New EU Rules To Curb Transfer of European Data To the U.S.

dryriver points out a report at The Guardian about new regulations in the European Union that are intended to protect data from foreign government agencies like the NSA. Quoting: "New European rules aimed at curbing questionable transfers of data from E.U. countries to the U.S. are being finalized in Brussels in the first concrete reaction to the Edward Snowden disclosures on U.S. and British mass surveillance of digital communications. Regulations on European data protection standards are expected to pass the European parliament committee stage on Monday after the various political groupings agreed on a new compromise draft following two years of gridlock on the issue. The draft would make it harder for the big U.S. internet servers and social media providers to transfer European data to third countries, subject them to E.U. law rather than secret American court orders, and authorize swingeing fines possibly running into the billions for the first time for not complying with the new rules. ... The current rules are easily sidestepped by the big Silicon Valley companies, Brussels argues. The new rules, if agreed, would ban the transfer of data unless based on E.U. law or under a new transatlantic pact with the Americans complying with E.U. law. ... The proposed ban has been revived directly as a result of the uproar over operations by the U.S.'s National Security Agency."

Re:Not going to make much difference

[Anonymous Coward]

It sounds like the EU is outlawing these clauses. I don't know about the US, but here (Brussels) a clause in a contract is invalid if it is illegal.

Re:how silly..

[Anonymous Coward]

Not really. I'm afraid you interpreted that statement in a very "american" way. European (*) intelligence agencies aren't saints, but they are definitely subjected to far more oversight than the NSA, and no, they don't do the same. Even if they wanted, they couldn't because they don't have sufficient budgets.

Obviously data protection rules do not apply to intelligence services, but this doesn't mean that a european intelligence agency can ask a company to give in all its users' data, as it happily happens in the US. In europe they need a court warrant for that, no matter whether it's national security or not. And they cannot share bulk data with the NSA, but only data strictly related to military or terrorist threats. The fact that the EU data protection regulation doesn't apply to intelligence services simply means that once data get (legally) gathered by an intelligence agency, users cannot ask for "the right to be forgotten" or other data protection rights.

(*) I don't include the UK and the GHCQ in what I call "europe". The first is just an american protectorate, the second an NSA's subsidiary. If any british reader feels offended, I don't care. As a european citizen, I'm waiting for them to get out of the EU, fast.