New Privacy Laws In Asia May Cripple Data-Centric Outsourcing 98
bizwriter writes "Think privacy issues are a pain when they affect consumers? Get ready for the grandfather of all corporate computing headaches. Big privacy-law changes in India and China are about to turn data-processing outsourcing into a hurdle-leaping, paperwork-generating mess."
Re:Actually, this sounds like a clever way of... (Score:4, Interesting)
Maybe, but I think the EU should have done this long ago. The "safe harbour" regulation, where companies in the US promise to stick to EU law, is not worth the paper it is written on. Of course the NSA, FBI, DHS and some other three letter agencies have access, and maybe even more people.
The only way to keep data safe is to keep it under one jurisdiction. It is a sad state of affairs, but it is an accurate description of reality.
Re:Actually, this sounds like a clever way of... (Score:4, Interesting)
Yeah I think that's great. Indian outsourcing companies are basically making it hard for companies to ever get their data back. So either they will need knowledgeable staff in the USA to pull all their data off the Indian systems or it stays in India forever.
Good. About time US companies realize, make India your IT center you are subject to Indian IT law.
Where's the surprise? (Score:1, Interesting)
Well, while it seems to have superficial differences the Indian law (as described here) is rather similar to the EU data protection directive.
Tiny issues include:
- the form of the consent. One has to see how that is being handled, but consent to handle personal information is required in the EU too.
- some issues are also around what is a person-linked information. IPv4 addresses are ruled sometimes so, sometimes not. IPv6 addresses almost for sure will be person-linked. Did I mention that in practice Apache's default configuration is illegal? Notice how the EU has forced most (even US-based) ad networks to work around that by at least masking the last byte of the address.
- The right to know what a company stores about you, where it got that information from, and to correct wrong entries is rather natural. Depending upon where you ask in the EU data protection is considered either law, constitutional law, or a basic human right.
- The only thing that has made this in the past "easier to ignore" is that the EU considers US companies that pledge to keep their laws to be legal targets of at least some personal information. (Notice that EC2 expanded first with data centers into the EU, because of data protection laws in the EU).
- Notice that gmail/gapps are illegal to use (at least businesses) in a good part of the globe. E.g. even Canadian entities have decided not to use Google's offerings because of Canadian privacy laws. Basically the US approach of NO privacy (or actually privacy only in some niches, like HIPAA) is costing US business revenue. It will only get worse with time.
Re:Blah (Score:5, Interesting)
Well, look at it like this, when such laws become standard around the globe, and for example the EU decides to reject the US-EU data safe heaven idiocy, US businesses will overload the phone system in DC to get such laws in the US too, because more and more revenue will be lost, because it will be simply illegal to use an US provider to do anything related with personal data. Until this happens I guess nothing will happen in the US on this front.