Welcome to WebmasterWorld Guest from 54.166.133.84

Forum Moderators: phranque

Message Too Old, No Replies

Data Transfer Pact Between U.S. and Europe Is Ruled Invalid

     
10:31 am on Oct 6, 2015 (gmt 0)

Administrator from JP 

WebmasterWorld Administrator bill is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Oct 12, 2000
posts: 15136
votes: 167


Data Transfer Pact Between U.S. and Europe Is Ruled Invalid [nytimes.com]

In its ruling, the court said that the broad-based data-sharing agreement — known as Safe Harbor — was flawed because it allowed American government authorities to gain routine access to Europeans’ online information. Such access infringes on Europeans’ rights to privacy established under the region’s tough data protection rules, the court said.
...
“This is extremely bad news for E.U.-U.S. trade,” said Richard Cumbley, a tech lawyer at Linklaters in London. “Thousands of U.S. businesses rely on the Safe Harbor as a means of moving information. Without Safe Harbor, they will be scrambling to put replacement measures in place.”
12:57 pm on Oct 7, 2015 (gmt 0)

Preferred Member from BG 

Top Contributors Of The Month

joined:Aug 11, 2014
posts:546
votes: 173


Can I ask what are the day-to-day implications for Europe on this? I kinda get it for the US but I believe Europeans will be hampered as well, or am I reading this the wrong way?
1:28 pm on Oct 7, 2015 (gmt 0)

Administrator from JP 

WebmasterWorld Administrator bill is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Oct 12, 2000
posts: 15136
votes: 167


Details haven't come in yet, but this could be a huge problem for anyone who transfers data across international boundaries. depending on how it's legislated.
2:25 pm on Oct 7, 2015 (gmt 0)

Senior Member from FR 

WebmasterWorld Senior Member leosghost is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Feb 15, 2004
posts:7139
votes: 410


This was a logical outcome..which is why I moved all sites that are aimed at an EU audience into EU hosting two or three years ago..

Will mean that many EU webmasters ( if they want to be in compliance with EU data laws will need to move to EU hosting / and look very carefully at what 3rd parties are collecting from their sites about their users ) ..Such things as "social media" and other "tracking" buttons and scripts ( Ganalytics, adsense cookie analysis ) etc are sending data to the U.S.A, which in the light of this ruling is no longer acceptable..

EU hosting companies will maybe see a major boost in clients..But EU webmasters will need to look very closely at who genuinely does host your website in the EU..and who claims that they do, but in fact frequently hosts customers who sign up for "hosted in the EU", in their U.S.A DC spaces.
7:03 am on Oct 8, 2015 (gmt 0)

Senior Member from GB 

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:Nov 16, 2005
posts:2866
votes: 158


@Nutterum, for one thing, it means European companies cannot outsource processing or storage or personal data to the US.

@leosghost, are you sure about social media and tracking buttons? I would have thought there is no transfer from you, because you do not capture the data - they capture it directly. Furthermore, the data cannot always be linked to a person, and you do not even know whether it can or not.

I agree it was inevitable.

Incidentally, I think it is, in any case, good practice not to use social media buttons provided by the social media sites. Simple share links do the job equally well, load faster, and mean you are not handing over data in usage of your site to someone else for no return (they end up with better data than you, because they can identify logged in users), and you protect your users privacy.
7:12 am on Oct 8, 2015 (gmt 0)

Senior Member from GB 

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:Nov 16, 2005
posts:2866
votes: 158


Another issue: ownership of the hosting provider. Even if your site is hosted on a server in the EU, if it is provided by an American company, what will they do if the American authorities demand access to the data? It will probably be the same as in the Indymedia case: [privacyinternational.org ]. I doubt you will have a legal liability, but its probably a situation best avoided,
7:43 am on Oct 9, 2015 (gmt 0)

Preferred Member from BG 

Top Contributors Of The Month

joined:Aug 11, 2014
posts:546
votes: 173


I understand the situation now, but that does make this ruling any less of a mess. The big data providers are so interlinked that essentially this ruling will be ignored largely because of its ineffectiveness. The only benefit might be that companies can sue their hosting/data providers if they provide information to US authorities without their consent, which is still a moot point because they will regardless, just this time won't tell anyone.
8:02 am on Oct 9, 2015 (gmt 0)

Administrator from JP 

WebmasterWorld Administrator bill is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Oct 12, 2000
posts: 15136
votes: 167


The Internet doesn't really work within geographical borders. This could have strange effects on where data is hosted. How do you deal with cloud services and CDNs? How can they enforce this?
10:36 am on Oct 12, 2015 (gmt 0)

Preferred Member from BG 

Top Contributors Of The Month

joined:Aug 11, 2014
posts:546
votes: 173


They can`t. This ruling in my mind is made for a "what if" legal situation, where a company can sue another company for providing data to US Agencies without the consent of the first company. Basically Europe is tightening their pants against a potential second Snowden case. If such case presents itself many companies can sue US for damages or whatever else they deem worthy.