SoylentNews is people
SoylentNews
Tech giants are ignoring questions over the legality of their EU-US data transfers:
A survey of responses from more than 30 companies to questions about how they're approaching EU-US data transfers in the wake of a landmark ruling (aka Schrems II) by Europe's top court in July, which struck down the flagship Privacy Shield over US surveillance overreach, suggests most are doing the equivalent of burying their head in the sand and hoping the legal nightmare goes away.
European privacy rights group, noyb, has done most of the groundwork here — rounding up in this 45-page report responses (some in English, others in German) from EU entities of 33 companies to a set of questions about personal data transfers.
It sums up the answers to the questions about companies' legal basis for transferring EU citizens' data over the pond post-Schrems II as "astonishing" or AWOL — given some failed to send a response at all.
Tech companies polled on the issue run the alphabetic gamut from Apple to Zoom. While Airbnb, Netflix and WhatsApp are among the companies that noyb says failed to respond about their EU-US data transfers.
Responses provided by companies that did respond appear to raise many more questions than they answer — with lots of question-dodging 'boilerplate responses' in evidence and/or pointing to existing privacy policies in the hope that will make the questioner go away (hi Facebook!) .
"Overall, we were astonished by how many companies were unable to provide little more than a boilerplate answer. It seems that most of the industry still does not have a plan as to how to move forward," noyb adds.
(Score: 5, Insightful) by Runaway1956 on Friday October 02 2020, @01:54PM (15 children)
All of these "tech giants" see themselves as "tranformative" in nature. They don't have to obey national, or even international law, because they intend to transform society. Google and it's ilk have superseded government, and government should learn to be subservient to the new masters.
And, if government doesn't move to cripple the tech giants, Google and company may very well have their way.
Today's tech companies are an existential threat to the governments of the world.
Hail to the Nibbler in Chief.
(Score: 5, Insightful) by DannyB on Friday October 02 2020, @02:09PM (12 children)
The founders of the US never foresaw or maybe could not have imagined the global concentrations of wealth and power represented by mega corporations. More powerful than governments. Existing across multiple countries. Able to buy, sell and trade politicians like they were baseball cards.
Gradually corrupting the system until all of government realizes . . . come right on in! The swamp is just fine! No need to drain it.
They pay attention to the Profitability of their data transfers. That is what actually matters.
Is there a chemotherapy treatment for excessively low blood alcohol level?
(Score: 3, Touché) by PiMuNu on Friday October 02 2020, @02:29PM
Cyberpunk is now.
(Score: 5, Insightful) by tekk on Friday October 02 2020, @03:07PM (7 children)
> The founders of the US never foresaw or maybe could not have imagined the global concentrations of wealth and power represented by mega corporations. More powerful than governments. Existing across multiple countries. Able to buy, sell and trade politicians like they were baseball cards.
I mean, they did have the East India Company ;)
They probably just figured it wouldn't happen to themselves.
(Score: 5, Insightful) by DannyB on Friday October 02 2020, @03:38PM (6 children)
I doubt that the East India Tea Company could control governments as well as information and the citizen's lives as deeply as modern high tech mega corps do today.
Is there a chemotherapy treatment for excessively low blood alcohol level?
(Score: 4, Insightful) by PiMuNu on Friday October 02 2020, @03:46PM (3 children)
They probably had a major stake in the British government. I couldn't find any sources to support either way - but don't forget, it was an age of effectively single party politics and oligarchy, much like in the US nowadays I suppose.
Agree wrt information and citizen's lives however.
(Score: 1, Interesting) by Anonymous Coward on Friday October 02 2020, @07:45PM (1 child)
A lot of people forget the latter (Hudson Bay Company), but it had a huge influence over early American development as well, including the reason for so many trappers down in what has become the United States, avoiding that monopoly and selling your pelts abroad was a VERY profitable endeavor. And HBC did all sorts of nasty things to stop that from happening as well as controlling the local population, including the Native Americans.
I'm sure there are other examples that can be found. And keep in mind the transformative step was from large Trading Companies, to Banking Cartels who in turn DO have that sort of influence over many dozens or hundreds of governments each, based on the debt load of said country (as do some countries over other countries, see the US, China, Russia, and to a lesser extent the EU over various island nations and third world countries requiring financial relief.)
(Score: 2) by PiMuNu on Saturday October 03 2020, @02:06PM
Another example, 60 years before the Declaration of Independence - the South Sea company (South Sea Bubble) was very much about trading rights/monopoly in the South Sea and looking after government debt. In this case, the debt was incurred following years of war against France (War of Spanish Succession). So one might phrase it in modern terms as "military industrial complex" etc...
(Score: 1) by fustakrakich on Saturday October 03 2020, @02:35AM
The politics we see is irrelevant. All governments need finance, and you know where that comes from.
Everybody wags the dog. Governments are created by business, to enforce contracts, to control the marauding hordes and keep them occupied with menial meaningless work.
La politica e i criminali sono la stessa cosa..
(Score: 1, Insightful) by Anonymous Coward on Saturday October 03 2020, @09:00AM (1 child)
The East India Tea Company had their own armies: https://en.wikipedia.org/wiki/Presidency_armies [wikipedia.org]
How many battalions can Google use to take over and control a foreign country?
Maybe not as deeply in terms of knowing secrets, but definitely still deeply and broadly. Even today in India there are millions interested in cricket and English football leagues.
(Score: 1, Insightful) by Anonymous Coward on Saturday October 03 2020, @01:38PM
Google doesn't need their own armies - they have all the blackmail material they could ever need.
(Score: 3, Informative) by Anonymous Coward on Friday October 02 2020, @03:15PM (1 child)
Are we forgetting the East India Trading Company and others of their ilk? The kind of corporations that literally raised armies to conquer and control territories?
The Founding Father's were well aware of the possibility of large, global, influential corporations.
(Score: 2) by DannyB on Friday October 02 2020, @03:39PM
See my reply directly above.
Is there a chemotherapy treatment for excessively low blood alcohol level?
(Score: 3, Insightful) by Immerman on Friday October 02 2020, @05:49PM
Are you sure they didn't see the threat? Originally corporations U.S. could only be created for a limited duration to accomplish a specific objective, after which they would be dissolved, if they weren't dissolved early for violating laws. Normal businesses were privately owned without the multiple levels of liability protection afforded by incorporation. Like the old saying goes - corporations are tools for generating personal profit without personal responsibility.
(Score: 4, Interesting) by c0lo on Friday October 02 2020, @05:14PM
I wouldn't care that much about govts, but they become an existential threat to people.
https://www.youtube.com/watch?v=aoFiw2jMy-0
(Score: 2) by crafoo on Friday October 02 2020, @11:11PM
No. No one in the EU government actually cares about EU citizens or their privacy. Government has the guns. The "tech giants" will do what they are told. They are already partially rolled into government intelligence branches anyway. It's just a turf war now, government bureaucrats using tech companies in their proxy squabbles.
(Score: 4, Insightful) by Rosco P. Coltrane on Friday October 02 2020, @02:17PM (2 children)
and hoping their "legal problems go away".
What's happening in fact is, they have legions of power lawyers pouring over this, and their legal advice is: ignore it. You're so fucking big they can't touch your anyway.
(Score: 4, Insightful) by JoeMerchant on Friday October 02 2020, @03:01PM (1 child)
From a technology standpoint: what kind of audit would be required to determine actual compliance with the laws as they are now written?
I mean, sure, they can confess that they are breaking the law, but if they choose not to comply and hide it... are they now relying on whistleblowers to enforce the law? Because that worked so well with VW in Dieselgate, right?
Україна досі не є частиною Росії Слава Україні🌻 https://www.pravda.com.ua/eng/news/2023/06/24/7408365/
(Score: 2) by DannyB on Friday October 02 2020, @03:40PM
Simple solution: audit the laws to be sure the laws are written correctly according to the needs of corporations.
Is there a chemotherapy treatment for excessively low blood alcohol level?
(Score: 0) by Anonymous Coward on Friday October 02 2020, @03:08PM (1 child)
From a practical point of view, can this even be implemented? Does the EU think it can have its own separate little Internet? China tries to do this, and it takes a lot of heavy handed effort to keep the Chinese closed off and even then there is leakage.
(Score: 2, Interesting) by Anonymous Coward on Friday October 02 2020, @06:01PM
I see this from the inside of a company that has customers worldwide. Getting compliant with the current laws and regulations will be very hard (costly). And staying current as they change will be as well. There are two problems. First, most companies started as a single country concern, then grew into multi-national status. Their systems are not designed to segment data across geographies. That type of infrastructure investment made no sense when they started and were growing. It was a competitive DIS-advantage to do it. Other companies would beat them to market if they tried to do it. So, most companies are now stuck with a large problem.
Second, investments in infrastructure changes like this don't come from Engineering/Development. They come from Product and Marketing. Since there is no incremental functionality involved, it isn't prioritized over other features and functionality. Eng/Dev loses that battle every time. And many times is not even at the table when it is discussed.
In another comment, the author said Google was doing the best at complying. This makes a lot of sense. Google historically has been an engineering/dev run company. They are also very good technically with cutting edge solutions. They iterate a lot which means huge legacy monoliths seldom exist. They were multi-national from the beginning - a search engine has to be. Very few companies are like Google in these ways.
And, then there is the 'how can we test this' aspect. If it's hard to test for, costly to implement, and eng/dev isn't involved in the decision making, it's clear what the decision usually is.
(Score: 5, Interesting) by ledow on Friday October 02 2020, @03:21PM (12 children)
Not shocked.
Part of my job is working with a compliance person to do EU GDPR checks on the companies that we give our customer's data.
Pretty much, in order, most of them:
- Store data in the US and rely on Privacy Shield.
- Store data in an unspecified location and make noises about being compliant.
- Don't mention GDPR, data store or anything in any material and won't provide a GDPR compliance statement.
- Actually comply, tell you where your data is, your data is local jurisdiction, and guarantee they won't move it without telling you.
The "Don't mention" category included Apple iCloud/iTunes, last I checked. They make nice noises, but won't provide a GDPR compliance statement (mainly because iCloud is just random worldwide AWS and Azure instances, believe it or not).
So technically, every EU company using Apple devices with any login, or iCloud turned on, are potentially in breach of GDPR. And Apple just don't care.
Oddly, the one that played ball the most and was most reassuring? Google. They give you explicit statements, tell you exactly what happens, comply with all EU requirements, will certify so and TELL YOU THAT WITHOUT EVEN NEEDING TO BE ASKED. And have followed up several times since with updates about Brexit and other problems that have occurred.
Companies are sweeping it under the carpet because it's not THEIR responsibility. It's yours. If it's your customer's data, and you give it to them... you're the one in breach of your customer's privacy. They can pretty much just say "Hey, we're based in the Cayman Islands, not our problem mate." (and, yes, I have had to terminate services with data-holding entities that basically have that as their protection "We're not subject to your laws, your problem, mate.")
I even warned our compliance person about Privacy Shield, long before any lawsuit. I'm not sure that we've done anything about it ourselves.
And pretty much every service, software, website or whatever that our staff decide they "must use" (everything from Zoom to some random third-party website - Zoom's one is interesting: "Zoom has entered into Data Protection Agreements with our vendors (subprocessors) to ensure that the privacy and security of our customer data is protected"... that's very nice. But are you GDPR-compliant and where is my data stored and processed and can it wander out of my legal jurisdiction or not?) we have to refuse if it's US-based, and the concessions were all Privacy Shield websites which are, or soon will be, completely unsuitable in this regard.
Honestly guys, if even YOU can't tell me what's potentially happening to my data, in clear, unambiguous terms of the continent on which things happen to it, then how can I ever trust you? It's a privacy and data protection nightmare.
We're literally making the case that cloud-is-illegal in some cases, without very explicit terms about what "cloud "means.
It seems that the only safe way to handle data nowadays is in-house, on your own services. You have no more liability (because you're already liable for whatever Apple, Google, Zoom do if you give them someone else's data anyway), but significantly less risk.
(Score: 3, Informative) by Runaway1956 on Friday October 02 2020, @06:20PM (1 child)
You're already at +5 so I can't mod you up. But, yes, your own servers, located in your own buildings, in your own cities, in your own country.
Hail to the Nibbler in Chief.
(Score: 3, Informative) by pvanhoof on Saturday October 03 2020, @08:23AM
This isn't enough. EU law stipulates that it's not where your business is located that matters but where your main target of doing business is.
A US firm doing business with EU customers will have to commit to EU law.
You don't like this? Stay out of the EU with your business.
It's the EU's market. Not yours and not your firm's. Not the US's. In the EU, doing business in the EU, requires and equates to following EU laws. Or get the fuck out.
Best you can do as US firm is, I guess, is to have a branch somewhere in the EU and store the data there and never transfer it to the US. There are already plenty of EU data servers and cloud providers and what not.
Again. You don't like this? Stay out of the EU with your business.
Increasingly is the EU distrusting the US. So this is not going to get any better anytime soon. It's also the US's own fault with their total and utter disrespect for EU law and extreme extravagant vast amounts of complete carelessness about the privacy of EU citizens. The US is getting the EU's reaction to this. And it will get worse. Much worse.
(Score: 0) by Anonymous Coward on Friday October 02 2020, @06:57PM (1 child)
"Oddly, the one that played ball the most and was most reassuring? Google. They give you explicit statements, tell you exactly what happens, comply with all EU requirements, will certify so and TELL YOU THAT WITHOUT EVEN NEEDING TO BE ASKED. And have followed up several times since with updates about Brexit and other problems that have occurred."
Oddly enough the company that tries its best to do no evil (compared to the others) and tries its best to serve the consumer and serve a public interest (compared to their competitors) is the one that gets investigated the most for antitrust laws and gets picked on and bullied and complained about. Often those doing the complaining are the ones that are least deserving (those that want Google to both drive traffic to them and to pay them for the traffic and those that are IP extremists).
(Score: 0) by Anonymous Coward on Friday October 02 2020, @09:40PM
sundial pikachu is that you?
(Score: 0) by Anonymous Coward on Saturday October 03 2020, @04:52AM
"It seems that the only safe way to handle data nowadays is in-house, on your own services. You have no more liability (because you're already liable for whatever Apple, Google, Zoom do if you give them someone else's data anyway), but significantly less risk."
This has always been the case, but the C-suite don't get kickbacks, free lunches, or conference merchandise from in-house departments.
(Score: 2) by janrinok on Saturday October 03 2020, @07:23AM (5 children)
I agree with everything that you have written - but must point out that one country that does NOT accept this is the USA.
What crime did Assange commit in America? None, that I can see but the USA want to apply their own laws to him. But the world could easily say 'We are not subject to US laws, your problem, mate"
How about US citizens not having diplomatic immunity who commit an offence outside of the USA but then believe they have the right to be whisked out of the country even after after the US embassy gave an assurance that they wouldn't do such a thing to the UK police. Or have we already forgotten about Anne Sacoolas?
I can see the EU making a big issue out of this simply because it does not see itself as subservient to the USA. If people want to sign up to a US social media having servers inside the USA then that is fine, but companies can be punished for non-compliance with local laws and if the US wants to disagree with this then it could have long-term consequences for extradition, US business and many other aspects of life from which the USA currently benefits.
(Score: 2) by ledow on Saturday October 03 2020, @03:10PM (4 children)
Conspiracy to gain unauthorised access to a classified military system.
Backed by evidence that someone.... had unauthorised access to a classified military system and was in consultation with Assange about it, specifically how to do it and encouraging them to do it.
All bets are off. Sorry. Or did you think the US military would just go "Oh, yes... data protection, oh well, we can't prosecute those people who disseminated classified material to the press".
The US embassy - fucking disgusting. And the person in question did not have immunity for that anyway. The US seriously abused their ally in that one. I'll give you that one, on a plate, with a double-plus bonus.
(Score: 2) by janrinok on Saturday October 03 2020, @06:14PM (3 children)
Er, Assange wasn't in the USA, he did not carry out the alleged crime in the USA. 'Consulting' with someone who is not in the USA is not a crime, even for Americans. The person who stole the data is guilty, and he/she has been punished. But the USA wants to apply its rules to someone who did not steal the data. Now, explain to me again why the EU cannot apply its rules to US businesses please. The US companies are not denying that they transfer the data from the EU to the USA. They just don't like having to follow non-US rules in their host countries. They are free to move out any time they wish to do so.
(Score: 2) by ledow on Saturday October 03 2020, @06:58PM (2 children)
Doesn't matter if you break into an American system.
Same way that if I sit in America and break into GCHQ you can be pretty damn sure that the English court will assume the jurisdiction of the crime, and ask for extradition from the US. The crime is committed where the computer systems are, not where the person plotting to attack them is. Otherwise, Osama bin Laden and all the Taliban not in the US would literally have walked away without consequence, no? He didn't "break US law while he was in the US" by your definition, either.
Your amateur opinion doesn't trump decades of international law. If he hadn't committed a crime, the UK wouldn't even be required to consider their extradition order, it would in fact be illegal to extradite him for that. But if you sit in any country and encourage people to break into a classified military system of ANY OTHER COUNTRY, or even your own, expect to go to jail. It's really not that difficult to understand or comprehend.
By the same token, the EU law applies to American companies operating on European data. But they have no power to impose sanctions in the US on a US-only company, unless that company has a base in the EU. Guess why the law is basically worded so that people who deal with European data really need to have a European headquarters / company too?
(Score: 2) by janrinok on Sunday October 04 2020, @07:59AM (1 child)
That is exactly why he has not committed an offence. There is no law that says you cannot 'encourage' people to do anything. Have those inciting action in support of either political party in the US committed an offence? They might be charged with rioting, theft or murder but not incitement - otherwise Trump himself might find himself on the wrong side of the law. Nobody in the UK or elsewhere would be indicted for supporting the change of a foreign government, otherwise we would have numerous arrests regarding UK public support of a change of governments in Belarus, Afghanistan and elsewhere. The arrests haven't taken place because they are not covered by any law currently in force. In fact, we in the West were horrified when China took the action that it did against those protesting the current situation in Hong Kong.
The person stealing the classified data and passing it to the media has committed an offence because they will have signed documents in their own country akin the UK's Official Secrets Act - a document that I believe we have both probably signed. Those who believe that Manning did the right thing - and I don't believe that he/she did - are not guilty of any crime because, despite providing encouragement and morale support to Manning, they have not broken any laws. Had Assange been in the US then the situation might be different - but he wasn't.
We will continue to go around in circles with this and, as I stated originally, I agree with all of the major points of your original post.
(Score: 2) by ledow on Wednesday October 07 2020, @06:32PM
Conspiracy.
It's literally a legal term that means EXACTLY what you say doesn't exist.
"Conspiracy has been defined in the United States as an agreement of two or more people to commit a crime, or to accomplish a legal end through illegal actions. A conspiracy does not need to have been planned in secret to meet the definition of the crime. Conspiracy law usually does not require proof of specific intent by the defendants to injure any specific person to establish an illegal agreement. Instead, usually the law requires only that the conspirators have agreed to engage in a certain illegal act."
It's based on English law, so there's not even a possibility of saying "they committed a crime that doesn't exist in the jurisdiction that we want to extradite from" (as opposed to if you tried to extradite someone to Russia for a homosexual act, when that act isn't illegal in the UK, for example).
The rest is a matter of jurisdiction over the act (which is pretty much established to be US law, no matter what you might think) and whether or not he can be extradited to the US from the UK for committing that crime in US jurisdiction (answer: Yes).
I advise you to consult lawyers if you're ever in doubt about these things. Because, thus far, nothing extraordinary has happened in terms of either US or UK law to this point as regards extraditing him on the offences alleged. Even Sweden's handling wasn't questionable in the law, and if they didn't have time limits on prosecution, he'd be there already. And the UK's handling has been ULTRA careful to the point that they refused the Swedish requests several times to make sure it was all done properly.
This is not only proper legal procedures, but there are decades and in some cases over a century of precedent on exactly the issues raised. Pretty much, by this point, they are unarguable. But, of course, with expensive lawyers you can generally delay things for quite a while even without a good argument to do so. Mostly because, as always, the courts will make sure that everything is done properly to reduce the chances of a successful appeal against their procedure.
Sorry, but this is old, well-established, clearly-defined law and was so long before Manning or Assange were even born.
(Score: 2) by quietus on Saturday October 03 2020, @07:32AM
I used to work for a company that specialized in Google Apps installs, so I'm not surprised about Google being compliant at all. A single Google Apps installation is extremely cheap (about 46 euro per year back in the day), which means you need large installation volumes to make it profitable. With that requirement, you end up at either big enterprise or at government institutions.
Enterprise had its own version of the cloud i.e. datacenters, and a serious support staff for them. Government, however, has that mainly outsourced to private IT providers, and Google provided a big cost cut in that respect.
The only obstacle there is that government cannot store data just about anywhere due to data privacy requirements (this was pre-GDPR time): it needs to stay within the country, or at least within the EU. Google back in the day (2009-2010) already was quick to comply with that requirement.
(Score: -1, Spam) by Anonymous Coward on Sunday October 04 2020, @05:07AM
See subject: APK Hosts File Engine 2.0++ 64-bit for Linux/BSD http://apk.it-mate.co.uk/APKHostsFileEngineForLinux.zip [it-mate.co.uk]
Yields more security/speed/reliability/anonymity vs. any 1 solution (99% of threats use hostnames vs. IP address most firewalls use) more efficiently/FASTER + NATIVELY 4 less.
Vs. "Bolt on 'MoAr' illogic-logic" slowing you hosts speed u up 2 ways: Adblocks + Hardcode fav. sites u spend most time @ vs. competition loaded w/ security bugs (DNS/AntiVir) + overheads slowing u (messagepass 'souled-out' to advertisers easily detected & blocked addons + firewall filtering drivers) & their complexity leads to exploitation!
* ONLY 1 of its kind in GUI 4 Linux/BSD!
(Better vs. Windows model in speed/efficiency/merge)
APK
P.S.=> Protects vs. script trackers/ads/DNS request tracking + redirect poisoned or downed DNS/botnets/malware downloads/malcript/email malicious payloads... apk