Sounds like common sense....
...so bound to fail.
Microsoft president and chief legal officer Brad Smith has presented a new safe harbor pact to replace the agreement struck down earlier this month by the European Court of Justice (ECJ). The ECJ ruled that transferring Europeans' private information in and out of America is no longer allowed because America's privacy laws …
I'm not sure if it's common sense or not, but what this guy is describing is EXACTLY the same as safe harbour, with the difference that EU companies could process US' citizens data based on US rules.
What this guy fails to realise (or maybe not) is that safe harbour is sunk by Patriot Act and NSA spying. As long as US gov agencies can demand data on anyone (including EU citizens) from US companies, without the data subject being notified and based on a secret court order that cannot be known about let alone challenged, there are no possible rules that can resurrect safe harbour.
And that's just what US Gov agencies are LEGALLY allowed to do under Patriot Act. FSM only knows what how much data they're trawling 'on the side'.
Double the infrastructure ( as it's more sensible to sandbox non-eu data from eu data) and double the lawyers as now they'd have to understand US law as well for any US-originated data that may be held.
Also Co's would have to agree, under some circumstances, to be subject to US law wherever in the world they operated. Sounds like a jurisdictional trojan horse to me.
Don't see everyone jumping on that bandwagon
Not sure why the downvote unless it's just pure hate. Everyone admits that everything and everyone on the Internet is fair game and data is slurped. Doesn't matter what country or who's citizens as they all do it.
I think this is a start, but as was pointed out, getting the US Congress go along is like herding cats. I think that also goes for all the rest of the governments. That cat herd is rather large.
Since the United States is an Oligarchy and the whole terrorism bit is signed and paid for just for the purpose to get these totalitarian powers of snooping, with a clear intent of expanding, not shrinking these powers, it won't matter. Whatever they agree to on paper, the spooks will get do whatever they want.
Since the EU is really part of the same Club of blood sucking reptiles, it just puts them on alert, that they made a minor mistake with the setup of the EU, in spite of the Chinese style Polit-bureau and their perfect control of the mainstream media.
.
Lets see how they attend to this:
Another false flag attack to get everybody to fall in line again on the needs of universal snooping? Another new war some place? An epidemic? Ahh, wait; maybe an economic collapse! That always has side benefits - every bust allows them to hoover up assets...
The problem isn't the companies involved. it is US law and its steam rolling of people's rights.
The data from the EU can only be handed over to the US Government if they have a valid EU warrant. And that is what the US agreed to, before they enacted the Patriot Act and nowadays say "ah, well, the data is on US soil, so we can ignore those pesky EU people and their silly data protection laws, just give us the data or face fines and imprisonment."
Under those circumstances, there isn't much a US company can do. Until the US Government and the US Justice agree that data held under Safe Harbor is actually safe, there isn't much any company can do.
"The US and Europe had a safe harbor pact permitting this flow of personal data over the Atlantic, but the court tore it up, which is a major problem for Silicon Valley."
FFS, the ECJ didn't tear anything up! The US ignored their "gentleman's agreement" making a mockery of it.. and making a mockery of the Charter of Fundamental Rights of the European Union in the process.
The ECJ had no choice but to observe that the "safe[sic] harbor" scam is a scam.
American firms with European customers would handle their data in compliance with EU rules and vice versa... That changes, however, if an EU citizen lives in the US or if an American moves to Europe. In that case the data rules used match the physical location of the customer.
So US companies storing EU residents' data inside the US would have to store it under a new kind of safe harbour agreement where EU residents' data is stored following tougher EU rules inside the US which has laxer rules. Here nothing has changed.
EU companies storing US residents' data inside the EU would be legally unable to store it under the US' laxer rules. So what he's lobbying for is the EU to nobble its own data protection laws so that EU companies can store US residents' data under the US' laxer rules and then they would promise really really hard to store EU residents' data the way it was before. We all know that's going to happen.
Edit: And it'd also probably solve the DOJ-MS Dublin case.
This is the man which came up with the 45-page privacy agreement and decided it was okay to make GWX hijack your Windows 7 and 8 computer and push out Windows 10-like telemetry updates to Windows 7 and 8 computers over Windows Update. Never trust the lawyer!
That makes the problem sound like an organizational one. It isn't. The US tries to act like ruler of the world and will use any leverage it can to get what it wants regardless of existing laws, jurisdictions and procedures. The State sees itself as the supreme potentate answerable to no-one. Increasingly, other countries' governments are taking the same view. As the MS-Irish-US affair shows, anyone with assets in the US will be seen by that government as liable only to US law.
Stuff 'em. If they want to act like a tin-pot dictators, surely Balkenisation is to be welcomed. If google, amazon and ms can't operate their data snarfing outside the US, the Americans have only themselves to blame. It may take a few years to polish but that opensource idea may just catch on.
The USG is finding that playing mean results in the other kids refusing to play. Who could have predicted that?
>>It may take a few years to polish but that opensource idea may just catch on.
I'm not sure how you think opensource will help in any way shape or form. The problem isn't the tech. The problem is that the US Federal Government can order a US Company to turn over all of the data it has. Further the US Federal Government can force said company to not disclose that it has turned over the data and even to force that company to deny it has turned over the data.
That is what destroyed Safe Harbor. Sure, there are other issues, but at the end of the day that is what needs to change. Don't hold your breath.
"This month the old legal system collapsed, but the foundation long ago had crumbled. In recent years it has been apparent that a new century requires a new privacy framework. It's time to go build it."
You stupid fucks even dropped the ball on software patents back in the 90s to gain a little "Market Advantage", literally driving over people's best interests.
Now you pretend you can create a legal Potemkin Village of the Holy Privacy Unicorn which will be respected by out-of-control superbly financed and extremely metastasized state actors?
GO DIE IN A CORNER.
Microsoft can agree to whatever they want, but unless Congress agrees to pass a bill supporting it (actually passing bills being something the current Congress is famous for... not doing?), this is still going to fall afoul of the ruling in German courts that US based companies can't legally guarantee protections if the government can override them, and the US companies can be held liable
that the US gov has demonstrated itself untrustworthy, and that this is proposed by Microsoft, who fall short of paragonhood of virtue in that respect as well.
GNU Foundation ideas might get a better reception, intransigent and Idealist being exactly what is lacking.
No, it's the same Microsoft who happily sifts through a user Hotmail account to find proof he's selling counterfeit MS software. Only then it hands over that info to the police voluntarily.
Also gave you a down-vote just for the sake of balance.
1. Stupidity of Europeans that still don't recognize that their OWN spy agencies and governments do and have been doing the same thing (Or worse, but they didn't get caught yet) for 50 years as the US does. EACH of these agencies is as "untrustworthy" as any of them regardless how much you moan and complain about the US.
2. Going on and on about "Open Source" being the panacea to solving all computing ills' when "open sores" software has as many or more bugs than any other software manufacturers product and any Linux installation on an inexperienced users PC is more likely to stay unpatched for longer than Windows as there is no automatic update method. If there is no support crew, then it is at least as dangerous as Windows.
3. For the record, anyone who is a regular El Reg commentard that has not been able to follow the directions posted everywhere to block the Windows 10 upgrade updates and/or remove them for Win 10 isn't worth the powder to blow them to hell and sure as hell doesn't deserve the title of computer savvy.
It's getting pretty old. There's far more to do than bashing Americans in this world. Or are you really that emotionally retarded? It's not like Britain, Germany or France have been any shining beacons of "privacy" or even competence over the last forty years. And strangely enough no European company has ever provided an operating system that even came close to the market share of Windows which makes all the complaints no more than sour grapes or anti-competitive puerile bullsh@t.
European's collective inability to admit they are wrong about the US is ingrained in their culture. It's been going on for over 200 years. You just don't like anyone who doesn't kiss your butt and kowtow to your "superior" ways. You always seem to think you "know better" than we do. Wrong!
Maybe you should just learn to live with the fact that we Americans aren't the same as you and we aren't going to be; as well as the fact that your Europeans aren't any better than we are either. Stop tying to act superior because you aren't.
The simple solution is to put the servers in Europe and under European law.
That will make the Europeans happy.
Just so long as Americans are not totaly addicted to having all their data shared with government workers, Americans will be happy too.
That isn't a solution as the US legal system believes it is entitled to data stored by American companies regardless of where that data is stored. While MS have decided to fight the case you'd have to wonder how many companies would of just rolled over and handed the data to the feds.
An interesting scenario is if the UK leaves the EU what's the chances of a snowball surviving in hell that is the UK being allowed a "safe harbour" agreement with the EU?
Since the UK already has the necessary data protection legislation in place (which Brussels must be happy with since they have not complained) then I would suggest that the odds are pretty good. However they may start to get iffy if some time-serving minister decides to curry favour with who ever is in charge in the States and tries to weaken the rules.
Is this Microsoft person totally ignorant of US law and US politics?
Under US law foreigners living abroad are not entitled to human rights. And US politics goes even further than that.
"Microsoft's plan is ridiculously straight forward: a new legal framework for handling data, where blocs on both sides of the Atlantic agree to play by each other's rules. American firms with European customers would handle their data in compliance with EU rules and vice versa."
Once the data is in the USA, as it enters the USA (and probably as it passes through the UK), the data will cease to be secure, the data will be spied upon and potentially copies made, retained and circulated, by US (and probably UK) government workers.
And once it is in the USA, no surveillance court judge is going to refuse to rubber stamp a warrant to seize the data just because the data is on some foreigner.
Redmond, (last time I looked) was a good few hundred miles north of silicon valley.
Even their notional Tax HQ is in Nevada.
Not all US data slurping companies are built on top of a number of Geological fault zones.
Perhaps the best we can hope for is 'The big One' to hit and swallow them up whole but that still leaves Ms 'up north'.
>Bell End
It's quite unusual to sign forum comments. And take a look at the actual data W10 sends home. I have. I think you'd be surprised ( or from your post and signature, perhaps disappointed) how little there is. In tests, I found the OS sent fewer packets to Redmond than Chrome sends to Google.
Total FUD.
It inconveniences rapacious megacorps and foolish SMEs out sourcing.
At present level of world politics, privacy, spying and commercial exploitation:
* Should be illegal for ANY one anywhere to send or store other people's personal data outside the country of person, without clear informed consent.
* Servers and regional HQ should be in same country
* Outsourcing of HR, Payroll etc outside the country were the employee works should be illegal
* No selling or transfer of personal details to 3rd parties for benefit of third party.
* No automatic opt in to anything.
It's complicated when website has server only in one country and then person in random 3rd country signs up. In that case they shouldn't keep any personal data. If it's online shop, it should be like buying stuff in a local shop, with cash. Don't keep the details once it's shipped. Don't keep the credit card details at all once paid. Makes all those mega credit card thefts impossible.
Loyalty cards on physical shops are an issue. People do not realise this is to personally track them and often to supply info to 3rd parties. Only anonymous "loyalty" cards should be allowed!
and you live in the UK it will be open season on your data. You won't be protected by EU laws, and the US doesn't care about foreign laws anyway. Cameron and his cronies, particualrly May, want to do away with your human rights and right to any kind of digital privacy anyway. Leaving the EU will mean there wil be no higher court of appeal when (for example) they decide to sell all your health data to the highest bidder to help generate a "budget surplus".
The rest of Europe will be happy but it will be the UK in the digital dark ages, no-one will trust us with their data. Just another sector that will move out of the UK if the UK is stupid enough to leave.
If the UK votes to leave the EU...and you live in the UK it will be open season on your data.
Sorry to burst your bubble, but it's already open season on UK citizens data, because GCHQ get all the powers they want, have zero accountability, and no need under UK law to get warrants. In the the highly unlikely event that GCHQ can't help themselves to your data they'll outsource the job to NSA and their mates, under the reciprocal Five Spies umbrella.
No matter what the EU say about data protection, and the supposed "rights" you have, successive UK home secretaries have worked ceaselessly to ensure that your data is readily accessible to the stasi. Your optimism in the benefits of EU membership is quite touching, though.
Dangers ? What dangers ?
I see no problem in Euro TCP-IP traffic staying in Europe instead of being routed through California (or wherever) and coming back. Nor do I have any issue with Euro citizen data being stored in Europe and not being sent anywhere without consent.
Of course, today the situation is that everything is sent to the US and the US is taking advantage of that to liberally peruse anything they want. So yeah, the US is in danger of not having such easy access to other people's private lives, but that ship actually sailed with Snowden and won't be coming back, so it's no use complaining about it now.
I see no danger to people with a "balkanized" Internet security scheme. I do understand that the US government doesn't like the idea, but I couldn't care less about that. As far as I'm concerned, the White House has no right to look at me when I'm not on American soil or declaring my intention to go there.
Remember Microsoft vs Netscape? IE6 with bugs galore, couldn't render web pages properly and couldn't even pass the Acid test? "Best viewed on Internet Explorer" banners on websites everywhere?
Bad things inevitably happen if you let Microsoft dominate and have its own way.
I'm curious to see how this progresses. I too don't see the US changing their privacy laws as they see it as a matter of national security, everyone else be damned. Plus they have additional "incentives" for the Europeans to turn around. The only way Washington will pay serious attention is if countries go "nuclear" and declare Americans personae non gratae. If a major European country officially decides to suspend diplomatic relations, pull out all their visitors, close their land to Americans, and stubbornly "go it alone" for any crisis that comes their way, then Washington will have no more way to bargain with them: forcing the decision into an all-or-nothing, either capitulate and change the law or double down and go without them.
because that will be the end of most tourism dollars for your countries, the end of any aid you get sent, the end of any economic cooperation, the end of many raw materials and the beginning of an economic downturn so great that the Great Depression will look like a fart in the wind.
Please go ahead... when you are bankrupt and starving don't forget you asked for it. I won't care.
If you're talking TOWARDS the US, they won't care. They get plenty of tourists internally and from Asia. There's a big self-sufficiency push as well, so cutting off will just motivate them. Imagine if a Kennedy-like figure starts a nationalistic push towards true energy independence within a term. This bit about Safe Harbour means economic cooperation is at a standstill anyway, so they could just switch gears to Asia.
If you're talking towards the other country, the US would be happy to just say, "Good Luck...you'll need it" and watch to see if they come crawling back.
I thought that was Asia. China and India alone comprise some 2 1/2 billion people, plenty of natural resources, and ambitious to move on up. Plus the US, even if not at the top, comprise nearly 400 million people in themselves, a growing oil reserve and a lot of agricultural resources, which means they still have some sway in global economics.
Take it with a pinch of salt but:
The economy of the European Union generates a GDP (nominal) of about €14.303 trillion (US$18.451 trillion in 2014) and a GDP (PPP) of about €12.710 trillion (US$16.773 trillion in 2014) according to International Monetary Fund,[1] which makes it the largest or second largest economy in the world respectively if treated as the economy of a single country depending on a source used.
https://en.wikipedia.org/wiki/Economy_of_the_European_Union
Balkanize and the US will just increase it's spying efforts... Russia and China are getting there and I'm pretty certain the push is on to get inside and stay inside their borders. If anything, this type of thing will increase everyone's paranoia. By everyone, I mean "governments". People.. not so much as they will still give data and info to any website that asks.... Look to FB and Google as a prime example.
It seems as if his new safe harbour is just like the old one except that authorities are allowed to get at US data subjects' data when held in the EU.. I'm surprised. Under the circumstances I'd have expected him to argue that, if EU data subjects' data is kept by a US company's EU subsidiary in the EU, safe harbour would be the US barring itself from any attempt to get at it except by due process of law in the country in which it's held. It makes Microsoft's position in the email case the odd man out in that it seems to be the only example of them trying to do the right thing.
At least one of the complications is that large-scale services such as social networks will store information (or copies thereof) as locally as possible -- either in part or in whole.
What happens when Brussels Bill and California Carl become Facebook friends? I don't know FB's data architecture, but I can guess that at least some of Bill's data is going to be replicated in California, while some of Carl's data will be replicated in Brussels. When the cops come knocking in California, the server should cough up only data on Carl, while keeping schtum on Bill?
On a much smaller scale, what would this mean for a small business owner who has customers or clients worldwide? Whether I'm using a cloud CRM or a desktop database, I am bound to be breaking the law.
Even under Safe Harbour, this was problematical, insofar as an undertaking to uphold _either_ US or Euro standard would place me into averred conflict with the other -- and we can thank Schrems for forcing the conflict into the open.
As regards social networks this is something the Irish DPC has to consider - remember the immediate outcome of this case is that they can now go ahead and investigate the complaint. They may still decide that some or all of the complaints aren't justified but if they are justified the networks don't have Safe Harbour to hide behind.
As regards international trade your customers would be sending their data to you and if you're in the EU you need to handle it in accordance with the EU's requirements. The problem comes if you then send it to a cloud CRM in the US because you can't be sure about it's handling. If you have a desktop database instead then the data doesn't leave the EU.