back to article All of Europe's data in US servers? We're OK with that - EC bod

A European Commission director has said that it shouldn’t really matter where Europe’s data is stored, as long as it’s secure and protected. Megan Richards, acting deputy director general of Information Society and Media and also part of the Converged Networks and Services directorate, said it wouldn't necessarily be a problem …


This topic is closed for new posts.
  1. JimmyPage Silver badge

    Once again, how does this square with the PATRIOT Act ?

    Which requires US companies to surrender data to the US government wherever it's housed in the world, and which can require a US company to shut a data centre down with no notice.

    Or did I miss something ?

    1. Mike Smith

      Re: Once again, how does this square with the PATRIOT Act ?

      No, I don't think you missed anything. Ms Richards certainly did, though.

      “The legislation in the US is not so different from the legislation we have in the EU,” she says. Well, that depends on whether you're from The Land Of The Free (TM) or one of the 6.5 billion great unwashed from other parts of the globe. Poor lass obviously hasn't heard of Megaupload - or worse still, she has but she believes it's some sort of Pirate Bay extension.

      As one of those great unwashed, I wouldn't entrust anything critical to a US-based company. Not because there's anything intrinsically wrong with them, but because the last time I looked, Brussels hadn't have quite the degree of God disease that Washington suffers from.

      1. Anonymous Coward
        Anonymous Coward

        Re: Once again, how does this square with the PATRIOT Act ?

        this <blank piece of doctor-who psychic-paper> is a USAPATRIOT 2001 Section 505 National Security Letter and I hereby claim 'all your cloudz dataz belong to us'




        psst: you saw nothing, have heard nothing and know nothing, or else

        references: [Russell TD] , [Warrant Canary] , [RTÉ]

        check out the warrant canary at least!

        1. Andus McCoatover

          Warrant Canary...!!!!!????

          Jeez, now companies are actively to follow the American Way*. Perjure yourselves or be prosecuted for not doing so!!!

          *Lie and Deny.

      2. Anonymous Dutch Coward

        Re: Once again, how does this square with the PATRIOT Act ?

        As far as "The legislation in the US is not so different from the legislation we have in the EU" is concerned: "not so different" is the difference between exactly the same and hordes of the paper toting law quoting undead... ehm lawyers looking at full employment for years.

        If the law is "not so different", why not just copy and paste US law then, Ms Richards?

        <deleting rant about violating your own citizens' rights under dubious excuses like terrorism etc as I don't want to get my blood pressure up too high>


      3. Field Marshal Von Krakenfart

        Re: Once again, how does this square with the PATRIOT Act ?

        @Mike Smith

        No No No Mike, you are wrong, Ms Richards has missed nothing.

        “Theoretically, it shouldn’t matter where data is held as long as our rules apply,” Richards told The Reg at the Cloud Computing World Forum in London. “The legislation in the US is not so different from the legislation we have in the EU.”

        All praise to the Sir Humphrey's and George Orwell and the Ministry of Truth"

        This is bureaucrat bullshit of the highest order, the logic is perfect, its the facts that are wrong! Look at the first word, Theoretically, it shouldn’t matter where data is held, this statement is correct, it shouldn’t matter where your data is held, practically though, it does matter where your data is held (see next point).

        "The legislation in the US is not so different from the legislation we have in the EU.”

        I forget what this logical fallacy is called (false analogy? ). The phrase "not so different" is meant to convey the notion that the data protection laws are nearly the same when they are not.

        Ms Richards has missed nothing, she's just hoping that you did.

        1. Graham Wilson

          Re: Once again, how does this square with the PATRIOT Act ?

          Read my posts and you'll know I'm not known for brevity.

          ...But I'm lost for words. Are things really getting this bad?

          (Today, I've read 5 El Reg stories which makes me wonder if I'm in Alice's Wonderland or Cloud Cuckoo land.)

          Anyone got any Prozac? ...A handful please.

        2. Mike Smith

          All Your Database Are Belong To US

          I fear you are correct, Herr von Krakenfart. It doesn't help that she herself is a septic:

          Her address is largely content-free, but taking the Sir Humphrey reincarnation a little further, her comment about US legislation could have a slightly more sinister interpretation, depending on where her loyalties really lie.

          Cynical and suspicious? Moi?

    2. Anonymous Coward
      Anonymous Coward

      But it does matter

      You foolish child.

    3. Anonymous Coward
      Anonymous Coward

      Simple solution

      We leave Europe and ask to be the USA's newest State, New Britain. Problem solved.

      After a few years of adopting American culture we can be just like them, ignorant, gullible, war mongering, overweight, reliant on fast food, gun toting, believe Hollywood films are true, bend history, throw out human rights legislation, privatise the health service,.... I could go on...

      NO WAIT I've just realised, it's already happening! Ahhrrrrgggg.

  2. oldredlion

    secure and protected

    How bloody stupid is that?

    “Theoretically, it shouldn’t matter where data is held as long as our rules apply,”

    Well they don't apply because it's in the US. Good luck with getting them to play by your rules.

    I'd expect this EU cloud to go live and the US security bods to be looking through the data that same day.

  3. Anonymous Coward
    Anonymous Coward

    This isn't you uploading your holiday snaps to Facebook, this is national data that should be secured within that country's borders!

    Flipping heck, I work for a financial institution in the UK that operates partly within Switzerland and while that country is not part of the EU we have to jump through some serious legal and technological hoops to allow our systems to correctly share and still segregate key data. We are reminded almost on a daily basis that if one byte of data escapes from the Swiss held servers that should not, we will be personally liable for it and P45s will be issued without hesitation!

    1. T.a.f.T.

      But this new legislation is design to help people like you (be replaced with more foolish voters) by meaning that there is no longer a problem in sending civilian data anywhere in the EU or even the world. Does that not sound like a good thing, they are just making your job easier.

    2. Anonymous Coward
      Anonymous Coward

      Your not alone

      We have a standing instruction that NO data relating to trades, payments contracts etc should be held on US soil. Not one byte, otherwise, ... well P45's would the polite way!

      1. Anonymous Coward
        Anonymous Coward

        Re: Your not alone

        At a bank I worked in they used to fly backup tapes from caribbean offices to data centres in Canada via Europe. It was deemed an unacceptable risk that the aeroplane carrying them would overfly the US and might have to touch down there in an emergency.

  4. mark 63 Silver badge

    the whole thing smells of either bribery or extreme nievety (sp)

    and i dont think the data protection act is properly coded for new things like the "cloud"

    on a separate note:

    "We really need to drive growth and jobs in the future,” she said."

    Great - lets give all the data storage jobs away to johnny foreigner then!

    is there anything else not important we can hand over?

    how about we outsource the military?

  5. Captain TickTock

    The difference between theory and practice...

    Is that in theory, there is no difference,

    but in practice, there is.

  6. Anonymous Coward

    “The legislation in the US is not so different from the legislation we have in the EU.”

    He is joking right?

    1. John Smith 19 Gold badge

      He is joking right?

      No, she is not.

      *officially* US (and Israeli) data protection is as robust as the rest of Europe.

      Look it up.

  7. Homer 1
    Black Helicopters

    Game over

    Hello National Security Letters, goodbye data protection.

    Unless EU service providers can keep my private data safe from the menacing advances of American "interests", the only "Cloud" I'll ever trust is the one in my broom cupboard.

  8. Ben 50

    The difference between the Commission and the Parliament

    The Parliament (with our elected representatives) has reviewed the EU's relationship with the US on data protection three times and found it woefully lacking.

    The Commission, on the otherhand, is rather like the civil service. It acts in its own interests - which means the interests of whoever will offer the individuals involved the cushiest directorship or stuffed brown envelope.

    This is why we have representation in government (not that they actually fulfil their purpose, sadly).

    1. Anonymous Dutch Coward

      Re: The difference between the Commission and the Parliament

      Sadly, completely agreed regarding your characterization of Commission vs Parliament.

      Seems like the Humphreys once again come out on top...

    2. Anonymous Coward
      Anonymous Coward

      Re: The difference between the Commission and the Parliament

      And you wonder WHY? they cannot balance their Books for the last god knows how many years back???

  9. Anonymous Coward
    Anonymous Coward

    Megan Richards

    I hope for her sake breathing is a reflexive action because she cetainly hasn't got the brains to do it.

  10. Wize

    There are a lot of differences between EU and American rules.

    And if something is held on server that breaks rules in one place but not the other, who's jurisdiction does it come under?

    1. Steve Davies 3 Silver badge

      Re: There are a lot of differences between EU and American rules.

      simple answer


      Please get on message. Write down 1000 times

      'All the data stored on a computer in the world belongs to the USA'

      cos Pres Obama said so.

      1. John Smith 19 Gold badge

        Re: There are a lot of differences between EU and American rules.

        "cos Pres Obama said so."

        Err I think you'll find the PATRIOT (It is an acronym) Act was brought in under "W".

  11. Anonymous Coward
    Anonymous Coward

    Also, there's companies liabilities ...

    Our Information Security Officer (UK company of 5000+ employees) is of the opinion that a customer whose data was slurped by the US government, would have cause to sue us for breach of the DPA.

    1. Anonymous Coward
      Anonymous Coward

      Re: Also, there's companies liabilities ...

      That is correct AFAIK - even in the case of a criminal investigation (because it would only be legal if it was done by UK police). That's why it's quite simply idiotic to use US providers if you're not a US company yourself (as a US company you don't have a choice..).

  12. tkioz

    Is this women insane? The U.S doesn't have to follow EU rules, and frankly their attitude to data is terrifying. The EU should keep their data as far away from the U.S as possible, at least until the U.S gets rid of the "Patriot" Act (gotta love how American politico's name their laws...) or puts some reasonable restraint on their "law" enforcement (see: megaupload)

  13. Trollslayer
    Thumb Down

    Selling data

    Isn't there a provision in US legislation to sell data to other companies?

    I mway be wrong, if so pllease tell me.

  14. Semaj

    Location doesn't matter

    Cheap datacenter in India it is then.

    It's fine because they ticked all the "do you have" boxes and we trust them not to lie.

    1. Spanners Silver badge

      Re: Location doesn't matter

      I trust the Indians a lot more than I trust the US. I work with people who are (or their forebears were) from India. Their attitudes towards privacy seem a lot closer to ours than most people I have met from the US.

      Ideally though, lets keep it in Europe. Someone in this continent must have a server somewhere...

      1. Intractable Potsherd
        Thumb Up

        Re: Location doesn't matter - @Spanners

        "Someone in this continent must have a server somewhere..." And if not, why not? There is clearly a market for it!

  15. Anonymous Coward
    Anonymous Coward

    Patriot Act

    US Cyber Security Act 2009 has even weaker safeguards than Patriot.

    **Do not store your client's data in the US**

  16. Tom 13

    Wowsers. She needs to stay away from those Amsterdam bars until AFTER she gives the interview.

    I mean, I one them thar crazy 'Mericans, and in her place I wouldn't trust us with your data. Even if we set the Patriot Act aside, you never no when some idiot President or aide thereof is going to go blabbing protected information.

  17. Kubla Cant


    It doesn't really matter what US laws say now. The main issue is that the US government (or any other government, for that matter) can do anything it wants to in the future. It's an act of state. For US citizens' data, this is OK because they elected that government and they have the theoretical ability to throw them out.

    European citizens whose data is stored in the US would have no sanction beyond saying "I'd rather you didn't", because we didn't elect them. Whereas we have control over data stored in Europe because we elected the people who run Europe and we can throw... Hang on... no we didn't, and no we can't.

  18. Anonymous Coward

    So all of our base..

    Belongs to US then ?

  19. cocknee

    51st State

    Once it was just Blighty, now everywhere is 51st State, well apart from Russia and China cos they have big toys too.

    echoing what everyone else has said: "What the fuck is she on?"

  20. bofh80

    seriously? securely?

    would all the security experts with proper full stops and letters after their name, please step forward and explain that there is no such thing.

    Let's ask RSA first.

  21. ACx

    This is so bad, so negligent, so rank stupid, that I actually don't have the necessary language skills to adequately express my opposition to this.

    Swearing wont work.

    A pathetic pointless vote wont help.

    A letter wont help.

    A meeting with my local Tory MP ( who I know quite well) wont help either.

    Even 1 million people protesting on the streets of London can be simply ignored.

    What's left? Mass violence? Seems to work else where, right?

    Tell me, what is left? Seriously, how can this sort of thing be dealt with by normal intelligent people when we the people are buried under so many layers of bureaucracy designed to cut us out and leave us as simple servants?

    These bastards ruin everything. When will we hold them properly to account? After its too late, as per usual?????

    Well, OK, then as per usual, we deserve it. Unless all the whiners here and else where get off their collective lard arses, leave their precious keyboards and sniff the fresh air, it will be too late, and your kids will ask you why you just sat there typing bullshit on a web site while Rome burned around you.

    Stop typing and damn well get off your back sides you lazy pointless people, or, shut the hell up and take it like the damn gimps you all are.

    Now, down vote that mother f*cker. Cos you are too fat and lazy to do anything else.........

    You know its true. Thats you you wont like reading it.

    My name is Bent Over Elton, good night.

    1. GreyWolf

      Of course there's things we can do...


      If your managers say "Cloud", reply "Not in America".

      If they insist, encrypt everything in sight.

      Make sure the only place where the encryption key(s) exists is on a thumb drive in the CEO's safe, with a note giving the name of the fuckwit that insisted,

      When the cops ask for the password, say "the CEO has that, I don't".

      Finally, set up a dead man switch that deletes everything in sight if you end up in the slammer.

    2. Anonymous Coward
      Anonymous Coward

      Actually, I have prepared a rather large spanner for their works. No,, make that a large spanner for general use and a very large handful of nuts for the gears of all these privacy violating outfits - with material provided by themselves.

      To be continued..

  22. Anonymous Coward
    Anonymous Coward


    and dumber

    Can't we get rid of these people?

  23. John70

    5 million what??

    "Richards reckons cloud computing has the potential to deliver €700bn (£564bn) of economic benefit in the five biggest European economies and generate five million new jobs in the five largest member states."

    Generate 5 million new jobs??

    How can moving your data to the cloud generate 5 million new jobs?

    It's more like move the data to the cloud then off source the jobs to India.

    1. Mike Smith

      Oh, that's easy.

      "Richards reckons cloud computing has the potential to deliver €700bn (£564bn) of economic benefit in the five biggest European economies and generate five million new jobs in the five largest member states."

      Firstly, moving to The Cloud (TM) is a serious move, requiring extensive business process re-engineering. That can only be delivered by engaging world-class best-of-breed consultants from top firms - Capita, Accenture, EDS, etc - which will in turn pump revenue (their daily rates) into the economy.

      The new jobs - rifling through other countries' data and fighting expensive legal battles - will be created in the five largest US member states.

  24. BristolBachelor Gold badge

    “We really need to drive growth and jobs in the future,”

    So how does that comment square with:

    "Theoretically, it shouldn’t matter where data is held as long as our rules apply"

    She wants to drive growth and jobs to the US?

  25. Anonymous Coward
    Anonymous Coward

    Patriot act ?

    Patriot act is in contradiction with EU privacy rules, please seek alternate employment Megan

  26. Will Godfrey Silver badge

    They've gone and done it again!

    Every time I think government can't get any more stupid they go and prove me wrong.

  27. John Smith 19 Gold badge

    EU commission <> EU Parliament

    For non European readers.

    The "Commission" is the unelected group that basically runs the EU Civil Service.

    They appear to have learned many important lessons from studying the British Civil Service.

    Most of them bad.

  28. John A Blackley

    In all fairness

    Ms. Megan did say that theoritcally it shouldn't matter.

    Theoretically communism works too.

  29. toadwarrior

    Sounds like someone is getting paid off.

    It would be stupid for a business let alone government to store it's data with a US company.

  30. Mordag

    Theoretically she's right

    It seems that her statements are relying on the 7th Principle of the Data Protection Act and the application of encryption. It is possible for anyone to encrypt data and leave the usb drive or CD on a train (as Government organizations seem to do) and be assured that it cannot be deciphered.

    The problem starts, though, with Cloud services. Here the provider also has the application code and being 'in the Cloud' you don't know where the data is and who has access. Better to stick to in-house computing, at least experience helps you to know what the threats are and so you have a reasonable chance of controlling them.

  31. Anonymous Coward
    Anonymous Coward

    She's right... it doesn't matter.

    As an InfoSec professional in a certain publicly-funded healthcare organisation, I can assure you that she's right. It doesn't matter, and the reason is quite simple: There is no point in protecting information from disclosure to someone that already has it. For your delectation:

    1. The NHS staff records (representing 7% of the UK population) are already held by McKesson - an American company.

    2. The government has just signed a deal outsourcing the storage of the national database of patient information that every healthcare organisation in the UK uploads their patient records to, to... you guessed it! An American company!

    If you work for or have been treated in any public healthcare organisation in the UK, all your personal, medical, and demographic data is already freely available to the US Government under the US PATRIOT Act. That genie already left the bottle some considerable time ago.

    Anon because... well... I could really do with keeping my job.

  32. wilfil

    Deputy Commissioner should step down

    Megan Richard's comments show a complete failure to understand the relevance and importance of investing in EU-based data centres to stimulate EU growth, EU jobs and EU recovery. Of course it matters where data is held in the world - EUROPE! These kinds of stupid, irresponsible remarks are a feature of a system shot to bits. Megan Richards should get a real job with real responsibility which involves actually earning money - is there any wonder Europe is in the mess it's in with policy makers giving away all our opportunities for economic growth!!!!!

This topic is closed for new posts.

Other stories you might like