http://www.h-online.com/security/news/item/EU-reform-sets-out-to-close-US-cloud-data-access-loophole-1376090.html



About time too!

Pfft. How is a law in the EU going to look to the CIO of say Google, sat in his offices in the US, when a member of the FBI wanders in with a legal document requiring him to hand over data or go to jail? I tell you how it's going to look. It's going to look like the EU is a very very long way away.

The guaranteed only way to keep your data safe from possible abuse of the Patriot Act is to keep it out of the clutches of companies based in the US. The EU can make as many laws as it likes, in the real world you do what the cop at your door says, not the cop that's several thousand miles away.

Jon

It's quite simple, the EU will want assurances, and should those assurances not be forthcoming or are broken the EU will impose stiff penalties.

It might make Cloud Computoing viable in Europe.

The problem, at the moment is that Google and co. give the US Government the data upon request (with the Patriot Act, the USG don't even need a court order!).

The company whose data has been given to the USG is now in contravention of EU law, because he has "allowed" his data to be given to a third party outside the EU, without first getting waivers from each individual whose data has been handed over (employees, customers, creditors etc.). The company is the one that will have to pay the fines, compensation and its directors could also face inprisonment.

The company must inform the users, that somebody outside the EU wants their data and they have to get their permission, before the data is handed over. Google are forbidden (under the Patriot Act) from informing the company that the data has been handed over, they are also not allowed to get the permission of the individuals involved.

It is currently commercial suicide to even consider a cloud service run by a company with offices in America (the don't need an HQ in America, just a branch office or a server farm).

If the law changes and Google & co. aren't allowed to export the data, without first complying with EU privacy law, it would be a step in the right direction. As the Patriot Act is unpatriotic and constitutionally illegal in America, it would be better, if it was scrapped altogether.

They already have that, yet they're planning to bring in more regulations. What does that tell you? Of course, those assurances will be given. But how will they be monitored? The only way the EU is going to know if the rules have been breached is, as now, if the people who will be prosecuted if those rules are breached tell them. I kind of think that's not all that likely. Because I know I wouldn't tell them even if I was allowed to, which under the terms of the Patriot Act I may be required not to. Break the Patriot Act and be sent to jail in the country you're sitting in, or break the EU data regulations and be sent to jail in a country that's thousands of miles away that you probably don't plan to visit any time soon anyway and then only if you tell them you're guilty. Which would you choose?

Extra regulations and more punishments make no difference at all. Because no regulations or punishments matter if you can't enforce them.

Keep the data in the EU, and keep the head office of the company that's storing the data in the EU (or more accurately outside the US) otherwise you have no protection against the Patriot Act at all.

Jon

I can feel the world shaking at that prospect in the current climate...

Well they have to pay for the Greek / Italian overdraft somehow

Fine Apple / Google/ Microsoft E10 billion each for breach of the rules

Actually, Apple could buy Greece.

Not even Apples mighty war chest could help Greece out as IIRC Greece owes over $455 billion!!!
Unless they offered 10cents in the doller as part of package