Ireland To Order Facebook To Stop Sending User Data To US (wsj.com) 38
A European Union privacy regulator has sent Facebook a preliminary order to suspend data transfers to the U.S. about its EU users, WSJ reported Wednesday, citing people familiar with the matter, an operational and legal challenge for the company that could set a precedent for other tech giants. From the report: The preliminary order, the people said, was sent by Ireland's Data Protection Commission to Facebook late last month, asking for the company's response. It is the first significant step EU regulators have taken to enforce a July ruling about data transfers from the bloc's top court. That ruling restricted how companies like Facebook can send personal information about Europeans to U.S. soil, because it found that Europeans have no effective way to challenge American government surveillance. To comply with Ireland's preliminary order, Facebook would likely have to re-engineer its service to silo off most data it collects from European users, or stop serving them entirely, at least temporarily. If it fails to comply with an order, Ireland's data commission has the power to fine Facebook up to 4% of its annual revenue, or $2.8 billion. Nick Clegg, Facebook's top policy and communications executive, confirmed that Ireland's privacy regulator has suggested, as part of an inquiry, that Facebook can no longer in practice conduct EU-U.S. data transfers using a widely used type of contract. "A lack of safe, secure and legal international data transfers would damage the economy and prevent the emergence of data-driven businesses from the EU, just as we seek a recovery from Covid-19," Mr. Clegg said.
Oh, the Lulz (Score:1)
Facebook, and many other companies, set up their European operations in Ireland because of lower taxes. More "business friendly", dontcha know. Now they're going to get fucked. Couldn't happen to a nicer bunch of people.
Re: (Score:2)
2/10, very feeble trolling. And those 2 points just for EUSSR, the rest is simply not even interesting, let along stirring any kind of emotion.
Fuck, does /. really not deserve more attention from the troll farms? Are we really that unimportant now that we only get the interns?
Re: (Score:2)
Ireland is biting the hand that feeds them. That's ok if they want to, but just be aware of the possible consequences.
Re:Oh, the Lulz (Score:5, Interesting)
Thats kinda the point, Facebook doesn't really feed Ireland all that much - theres some tangential income from property taxes and jobs, but its not huge compared to what Facebook could be paying in corporation tax elsewhere.
Re: (Score:2)
Ireland is biting the hand that feeds them. That's ok if they want to, but just be aware of the possible consequences.
That's what Trevelyan said during the Great Hunger, too.
Re: (Score:3)
I can only conclude it's because the Irish are white.
Nope. It is because we don't take it as an insult.
I am an Irish-American. A six-pack of Guinness and a potato sounds like a great breakfast to me.
Re: (Score:3, Funny)
"I am an Irish-American. A six-pack of Guinness and a potato sounds like a great breakfast to me."
Same here, but what's the potato for?
Why does it matter where the data is stored? (Score:1)
If a law cares where the data is stored, it's a dumb law.
If the data is collected "in" Ireland and the company has assets in Ireland then the company can be punished for what it does with that data anywhere in the world... In Ireland.
Re: (Score:3, Insightful)
Right, but under current international trade agreements the company can't be punished for what the US government (for example) does (possibly accidentally) with the data after it is exfiltrated to servers on US territory. The agreements (probably very naively) were made in good faith without any recourse in that case for any parties on any sides, so now the smart ones are starting to call for preemptively stopping the data exfiltration practice altogether.
Re: (Score:1)
(And, incidentally, you should have been smart enough to know this. I'm disappointed in you today. Did you forget your morning beer?)
Re:Why does it matter where the data is stored? (Score:5, Insightful)
Re: (Score:3)
If a law cares where the data is stored, it's a dumb law.
If the data is collected "in" Ireland and the company has assets in Ireland then the company can be punished for what it does with that data anywhere in the world... In Ireland.
The rules governing this is the GDPR [wikipedia.org] which protects the data and privacy of EEA residents. To ensure this, there are rules for collecting data and processing them. If data is to be processed outside the EEA, the data must still be protected by the regulation - or the transfer of data is illegal. This is to avoid that companies can just ignore the regulation by doing the illegal bits outside the EU.
The agreement [wikipedia.org] between the EU and the US making such data transfers possible was struck down by the court [lexology.com] in
Microsoft tried this (Score:3, Informative)
Microsoft tried exactly this. The US surveillance state said, "Nope, you have access to the data; we order you to repatriate it and provide it to us!" https://en.wikipedia.org/wiki/... [wikipedia.org]
Curiously, the data was located in Ireland. Here, Ireland is saying that Facebook isn't allowed to send the data to the US. Oh, how history repeats itself.
Re:Microsoft tried this (Score:5, Informative)
It's also worth remembering that Ireland has intentionally slow walked this for at least a decade if not more. Privacy complaints have to be directed to national regulator, who is also responsible for implementing relevant court orders should they come. Irish one went with "we're understaffed and can't really handle it, so we slow walk every request and even court orders" for about a decade if not longer at this point. It's a part of their national project of ensuring that Silicon Valley giants keep their headquarters in Ireland alongside things like tax haven-like taxation rules.
This is simply them not being able to ignore a direct and specific EU court ruling for much longer. They'll almost certainly slow walk this just as much as they have before, and everyone involved knows it. Expect lots and lots of typical corporate speak about how they're going to act, followed by months of silence, then another such proclamation, and another few months of silence. And keep repeating this process.
Re: (Score:2)
The difference is maybe that MS had to deal with the problem that certain companies cannot use their cloud services if MS cannot ascertain that the data never leaves EU territory.
Facebook doesn't really have to deal with that kind of problem, anyone using Facebook pretty much already states that they don't give half a shit about what happens with their data.
need help with lawyer talk (Score:1)
"A lack of safe, secure and legal international data transfers would damage the economy and prevent the emergence of data-driven businesses from the EU, just as we seek a recovery from Covid-19," Mr. Clegg said.
Can someone smarter than me please explain what this means? It sounds like Clegg is saying that it's a great law, yet will somehow prevent new social media businesses from emerging if Facebook is no longer blocking them within the EU during covid times. From my position it seems like the opposite would hold.
Re:need help with lawyer talk (Score:4, Insightful)
It means that if they aren't allowed to sell your personal data to anyone they please, Bad Stuff will happen.
In other news, these thieves have only larceny in their hearts.
Re: (Score:3)
It's corporate speak for "I need to say something that sounds good and has zero content".
Re: (Score:2)
What you need to remember is that Nick Clegg is a failed politician - the leader of the Liberal Democrats in the UK until 2015, deputy Prime Minister under David Cameron in a coalition government, dumped by the Conservatives in 2015 when they gained a majority, dumped by the Liberal Democrats as leader shortly afterward when the Lib Dems lost a huge number of their seats under him.
Ireland thinks Facebook sends out user data. Hmm. (Score:2, Interesting)
Re:Ireland thinks Facebook sends out user data. Hm (Score:4, Interesting)
Facebook doesn't send user data. They allow large advertisers to come and get the data. Ireland didn't think this one through.
Ireland can simply prosecution FB and those advertisers in Ireland court if that's the case.
What Ireland can't do anything about is the US government taking a copy of everything FB have sent to the US. That's why it is important to keep Ireland's data inside Ireland.
One more time (Score:2)
Not about privacy (Score:4, Insightful)
I don't think this is primarily about privacy. Employees of corporations & govts. often inadvertently give away strategically useful info via office services, communications, & social media apps on their smartphones, e.g. where they are (geolocation) & who they're with, how often, & for how long, emails & messages about work, meetings, & negotiations... the list goes on. It's not that difficult to piece together what a corporation might be up to from this inadvertent exposure.
The EU may be using privacy laws as a way to reduce this industrial espionage against EU companies from their competitors in the US. Industrial espionage makes up the larger part of govt. security agencies' work. It's also no secret that employees of US intelligence agencies benefit from revolving door policies with US corporations, some even moonlight for them while still working for the US govt., & much of the now bloated, sprawling private intelligence govt. subcontractor industry is also for sale to whichever approved clients can pay, i.e. Washington-friendly US corporations.
Since the whole thing with spying on the UN, the German Chancellor, etc., & then the revelations that Snowden leaked (the major part of which was about industrial espionage, e.g. against the Brazilian govt. & its national oil company), the EU are quite rightly getting a little distrustful of US intelligence agencies. The US govt. will obviously be more than a little peeved as their lines of access to sensitive EU corporate data get severed.
The Chinese have been sensible enough to limit this kind of exposure from the start. It's shocking that the EU has taken this long to realise just how exposed they're leaving their economic interests.