Life after Safe Harbour: Avoiding Uncle Sam's data rules gotchas Back in the day I used to work for a multi-national company with a big presence in the US. I learned a lot there, from the usefulness of a BA silver card to how to run the tendering process for a big global WAN. I also learned what a big deal our US cousins make of their data export regulations. This doesn't mean, of course, …
The USA wants strong controls over what they export and no controls over what we export, though if it's anything physical they reserve right to apply their laws and ban import, or tax it or fine foreign entity for infringing their totally broken Patent and "Design Patent" (Registered Design) registrations / approvals.
That's true in every agreement. Take the agreement that led to the UK's Extradition Act 2003. The USA can extradite anyone they want from the UK, for any reason, without evidence. The UK was supposed to have the same powers in the USA but Congress vetoed it. Although it was made clear the UK *must* stick to its end of the deal though...
Same with TTIP, CETA, TPP, you name it. That's one reason I'm totally against trade agreements with the USA - they tend to be as equitable as a deal with Al Capone...
There are EU export restrictions as well, not dissimilar from US ones, and there could be local countries one too. For "dual use" items, which cover most of the technology commonly used outside the military, see for example:
http://trade.ec.europa.eu/doclib/docs/2014/february/tradoc_152181.pdf
"The USA wants strong controls over what they export and no controls over what we export"
It gets stranger and stranger though.
Stuff which has been taken into the USA may be prohibited from being carried back out, or in the case of data files, read by the very people who created them - on top of which, if a copy of your data makes it into the USA, even though you've never been there and your copy of the data still being yours on your desktop, can still result in you being charged with a US federal crime for giving a copy to your chinese colleague who likewise has never been anywhere near the USA and the entire data path not having been near the USA.
It's very much a case of "what's mine is mine, what's yours is mine too and I'll happily come and take it off you if I want it, no matter where you are" - in a lot of cases that means you should be doubly careful to ensure that your data doesn't _cross_ USA territories, let alone ever reside in them.
Probably the only viable option.
.. if it concerns EU data, yes, hosting that in the US will make it about as safe from government access as hosting it in China or Russia would (although the latter two at least don't pretend to be "democratic" and "fighting for freedom" and all that jazz). Ironically, it's perfectly acceptable and legal to host US data in Europe in the context of crypto-export, provided it's not US classified.
This post has been deleted by its author
You hire a bunch of Americans, you check that they all have pickup trucks and know at least the first line of star spangled banner.
But a couple of them look a bit Chinese, do they also have Chinese passports? Could they apply for Chinese passports in the future ? Can you let them look at data ?
But a couple of them look a bit Chinese, do they also have Chinese passports? Could they apply for Chinese passports in the future ? Can you let them look at data ?
I'm actually rather happy to be in Europe where I can employ anyone I like after screening irrespective of their looks instead of being restricted to a toothless class of citizen with near identical DNA..
Depends on their citizenship and the level of control on the data. For normal (i.e. not officially "classified") data holding US citizenship, a Green Card or asylum/refugee status will do. For classified stuff they're stricter. I gather that if you have dual nationalities it gets harder and they start considering what was the last country you gained citizenship in and whatnot.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
