sign it in blood
And they will find a way around it.... loop holes, loop holes.
European lawmakers won’t blindly accept an EU-US agreement on new data sharing laws without important legal questions being answered and fine print being read, according to several prominent MEPs. After four years of talks, the EU and the US reached a “gentleman’s agreement” on data sharing for law enforcement last week. On …
This is data protection legalese, but it means the data given to the USA will not be processed beyond the stated purpose, being "prevention, detection, investigation and prosecution of crime".... My biggest concern is that the US will say that collecting everyone's data about everything is to do with "prevention" of crime (i.e. they have to collect lots of innocent people's data to look through to see if there's anything criminal-related, i.e. this might give a fig-leaf to the already massive data harvesting being done by the USA.... Also, the definition of "criminal" is not the same on both sides of the atlantic (or indeed in the 28 EU member states).
If someone in the EU sends personal data of a EU citizen to the US any redress for misuse must be in EU courts and the safeguards must be to EU standards, not the US (I'm dismissing any likelihood that US data protection standards will ever be better than those of the EU). The easiest way to do this would be to hold whoever sends the data from the EU to continue to be responsible in law for its handling in the US. That should concentrate minds.
The sender of the data is already responsible. If you save your contacts on iCloud, GMail, Outlook.com etc. and the information gets handed to a third party outside the EU without an EU warrant or without them getting written permission from those identified in the personal data (i.e. if they hand over your contact list, the recipient has to get an EU court order or the hoster has to get written permission from each contact before handing over the data).
If they fail to do that and it comes out, the DPR can prosecute you and the identified entities in your data can seek redress from you for not ensuring that the data was adequately secured.
Using any of these data syncing cloud services is a trade-off between convenience and being liable if your providers hands over the data to a third party (or the cloud service gets hacked and your data leaks out).