Re: KB3035583 yet again
"MS is rapidly turning Windows into a system I'll use for gaming "
And the most complex game seems to be avoiding Microsoft.
16426 posts • joined 16 Jun 2014
"As the exporter is effectively the controller of the data they already carry that liability which would fall under the EU jurisdiction the customer and/or controller are in."
I know. The trouble is that AFAICS the Commission is now trying to throw this over the wall. The data subject is to be able to claim from the importer.
It's a big mess. As a data subject am I supposed to be bound by an agreement between my supplier and a third party? If the theory is that this is going to be covered by small print or by some 3 pixel high, pre-ticked, well-hidden box it's going to fail on the basis of unfair terms and/or lack of informed consent. The trouble is it's going to cost someone a lot in legal fees, time and trouble to take all this to court and get the precedents set. Possibly a data protection regulator with teeth is going to call BS on it in that the circumstances that invalidate safe harbour also apply to such clauses. Would that be the ICO?
"Clause 5: the data importer agrees and warrants.. that he has no reason to believe that the legislation applicable to him prevents him from fulfilling his obligations...?"
If I were a US-based data importer I don't see how I could stand over that clause in an EU court*. Ignorance of the law is no excuse.
*And in my time I've written a lot of stuff I had to be able to stand over in court.
"Those who needed the Safe Harbor rather than any of the other exemptions can no longer do so, but presumably can now sue the Commission for any costs in relocating to Bulgaria or Argentina and losses during the transition that are directly attributable to not correctly implementing a directive."
How so? The safe harbour provisions pre-date the PATRIOT act which has made them invalid in the eyes of the ECJ. So if anybody is responsible for compensating anybod it must be the US govt. Good luck with that.
"That the same key reason why the ECJ ruled that the safe harbor provisions dont apply will also cover Binding Corporate Rules and Model Contract Clauses."
And it will end up back in the ECJ with a similar decision.
At the very minimum the data exporter should be liable to the EU resident, not the importer, with the case to be heard in an EU court.
I think the guy needs to understand a bit about law. Legislation is what legislatures produce - statutes. Courts interpret those to apply them to the facts of specific cases. So the ECJ's decision is not legislation. There's been no recent legislative shift. The most recent shift was in the US. It was the PATRIOT act.
What the ECJ has done is interpret existing EU law in a case in which the facts include the current state of data protection in the US in the wake of the PATRIOT act.
It should have been quite clear for several years that any time anybody took the Safe Harbour to court it would be found wanting. It's amazing it lasted so long.
If the idea is that the interface should adapt to the display/device type why did the go to the trouble of trying to build a one-size-fits-all interface for 8? Alternatively, if they realised after the reaction to 8 that this really wasn't such a good idea, why didn't they revert the desktop aspect back to what had been more widely accepted for 10? Will there be another iteration in a few years time?
"Would you want to be a witness being interrogated by a hostile lawyer, and knowing that possibly thousands of people are getting their kicks watching you?"
Having been a witness many times I agree with your sentiment. However, according to the article this only applies to the courts of appeal and supreme court. If these are anything like their UK equivalents they deal with points of law. The witness evidence has been taken in the lower courts. And if these hearings involve the likes of Prenda law they should be way more entertaining than the those lower courts.
I suppose that after a suitable period of posturing the US will have to accept one of two things. Safe harbour is dead or they will have to create a new framework in which it is actually acceptable.
The latter alternative requires them to change their own behaviour. It's the main point at issue and there's not getting round it. No amount of model clauses or other guff is worth any more than the original agreement unless the US accepts its culpability here & deals with it.
"the UK test for whether you're a contractor is ... how many different people do you work for?"
"To suggest that a company must abandon a customer who provides regular business simply to prove its independence is an unreasonable restraint of trade"
Apart from that there are other tests. I'd have thought that "provides own equipment" would be fairly significant. BYOD may be blurring that but one would hope that the Uber driver has paid more than the cost of an iPad for his vehicle.
"IIf I e-mail a company in the EU, I have a reasonable expectation that that data stays inside the EU."
I should have quoted more of the original article:
" Imagine you’re a UK resident business, and you're using Google for email. What happens when I email you? You'll receive my message on US-owned infrastructure. Before you've gained my permission, you've exported my personal data - and maybe it’s even privileged information - to a third party entity.
That's because the recipient of the email - in this case you - export the data to a third party without the sender's permission."
In this case it's explicit that the email service is run by Google so there's no reasonable expectation that it would remain in the EU. Sorry for the misunderstanding.
"If I were the CEO etc I would be asking several underlings what they have done to be ready and if nothing showing them the door."
The underlings might remind you of their several requests to do this which you quashed. Not that that would help them of course.
"Unless something happens quickly, we may have to change the services we use."
As things stand the Schrem case now goes back to the Irish court with the ECJ ruling to guide it. Courts are involved so your concept of quickly may need some adjustment. But that gives you time to explore alternatives.
"US companies that export data are fundamentally illegal in Europe."
Actually it's any company that exports personal data to the US.
"That's because the recipient of the email - in this case you - export the data to a third party without the sender's permission."
Actually, this one doesn't fly. The sender of the email exported his own data.
"Brussels doesn't have the institutional machinery, or maybe even the brains, to fix this one."
Or the balls.
'the US doesn't recognise an "abroad"'
I'm not sure of that. The abroad where companies like Apple accumulate their income outside the US tax regime seem to be recognised OK. The Microsoft case seems to hinge on the fact that for whatever reason (and none that I can think of do the originator of the case any credit) someone decided to try to bypass the existing mechanism which the treaty with abroad would have enabled to try for a warrant in Ireland. And AFAIK the basis of their case is that records which Microsoft hold in trust for other people are somehow Microsoft's own records which they're entitled to demand because Microsoft is a US company. I don't see any problem with them going after records of a US company such as Enron wherever they're held.
And I assume that the Computer & Communications Industry Association largely represents US companies interests. If the ruling means that work formerly done in the US has to be done in Europe its hard to see how it isn't going to help the European IT industry.
One of the interesting aspects of this is how it's going to extend. Will the court rule it impossible to process personal data in the UK? Or France? Or India?
"Torvalds is a clearly a BAD manager, and has been promoted beyond his capabilities."
Did you forget the joke icon? It's his abilities that have put him where he is. The similarity between "Linus" and "Linux" isn't a coincidence.
But the consequence is that the culture of the project is what he makes it. If you don't accept the culture don't be part of the project.
"Saying that a volunteer is responsible is not quite correct"
As I understand it she was a sub-system maintainer. That is a responsible role. Being a volunteer does not absolve one of responsibility. My wife is a volunteer in a charity shop but she has a responsibility to put the cash into the till, not take it out.
"Every attempt to mobil-ify desktop OS has resulted in a train wreck."
It's a bit more complex that that. Remember that Linux is just a kernel. Linux distros such as Fedora, Ubuntu, etc are collections of desktop userlands wrapped round that kernel. It's equally possible to wrap a mobile userland round it. Whatever your opinion of Android it would be impossible to describe its market share as a train wreck.
"old HP printers just don't work"
That probably can be fixed. I tried W10 on a test box under the Insider scheme & had the same problem. I downloaded the 8.x driver from HP's site & that fixed it. Up to a few months ago didn't we get posts telling us how hard Linux was because drivers for $HARDWARE weren't available?
The test box, by the way, has been restored to health running Debian 7 to test ownCloud.
I expect downvotes as the pro-MS downvoters who had previously taken cover seem to have psyched themselves up to weather the shitstorm & have reemerged.
"This is why cyberspace needs its own government and laws (perhaps owned by the UN)....a worldwide agreed standard and laws to protect each individual."
The second part is the requirement but the first part isn't the only way to achieve it. International agreements should be sufficient if (and it's a big if) governments then abided by the agreements they made.
I suppose anything other than already perfect is potentially better. And when someone completely fails at a basic requirement then yes, there's maybe potential for improvement. But if they fail due to circumstances outside their control* then I'm not sure the potential really exists.
*Other than buying themselves a better government.
"If they operate in any shape or form in the US then this still wouldn't work"
That's the whole point. Safe harbour is a hollow promise. In the absence of the US reforming its entire privacy legislation the way to go is to kill it and go with wholly EU operations. If, for instance, your EU telecoms provider wants to run a credit check on you (I can't think why this particular scenario came to mind) it would have to go to a wholly EU owned and based agency to do so.
Actually I don't see why we need safe harbour at all. If you (for values of you which evaluate to EU citizen) deal with an EU company you should be able to hold that EU company responsible for any breaches of data you give it. If they take the decision to pass that on to another company, irrespective of where that company is, they'd better be sure that they can trust that company or else have T&Cs with it that allow them to recover any damages that they may have to pay out the customer. A further element should be transparency; before passing on data a company should ascertain any further transfers that will be made (no weaseling out with vague "may" clauses to unnamed "partners"), report back to the customer and receive positive opt-in before proceeding. (Actually there could be circumstances in which it would not be possible to decide up-front whether a transfer would be necessary; in that case it would be OK to say "may" in the first place providing they named the options and sought additional opt-in for any such transfers when the necessity arose.)
Biting the hand that feeds IT © 1998–2019