back to article 'Hypocritical' Europe is just as bad as the USA for data protection

Europe is being hypocritical by derailing the Safe Harbour data protection agreement - because its own protections for citizens against indiscriminate surveillance are worse than the USA’s. That’s the view of one expert on international data protection law at a meeting held by European competition group iComp today. Dr Ian …

  1. Your alien overlord - fear me

    "and European law enforcement opted for blanket surveillance far more readily than US law enforcement." - I take it he doesn't count the NSA as law enforcement then?

    1. kain preacher

      NSA is not law enforcement. It's run by the military with civilians and military personal .

  2. Vimes

    There was 'surprise and shock' at the decision? They really didn't see this one coming? Seriously?

  3. Vimes

    “We didn’t reach for our pad of Enforcement Notices,” he boasted

    Not something to be proud of IMO, given the past piss poor performance of the ICO when it comes to actually enforcing the law.

    ...adding, “We don't intend to use our regulatory powers in a pre-emptive way.”

    They rarely use them at all

    The ICO really is a waste of space when it comes to data protection.

  4. Anonymous Coward
    FAIL

    Deliberately missing the point, or fuckwit?

    Shirley the point is not...

    US privacy rights for US subjects vs. EU privacy rights for EU subjects (some dodgy shit vs. some other dodgy shit)

    ...but rather...

    US privacy rights for EU subjects vs. EU privacy rights for EU subjects (absolutely fuck all - rape the bastards lads vs. some dodgy shit)

    1. g e
      Pint

      Re: Deliberately missing the point, or fuckwit?

      Precisely.

      This, sir has saved me making exactly this post and thusly you are rewarded a just, if virtual, pint.

    2. Grikath

      Re: Deliberately missing the point, or fuckwit?

      Both.. A quick look at his resumé shows he's been at the heart of the Think of the Children Brigade and other such worthies. He also seems to suffer from Fog in Channel syndrome if he takes the UK situation when it comes to privacy, surveillance, and guarantees therewith as a standard for Europe.

    3. streaky

      Re: Deliberately missing the point, or fuckwit?

      Yes, it is this. But the argument is fundamentally malformed anyways - the rights of US citizens with regards to privacy are due to the powers of presidents being completely unknowable. You'd have to have the FBI show up at the NSA and go through everything and even if they did you'd still have to assert that you can trust the FBI to be objective to make any of these claims.

      Secret laws covering whatever people want for any reason at any time are the problem here besides the fact US offers zero protection for non-US citizens outside the US - but you can't even fairly argue any of this is the case for US citizens inside the US when the people who write secret orders and those that use them operate completely outside the realms of the courts.

      This is the case in the UK too but at least we're making an effort. Lawmakers in the US think that external rights that would balance this are hilarious.

      1. tom dial Silver badge

        Re: Deliberately missing the point, or fuckwit?

        I am minded to ask what the legal protections are under European national laws for non-citizens and residents outside their respective countries. Are there any? Stewart Baker (former NSA legal counsel) has argued in testimony to the US Congress that US citizens and residents have more legal protection against their government than citizens and residents in most of Europe, including the UK, France, and Germany, have against theirs. The US has a requirement for warrants or other court orders, ensuring that demands for data have been reviewed at least minimally by a nominally independent third party.

        We know from the files Edward Snowden released, and those later declassified in response, that the NSA's data collection and analysis was done under laws passed by the US Congress, executive orders issued and updated by numerous Presidents, with review and (usually) approval by a properly authorized court consisting of federal judges nominated by a President, approved by the Senate, and appointed, as additional duty, by the Chief Justice of the Supreme Court. Nothing in what was released or declassified suggests frequent, intentional, or systematic NSA action outside that legal framework. Nearly all US citizens are much more at risk from criminals after their money than any government official. Among government officials, the risks, in roughly descending order, are local police; tax assessors; ambitious, overcharging prosecutors (local ahead of federal); and far behind, the FBI and intelligence agencies.

        The President, indeed, occasionally goes beyond what the Constitution and laws allow, and the laws sometimes authorize unconstitutional actions. That has been true for over 200 years. The courts have made corrections in the past and will continue to do so in the future.

        The President and executive branch generally are not required to protect those who are not US citizens or in the US from anything, any more than another government is obliged to protect non-citizens located outside of their jurisdiction. This can be, and often is, modified by treaties and other intergovernment agreements, but is the default rule.

        I anticipate quite a few down votes for this post. I would prefer a clear description of the legal protections that apply to European citizens and legal residents instead, but would be quite satisfied with both.

        1. streaky

          Re: Deliberately missing the point, or fuckwit?

          I am minded to ask what the legal protections are under European national laws for non-citizens and residents outside their respective countries. Are there any?

          As far as the Charter goes (which is what we're talking about) - they are total. For example as a US citizen in the US is treated for example by the German, French, Irish etc states; which is I believe what you're asking. If you were a US citizen in the US and me as a UK citizen in the UK the Charter guarantees us equal rights.

          The US constitution doesn't guarantee me the same rights as a non-US citizen outside the US (such as it is/in key areas like privacy protection and protection from unreasonable searches) which is entirely why everything fell apart and the previous data laws and treaties were meaningless. The overriding opinion in the past was they confer reasonably equal rights but this has been proven lunacy and we are where we are. I personally don't think it can be fixed though.

          The US says it has legal protections but they're not worth the paper they're written on when I can't sue for them anyway plus most US legal minds don't think they apply to me even if I can sue for them (the last point is important because the US govt legislative branch thinks letting me sue for rights I don't have puts this back in the box and they're wrong).

          The President and executive branch generally are not required to protect those who are not US citizens or in the US from anything

          Yes, exactly - but EU states *are* required to do that.

          1. tom dial Silver badge

            Re: Deliberately missing the point, or fuckwit?

            Stipulating that Wikipedia cannot be considered an authoritative source of information, particularly about matters that involve the complexities of international law and domestic law in various regions and countries, I referred to it for a quick summary of the "Charter," which I took to be the "Charter of Fundamental Rights of the European Union," drafted by the European Convention on Human Rights in 1999 and finally confirmed by the Treaty of Lisbon in 2009, signed and ultimately ratified (with reservations by the UK and Poland) by 27 EU countries. From what is there, it appears it applies to citizens of any EU country in any EU country. EU governments may have extended the protections to citizens of other countries, and probably are bound by treaty to do so in the case of foreigners legally present in EU countries, as the US does in the case of all foreigners legally present in the US. To the extent specified in treaties (and possibly other intergovernment agreements), they also would be constrained in their actions toward foreigners outside of EU territory. I saw nothing in the English language version of the Charter suggesting any general obligation to citizens of non-EU states who are not present in EU territory.

            The subject is, of course highly technical and governed by numerous treaties and laws, and I might have missed something significant; if so, I would be happy for someone with more knowledge to point it out.

    4. John Brown (no body) Silver badge
      Pint

      Re: Deliberately missing the point, or fuckwit?

      "US privacy rights for EU subjects vs. EU privacy rights for EU subjects (absolutely fuck all - rape the bastards lads vs. some dodgy shit)"

      Spot on. There's no hypocrisy on the EU side of this sorry tale. Both US and EU data is subject to protection at home. Once the data goes off-shore and the data subject is a "furriner", there is no protection whatsoever in law The reason it seems like a EU v USA thing is simply because the data flow is mainly one way, ie to the USA where EU data subjects have no legal protection whatsoever.

  5. Jagged

    Don't use the UK as an example of European privacy rights. Our government (of any flavour) has always been very happy to hand everything over to the Americans, up and including to, innocent citizens.

  6. Doctor Syntax Silver badge

    The reason the ICO hasn't reached for its pad of enforcement notices is probably because nobody has challenged a UK company's use of Safe Harbour. If that happens then they'll be obliged to investigate.

    GCHQ is another matter and someone might need to take that to the ECJ.

  7. Chicken Marengo
    Thumb Up

    Good work

    I'm just happy to see the spy vs. spy guys out and about

    1. Loyal Commenter Silver badge

      Re: Good work

      That game was indeed a classic.

      1. Anonymous Coward
        Anonymous Coward

        Re: Good work @Loyal Commenter

        You are aware that it was a comic strip in Mad before it was a game, aren't you.

        1. Anonymous Coward
          Anonymous Coward

          Re: Good work @Loyal Commenter

          Be nice. Some are not as well-seasoned as us.

  8. Anonymous Coward
    Anonymous Coward

    "They’re not just a square peg in a round hole, but a hexagon in a round hole.”

    Surely a hexagon peg fits better into a round hole than a square peg does?

    1. Anonymous Coward
      WTF?

      Quite. Good evidence for the "fuckwit" hypothesis there.

    2. Stuart 18
      FAIL

      I agree

      Saw that quote in the article and was immediately thinking the same thing. I mean what kind of prat tries to exagerrate a perfectly great analogy of FAILURE by FAILING to understand the analogy. It's a basic mathematical concept that the greater the number of equilateral sides the better the fit of a similarly sized object within a circle if fit is defined as the exclusion of spare free space as is understoodbya general engineering perspective. This guy is a triangle of the first order:-)

      1. John Brown (no body) Silver badge
        Coat

        Re: I agree

        "spare free space as is understoodbya general engineering perspective"

        Yes, that's so true. Here, have a couple of extra spaces on me

        That's them there -------->

    3. Anonymous Coward
      Anonymous Coward

      That's like trying to put a chiliagonial peg in a round hole.

  9. Charlie Clark Silver badge

    The group has of European Data Protection Officers has given the situation until the end of January for a resolution after which Safe Harbour will be treated as no longer valid and its also likely that the "standard clauses" favoured by the Commission will considered in much the same way. We'll hopefully see a couple of high profile cases then everything will settle down: "suveil-as-you-go", fast-track warrants will no doubt become available to all law enforcement services that want them.

    About the only thing this article gets right is the shift away from the European Commission to the national officers. Good because data protection is probably the area where the Commission has consistently failed to act in the interests of EU citizens.

    Safe Harbour was on the way out anyway when the new Directive goes into force. It's just going to happen faster now.

    1. Vimes

      Good because data protection is probably the area where the Commission has consistently failed to act in the interests of EU citizens.

      Not that the ICO has been any better.

      Repeated attempts to get them to justify the use of other measures like model clauses or binding corporate rules - both of which they seem to think are still acceptable - don't get any answers. I've tried, and the best they seem to be able to manage is to shrug their shoulders and tell us that these measures haven't been thrown out of court quite yet, whilst completely failing to look at them in any critical sense.

      The ICO seem to expect somebody else to come to a conclusion for them when it comes to the suitability of these measures. God forbid that some member of the public expect the ICO to do their job and come to one themselves.

      1. Charlie Clark Silver badge

        Not that the ICO has been any better.

        You're right. And neither has the Irish ICO. Of course, they've been kept on a short lead by the government and are chronically underfunded. With the ECJ judgment that might start to change: even if the ICO doesn't want to grow a pair the courts are likely to uphold challenges if they decide to do SFA.

        Phoney war until the end of January.

        1. Vimes

          ... are chronically underfunded

          That may well be true, but that would only explain failing to take on cases. Being underfunded does not explain taking on complaints but then failing to take action, since the costs arising from having to comply would have to be met from those organisations found guilty. From the looks of current cases it looks like the ICO thinks their only remit is to deal with nuisance calls. Anything else seems to be beyond them most of the time.

          It's a pity really, since the ICO have two distinct functions: one to do with data protection and the other to do with FoI. Personally I have more respect for them when it comes to FoI.

          They may on occasion show too much deference to certain central government departments - the Cabinet Office probably being the worst one of the bunch - but on the whole they seem to do much better with FoI than anything to do with the DPA, and whilst I may not always agree with their conclusions you can normally see that some thought has gone into their responses.

  10. alain williams Silver badge

    Two different discussions

    He was arguing about how European governments poke into data. We all agree that that is bad; however the NSA is just as bad.

    He ignored limits on corporate use of private data. Here Europe is streets ahead of the USA. In the USA personal data is fair game, a commodity with which to make money. In Europe companies are (in theory at least) restricted as to what they can do with it.

    When doing a compare and contrast: do not ignore the bits that do not bolster your point of view.

  11. Anonymous Coward
    Anonymous Coward

    The scum leading the dumb

    If you can't figure out why it is important to monitor electronic communications and other data, then you aren't qualified to even discuss the subject.

    1. Richard Taylor 2
      Devil

      Re: The scum leading the dumb

      I'm just surprised this is anonymous. I assume that it is because of one of a number of reasons

      - you have run out of sock puppet accounts based on the same IP address (well let's face it, its not worth the money to do even a basic job of obfuscation)

      - you really believe it (and are not happy to take advice from others)

      - ummmm

      - errrrr

      (that'senuff. Ed.)

    2. qwertyuiop
      WTF?

      Re: The scum leading the dumb

      I know I'm not the first to say it but it's true nonetheless - you don't find a needle in a haystack by making the haystack bigger.

      One depressing fact that has emerged from almost every terrorist attack in the western world since 9/11 is that the bad guys were already on the radar of the security services. It's just that the data was overlooked or its seriousness wasn't appreciated. So what's the proposed solution to the problem? Hoover up even more data because obviously we'll find what we already had if we have to search an even bigger volume of crap.

      1. tom dial Silver badge

        Re: The scum leading the dumb

        To press on with more or less irrelevant analogies, you also do not find a needle in a haystack if you do not look for it, and you are more likely to find a needle in a haystack if you look at all of it than if you look only at part.

        It is worthwhile to keep in mind that SigInt agency capture and filtering of internet backbone data flows is pretty much the same thing they were (and are) doing with radio signals at places like Menwith Hill and Sugar Grove, and in numerous other listening stations before them. The internet changed the transmission means, but nothing else.

        The fact that nearly all terrorist perpetrators were known (for some definition of known) may indicate no more than police/intelligence staffing insufficient to follow up on all of them. That seems to have been true in the Charlie Hebdo shootings and may have been a factor in the more recent ones in Paris. It is not clear whether increased data collection and analysis would make things better or worse, although I suspect the latter. Manpower and other resources used for collection and analysis might better be used for direct surveillance of those thought to be risks, and John Poindexter's notion that sorting and collating all the data by machine would replace human agents with algorithms always was pretty much a pipe dream, completely aside form the fact that it couldn't be sold even in the immediate post-9/11 panic.

    3. Anonymous Coward
      Anonymous Coward

      Re: The scum leading the dumb

      Evening Matt.

      Taken a wrong turn on your way to the daily fail?

  12. Rol

    When my mischievous son steals money from my wallet I'll reach for my whipping stick.

    When the guy down the street steals money from my wallet I'll reach for my shooting stick.

    btw

    I don't have a shooting stick, a whipping stick, or for that matter, a mischievous son, neither do I have the mindset that whipping or shooting would solve anything, it's just an allegory to show infractions within a community are never perceived as badly as those committed by outsiders.

    1. graeme leggett Silver badge

      "within a community are never perceived as badly as those committed by outsiders."

      Especially given which one has abused the trust more. Unless the story is about greater forgiveness to those in your own community?

  13. Leeroy

    Protect yourself

    Stop using American companies to host your data. Host it all either on site or with uk only companies.

    Oh hang on..... how do I stop those w7 / 8 machines updating to 10 again :/ I am hoping that WSUS makes it obvious !

  14. heyrick Silver badge

    Yes the EU spies, but there's a big difference...

    ...the EU can tell the EU to fix the EU and something might change.

  15. Mark 85

    This whole data/privacy/security issue reminds of a poem that pretty much says that no one isn't tainted by slurping/sharing/spying.

    "Under the spreading chestnut tree,

    I sold you and you sold me".

    There's no innocents here. It's all lip service about trying to make one's citizens feel better about their government. Given the nature of the data sharing, every agency in every country is bad. And if the reaction to the Paris attacks is any indication, it's only going to get worse.

  16. Wommit
    Unhappy

    And still the basic problem is skipped over. It's not the US companies at fault, it's the US government and its agencies. While the US law states that US companies have to hand over any and every piece of personal data they hold, regardless of the nationality or legal framework under which the data was collected, there can be no safe harbour.

  17. The_Idiot

    Nobody...

    ... claiming to be 'in control' or 'in power' appears to be interested in fixing what _they're_ doing. Only in telling everyone how 'evil' or 'bad' the 'other guys' are (yes, Jones Minor. Or girls. Yes, or both. Now see me after class).

    It's (to me at least) like a continual election campaign, with no side interested in trying to convince you their own agenda is better, because it's so much safer and easier to throw out attack ad type pieces about 'them others'.

    Yes. I'm ranting. Yes, I'm grumpy. And I'd say I'm tired of this excrement, but I'm afraid that in this particular context I'd have to be less worn out by experience to imporove to 'tired of it'. Sigh...

  18. WatAWorld

    Typical lawyer, stating the issue is something other than what it really is

    The issue with the EU revoking the Safe Harbour agreement is NOT which of the USA or EU treats its own people better.

    The issue is whether the EU meets the safe harbour agreement in regards to foreigners, specifically EU citizens.

    That is the only issue.

    Yes the USA grants human rights to its own citizens and residents of its own country, but NO they do not grant human rights to foreigners living in other countries. Hence the safe harbour agreement has been abrogated by the USA.

    1. Anonymous Coward
      Anonymous Coward

      Re: Typical lawyer, stating the issue is something other than what it really is

      Did you mean for your third "EU" to be a "US"?

  19. Brent Beach

    We have been in a race to the bottom on privacy. The UK is heading down the spiral with unseemly haste. Its leaders jumping up and down and screaming 'The Sky is Falling' like Chicken Little.

    The ECJ decision in the Schrems case, Snowden, have shown we have a problem.

    With country based enforcement, real privacy could easily become a national advantage. Countries that have the strongest privacy rules will end up having all the data centres. People will opt to use companies based in the safest countries.

    That means, of course, that the US and UK will get no business at all.

    Like offshore banking, offshore data storage with complete privacy could be in our future.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like