"Google and YouTube have not been included in this first round of evf complaints being as they have a different corporate structure that does not include European subsidiaries. However it notes they do have datacenters in European countries, which will give evf a route to filing Prism-related data protection complaints against both at a later date."
Forcing these companies to give data has weakened their competitiveness globally.
A likely scenario is something which indemnifies them against any losses incurred as a result of foreign suits related to privacy breaches, so long as they're in accordance with US law.
But that would only work in USA. What if a court in Germany fines Google Germany Ltd €1,000,000, and €100,000 per day until they stop sharing data with the US Gov? Will the US government give Google €1,000,000 to pay off the fine? What if the court in Germany confiscates the Google Germany Ltd's property? Will the US Gov reimbuse Google? What if a court in Germany forces all German ISPs to block Google? Will the US Gov reimburse Google?
Remember this companies (Google/Apple/Microsoft/Facebook/etc.) have local companies, local offices, local property and local employees. They can ignore local law only if they leave the country.
Under that arrangement, the EU subsidiaries of US tech companies would not ordinarily be subject to US laws requiring them to hand over data to the NSA, so those subsidiaries could comply with EU privacy laws with no problem; at the same time, EU law would not reach the US parent companies, so they could give all the data to the NSA that they must in compliance with US law.
But because the Obama administration recently expanded the United States' already broad (by international standards) claims of extraterritorial jurisdiction in another matter,† it now looks like the United States might indeed claim the legal power to compel foreign subsidiaries of U.S. tech companies to hand over data they control to the NSA. In that case, those foreign subsidiaries would find themselves in an impossible situation, one in which they would be operating illegally under either EU or US law no matter what they do.
† — See my comment above, at the same level as this one's parent.
You already see this happening with with datacenter locations...
There are already restrictions on exporting personal data outside the EU. This is under the various data protection laws.
I guess the exceptions will be tightened up now, especially if EU consumers press for it.
Under the Helms-Burton Act , the United States expanded its embargo on trade with Cuba to authorize sanctions against foreign firms that trade with Cuba. Mexico and the European Union responded  by forbidding their companies from complying with the U.S. law. This left those firms in the impossible situation of violating either U.S. or domestic law no matter what they did. After abortive attempts to negotiate a solution, nothing was done to resolve the situation, so Mexican and E.U. firms that trade with Cuba are still in a tricky situation.
As another example, the Office of Foreign Assets Control, a bureau of the Treasury Department tasked with enforcing U.S. embargoes, for decades operated under the interpretation that foreign subsidiaries of U.S. corporations were not subject to limits on trade under U.S. sanctions laws so long as no U.S. persons were involved in conducting the banned trade.† But this past February, to strengthen U.S. sanctions against Iran, President Obama issued an executive order  that for the first time extended the U.S. government's claimed legal jurisdiction to encompass the actions of foreign subsidiaries of U.S. corporations:
All property and interests in property that are in the
United States, that hereafter come within the United States,
or that are or hereafter come within the possession or
control of any United States person, INCLUDING ANY FOREIGN
BRANCH, of the following persons are blocked and may not be
transferred, paid, exported, withdrawn, or otherwise dealt
in ... [my emphasis]
But now, it seems, that may be out the window. It may well be that the U.S. government claims jurisdiction over data held by foreign subsidiaries of U.S. tech companies, in which case those companies will truly be between a rock and a hard place. Unlike the situation with Helms-Burton, however, things will surely come to a head; these major corporations have extensive operations both in the United States and in the E.U., where domestic privacy laws would outlaw compliance with U.S. laws requiring that they turn over data to the NSA.
So this should be fun. ...
† — In this matter and others, the U.S. government claims jurisdiction over U.S. persons—citizens, greencard-holders, and companies incorporated in the United States—no matter where they are in the world.
2. http://www.treasury.gov/resource-center/sanctions/Programs/D... [PDF]
Can confirm that while working on the EU rollout for Office 365 a few years ago, this was certainly the case. EU customer data had to stay in Ireland, and there were even rules/debates about how much of the 'metadata' (i.e. to answer "does this user exist?") that could come back to the US.
At the time the reasoning was for EU Privacy Directive and not explicitly based on US law or precedents, but I bet a few realized the alignment and ensured the engineers stayed on this path.
Instead, they're in that awful predicament where the senators they pay are screwing them, but the government as a representation of the people doesn't care.
> The group’s complaint draws on the precedent set in 2006, which found that a mass transfer of data to the US authorities was illegal under EU law... The Swift case was closed when the company moved its data centre from Belgium to Switzerland.
(b) Facebook Ireland Ltd (an Irish company) was targetted, not because it's "where the money is", but because if you sign up to Facebook and you're not in the USA or Canada, then you have a legal relationship with Facebook Ireland Ltd, and fall under Irish data protection law.
(cf. section 19 of https://www.facebook.com/legal/terms )
>if you sign up to Facebook and you're not in the USA or Canada, then you have a legal relationship with Facebook Ireland Ltd, and fall under Irish data protection law.
Facebook can choose to change this, but they won't because they benefit from the double Irish; because that's "where the money is."
Disclaimer: I'm very much against any invasion of privacy, and am only being facetious to point out the obvious, which is that people should stand up for their rights when it becomes obvious, not just when it becomes sensational news
The 4 million+ cameras in the UK statistic which has been floating around for about 10 years now was extrapolated from two streets in Wandsworth and was only ever really media bait. If you believed all these statistics the number of cameras in the UK would have dropped by more than half (over the past 10 years), since the last large scale estimate was under 2 million.
The UK government doesn't employ vast numbers of people to watch the live output of the minority of CCTV cameras they do own. The state owned CCTV is almost never used in a proactive sense. You can probably safely commit most crimes in full view of a CCTV camera in the UK. If someone reports you or you leave obvious evidence of the crime the CCTV tapes will be reviewed.
There is a massive difference between the man power requirements of analysing video footage compared to analysis of text.
But somehow if it's online, done by robots (no less creepy), and at the direction of the government, such laws don't apply.
Stalking laws vary state-to-state, but you generally have to prove it is specifically "for the purpose of harassing and intimidating".
See also: paparazzi
See also: http://www.victimsofcrime.org/our-programs/stalking-resource...
Ah, I forgot that we are taking US data protection laws into account when an Austrian group files a complaint against an Irish subsidiary.
E.g. in Germany it is forbidden to take photos in public where people who did not agree to it are the main subject – you can still photograph buildings, scenes etc., just not individual people.
And a maaku on HN could easily be this maaku on github from California: https://github.com/maaku
And the 'online robots' and 'direction of the government' almost certainly refer to the recent NSA case, which is an American issue.
So, yes, the US data protection laws do seem relevant to the conversation.
Just look at all the photos you have taken, how many strangers are in them?
I invite you to actively start photographing or videotaping some strangers if you think such behavior is entirely within people's expectations.
Some of them he is clearly in a school or something, which may not be public. In others he is outside.
I believe this is how you expected people to react?
Edit: found it.
I can sue you for using my likeness depending on how you utilize your footage.
You certainly don't have carte blanche to use images of me you took in public.
But even if you publish it (in Facebook for example) you are protected by some "fair game" clauses, just as you have the right to request that particular photo to be taken down. Either way nothing is absolute and as you said, it gets murky pretty fast.
To me it is not obvious that "my rights" have been affected by the monitoring of public spaces.