*cough* Small print *cough*
EU businesses that provide applications to consumers through the Google Apps platform may require additional mechanisms to the new contract terms offered by Google - in order to legitimately transfer personal data collected from app users overseas, an expert has said. Google has announced that it will offer "model contract …
*cough* Small print *cough*
Don't use Google apps.
Really, data compliance is just one problem, but we have been disappointed [insert alternative expletive(s) here] by how crap some of them are, that they change things without consideration of what we want, and their utterly useless 'support' for the paid apps.
Though it pains me to say it, at least MS could offer our organisation a service hosted in EU data centres to avoid some of these issues which the main IT service went with. They are crap in other ways mind...
Personally, I think we need an obligation in law for companies to tell the end user where their information will be kept, and an extra notification requirement if that changes.
It's all good and well that companies use hazy cloud services to process data, but as an end user you stand no chance of finding out unless the obligation exists to declare it - a bit like declaring where the meat comes from in Swiss restaurants. This would allow me as end user to make decisions on which company I'd use on the basis of just how careful they are with my data.
This goes as far as email - these days I do an MX lookup to see just where email goes - my recipient may have an agreement that their email is scanned as the payback to Google for offering email services, but *I* did *not* sign that agreement. In principle, this means that Google scanning an INbox is a flat out breach of my privacy.
I can see WHERE data is kept changing by the microsecond in the Cloud. Notifications alone might crash the Net. Well, the EU part of it, anyway.
Mine's at the Cato Institute, on space "provided" by the Koch brothers...
You'd need to trace the route between your mail client and gmail too. How many networks is your unencrypted message and its sensitive attachments traversing and to whom do they all belong?
As a general rule email should not be relied upon as a private form of communication.
I actually rather like delivery confirmations for that purpose - sometimes they come back with all sorts of interesting data about gateways etc. For instance, any email with as target gov.gsi.uk will throw back two delivery reports, one for the initial gateway (I assume that's MessageLabs taking its copy for the US government), one for the final MTA.
As a general rule email should not be relied upon as a private form of communication
I think you mean, "should not be reiled upon as a form of communication that protects privacy", and you are right. However, nitpicking aside:
1 - depends on what you know and how you do it. In a few weeks there will be a new email provider in a legally safe country who will provide a new solution - simple but usable and legally clean. The idea is to offer email at a price - no ads, no gimmick, just email with groupware optional.
2 - few care. I personally have worked on due diligence for the merger of a bunch of companies. I was the *only* one in the team who worried about disclosure, the finance people involved were emailing back and forth with gay abandon despite it concerning a deal close to EUR 100M. The pain I had just to get them to use password protected ZIP files (yes, I had to go that low) was unbelievable.
I'm now writing the email chapter of a teenager hacker training and I will drop some exercises in there so that at least the inquisitive youth develops an early clue..
Who are these out-law guys, increasingly each article I read of theirs is a pile or brown smelly stuff, they certainly cannot read a court paper and understand it to saves their lives.
From the article " Out-Law.com asked Google to provide a copy of the model contract clauses it intends to offer, but a spokesman for the company said the information was not available yet."
So now they are critising something *that doesn't yet exist* *for maybe* not doing what it needs to do.
Pointless, useless waste of an article.
""If model contract clauses are not correctly implemented and there is a risk that the adequacy requirement will not be met, app providers would need to rely on another mechanism for compliance in order to justify overseas transfers of their users' data outside of the EEA."
Cue the rogue engineer for the oops we slurped your data in to our search profile of you and breached the agreement...
Mea Culpa it was an honest mistake. Really.