EU High Court To Review US-EU Data Safe Harbor Agreement 60
jfruh (300774) writes with news that a complaint in Irish Court against Facebook for possibly sharing personal data of EU citizens with the NSA has escalated to the European Court of Justice which will review the continuance of the U.S./EU Safe Harbor Framework in light of PRISM.
Under European laws, personal data of EU citizens can't be transferred to countries that don't meet EU standards for data protection. The U.S. doesn't meet those standards, but American companies have worked around this by using EU standards for the data of European citizens, even that data stored on servers outside of Europe. Now the EU's highest court will decide if this workaround is good enough — especially in light of revelations of the NSA's Prism data-mining program.
Re:It's not. But neither is the EU protection (Score:2, Informative)
What does it matter?... It would basically make it impossible for facebook and google to send user data to non-EU datacenters, and that means that the company and EU-side workers will be liable if EU customer data is siphon'ed off at those non-EU datacenters. Basically they cannot longer hide behind the safe harbor framework.
About the GCHQ/etc sucking up all our data as it moves between datacenters... well that comes under the requirement that the companies keep private data safe. That's another lawsuit for another time.
Stopping this would stop snooping in the UK too. (Score:3, Informative)
Re:I can see why they didn't investigate (Score:5, Informative)
They could fine Facebook until they hosted European data in Europe. If they refused they could seize their assets, and deny them revenue from European companies. The end result being that facebook and other companies like them would go screaming mad to congress. So yes, there's plenty that could be done.
Re:The problem with safe harbor (Score:4, Informative)
The trouble is that facebook et al are subject to the patriot act - this means that all the govt of the USA needs to do is say ''give me this data'' and they have to do it. The data can be anywhere in the world, if they can access it they need to give it to the NSA/... upon demand and can be stopped from telling anyone what they have done.
No, the trouble is that the jurisdiction of the Patriot Act (and all other US laws) ends at the US border; regardless of what agencies like the NSA like to believe. If US companies won't (or feel they can't) abide by the laws of the foreign countries in which they trade, then they'll just have to stop trading in those countries.
The economic impact on US tech companies of Prism, the Patriot Act, etc. is not exactly news; NSA's Prism Could Cost U.S. Cloud Companies $45 Billion - InformationWeek [informationweek.com].