"It is crystal clear what corporations want in the Transatlantic trade agreement (TTIP) and the other treaties being negotiated: a commitment to allow cross border data flows and data-processing across all services sectors, including financial services, without any limitations. They consider requirements to use local network infrastructure or local servers as discriminatory, with potentially adverse effects on trade."
But it seems that such a treaty would fall afoul of EU law, no? That's the basis of this position if it were to become a final ruling. The AG's position here is that data privacy is a fundamental right that cannot be negotiated away by the EU or its member states. Am I misunderstanding?
Yes, assuming the country was a signatory to the European Convention on Human Rights which all member states are required to be. In particular "Everyone has the right to respect for his private and family life, his home and his correspondence" with Rotaru v. Romania (2000) being the appropriate case law.
This is a major thing for us. We've got half a ton of stuff on AWS which is being moved back to physical kit at the moment. Turns out the cloud is a geopolitical risk and being in finance in Europe, our data protection regulations and compliance obligations are pretty heavy.
Incidentally it's working out much cheaper, simpler with less API lock in than AWS was as our workloads are fairly predictable and we make a lot of money off it.
This is an interesting legal issue, but I doubt it will have any practical effect on the NSA's future access to data.
As long as the NSA is collaborating with GCHQ, it doesn't need to transfer anything outside of the EU. If anything, the intercepts provided by the UK government are subject to fewer safeguards than those gathered in domestic surveillance programs.
The title of the article does not represent correctly the size of the issue. It's not just tech companies, it's every company leveraging Safe Harbor agreement, which potentially covers almost every US-based company with EU subsidiaries.
The thing that concerns me is the possible implications this may have on the ability of US based companies to operate saas services for customers in Europe. Following this to its logical conclusion, it could create two seperate internets, where one services the US and the other Europe stifling innovation and limiting adoption of new technologies.
We already have to deal with the walled garden of China, are we seeing the beginnings of something similar with Europe?
For any company, putting feet on the ground in multiple countries is cost prohibitive. So are you implying that running data centers in multiple countries is somehow cheap? Obviously using public cloud infrastructure is the only option for small companies, but it still means operating more assets than otherwise necessary.
I'm not debating privacy btw, just the concern over operational cost. There are other ways to secure data that are far better than simple data residency laws.
But not in every country... To reduce latency, it's much cheaper to reach customers in that last mile with CDNs, not replicating your entire infrastructure and all of you data stores.
There is already a "soft firewall" in the opposite direction because US companies are often reluctant to use European data centers.
Where I worked previously we included the geographic questions at the start of our standard RFI document. In asset least one case we had to drop the technically-best SaaS product because they only had data centers in France.
Even using Canadian or Australian data centers was often problematic. For employee data we could require that individual to provide consent for cross-border transfer as part of their contract but that wasn't possible for customers.
"It is crystal clear what corporations want in the Transatlantic trade agreement (TTIP) and the other treaties being negotiated: a commitment to allow cross border data flows and data-processing across all services sectors, including financial services, without any limitations. They consider requirements to use local network infrastructure or local servers as discriminatory, with potentially adverse effects on trade."
From 2014, http://www.zdnet.com/article/wikileaks-leak-shows-data-sover...
"50 countries including Australia and the US may be signing away rights to ensure sensitive customer data remains in its country of origin."