Carp
Will the US judges be applying EU law and standards to EU citizens data in the US or US law and standards?
The NSA's blanket surveillance of Europeans will be subject to judicial review, according to EU Justice Commissioner Vera Jourová. At a committee meeting of the European Parliament this week, Jourová provided details of the replacement to the struck-down safe harbor framework, which until this month allowed people's personal …
>Yes, the US will be nice, we promise...
So nice in fact that they are in the middle of passing a bill encouraging corporations to turn over any customer information involved in a hacking attempt to the Homeland Security and the NSA and be shielded from all liability for their efforts.
So nice in fact that they are in the middle of passing a bill encouraging corporations to turn over any customer information involved in a hacking attempt to the Homeland Security and the NSA and be shielded from all liability for their efforts.
Do we need a warrant for this? Nah, just press that button to launch a hack against them. They'll give us the info we want once we send the "We've noticed a hacking attempt on your systems" letter..
Meanwhile in a parallel universe...
"Thank you Judge for your detailed and interesting review of our surveillance activities. Maybe you would care to also review this other dossier before we pass it to the press ... Why yes it does appear to have your name on it, isn't that a coincidence."
It looks like the US doesn't intend on making things any easier, since CISA has been passed. One interesting aspect that is to make the types of information shared between corporations and the government exempt from their Freedom of Information Act.
If they're limiting rights to freedoms for Americans, what makes anybody here think that they give a shit about us?
For that matter how deluded do politicians here have to be in order to believe that the US will be willing share what requests have been made when they're busy hiding details from their own citizenry?
One purpose of the CISA appears to be to address a perceived reluctance of companies to disclose embarassing like that they have been hacked or targeted or defensive measures they have taken and may consider proprietary information. Exempting the disclosures from FOIA requests may be removal of an incentive to not share such information. In this it would be similar to the limited exemption from antitrust laws in section 104(e) that applies to threat information shared among private entities.
"granted to the FBI and other US agencies on national security grounds.". But what if it's for a local crime or just being nosey? Whatabout oversight of US Company A selling/swapping personal data from EU citizens to US Comapny B (or even EU Comapny C) without their prior permission/consent?
Sounds like it's another Safe Harbour cock-up/fudge to please a certain group of people which doesn't include any EU citizens.
For that matter: if judges have questions regarding one or more of the cases, will they be given access to the information held by the US government that allegedly justifies the requests?
Or will they simply be given the choice to either support or reject the activities without any further information?
I don't care much whether this lass is corrupt or just stupid, but the fact that a politician formerly accused in her country of accepting big bribes and who is a member of a populist party (the ANO*) recently founded by a millionaire has been given this position in the EU is quite depressing.
The good part is that she is in the spotlight now, and she's probably become a toxic asset for her party and the Europarliament "group" said party belongs to.
Note*: Bonus for Spanish speakers here. ;-)
Are we supposed to be cheering? I don't want my data to be subject to US law at all, with or without new improved features. I certainly don't see many Americans delighted with the 'protections' they have from surveillance, which certainly haven't improved with CISA.
That's assuming we could even trust their word on 'guarantees', which history unequivocally says we can't.
I guess we'll have to fall back to ye olde "vote with your wallets" scheme, which - considering those who give a s##t are likely a mere drop in the ocean of those who really don't, just as long as they "can get on Facebook" - probably means we're stuck with the "same old, same old" in perpetuity...
It would seem much simpler to me that the EU mandates that EU citizen data is processed by EU resident businesses OR, for those businesses from outside the EU that choose to operate in this market, they do so accessing EU citizen data stored here.
To afford the better protections of our data we should all seek, the default and primary choice should be that EU citizen data is held in storage facilities actually in the EU, with 'sensitive data a rest' and ALL data 'in-flight' being encrypted.
A data processor from within or external to the EU would have the same access regime to negotiate and would therefore be auditable and accountable within the EU and they would also need to be granted access, with auditable key management, to encrypted data.
Citizens should have the right to insist that their data is processed in the EU, again by primary default, meaning that businesses from outside the EU should establish and use facilities in this region, if they choose to operate here. That way would prevent EU business 'off-loading responsibility' through, all too often, opaque 3rd-parties whilst massively curtailing the huge abuses exercised by U.S. authorities on EU citizens.
EU storage and data processing businesses might get a boost from this; offering a more secure data management and processing regime would be a strong play in 'The land of the Free' and I suspect in other countries, too.
If the EU wants to exercise control, it needs to take control and stop wasting money and effort, floundering on the rocky shores of "Safe Harbor" and failing to land any usable catch...
Of course, the correct method of controlling the flow of data is not to give the buggers any in the first place. I have no reasonable expectation that things like my banking and financial records stay in the EU, let alone Britain but I can't really do much about that. Seppos will always be interested in your money and that's one area where regulation can make a difference. I won't hold my breath, though.
Everything else gets "need to know." If they ask for my DoB with no reason and no way to verify it, they get a fake one. It gets stored in KeePassX along with the password and it then becomes another factor of authentication on my side rather than a relational key for their data mining op. Get yourself a cheap domain name and use different e-mail addresses for every company so you can see who is selling your details on. All my passwords are different and I'll even falsify my address in cases where they don't need to know it, i.e. the local telephone exchange must be getting sick of getting Screwfix catalogues and Maplin vouchers by now. Oh, and don't give any personal information over the telephone to incoming callers. Ever.
If you drop a dead cow down the well of your personal data they'll have to stop drinking from it eventually.
they treat non-US personal data as totally legally out-of-bounds, since they have no constitutional right to that data. It concerns citizens of other countries, and the determination of their criminality is not of American concern. No matter that any American may beg to differ. They can go fuck themselves, including any American commentard on here.
What they do with Americans' personal data is within their purvue and should be treated appropriately in accordance with American law.