directive

Wonder if she's based on Hubot, or something else entirely.

