Belgium Fines Yahoo For Protecting User Privacy On Its US Servers

from the this-is-bad... dept

For many years, we’ve discussed the many challenges faced by countries in trying to recognize that “jurisdiction” on the internet isn’t what they probably think it is. Many countries want to interpret internet jurisdiction as “if it’s accessible here via the internet, it’s covered by our laws.” But it doesn’t take much scenario planning to recognizing what a disaster would result from such an interpretation. Effectively that means that the most restrictive legislation anywhere in the world (think: China, Iran, Saudi Arabia, etc.) would apply everywhere else.

That’s why it’s quite worrisome to find out that Belgium is trying to fine Yahoo for protecting its users’ privacy and refusing to hand over user data to Belgian officials. Yahoo noted, accurately, that it does not have any operation in Belgium, and the data in question was held on US servers, not subject to Belgian law. On top of that, the US and Belgium have a good diplomatic relationship, such that such a data request could have gone through established diplomatic channels to make sure that US laws were properly obeyed as well. But, instead, Belgian officials just demanded the info from Yahoo’s US headquarters directly, and then took the company to criminal court where the judge issued the fine. The Center for Democracy & Technology highlights the problems of not pushing back against this ruling:

The implications of this ruling are profound and far-reaching. Following the court’s logic would subject user data associated with any service generally available online to the jurisdiction of all countries. It would also subject all companies that offer services generally available on the global Internet to the laws of all jurisdictions, potentially exposing individual employees to a variety of criminal sanctions.

The U.S. government should be paying close attention here: To understand how problematic this ruling is, we need only imagine how the governments of China, Iran, Vietnam or other repressive regime of your choice may decide that the precedent set here is one well worth following. Such actions undermine Belgium’s moral authority since, after all, it would only be hypocritical for Western democracies to criticize such radically overbroad assertions of jurisdiction by other nations.

CDT suggests the US government should get involved and protest the Belgian court ruling:

In the present case, Yahoo! has done right by its users. The company asked law enforcement officials to follow established diplomatic and legal processes in order to gain access to user information. It also enlisted the support of its home government to facilitate the process. In return, Belgian authorities have flouted an existing MLAT agreement, slapped Yahoo! with a fine, and set a dangerous precedent that potentially imperils the privacy of all Internet users and invites abuse by bad actors.

Filed Under: , ,
Companies: yahoo

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Belgium Fines Yahoo For Protecting User Privacy On Its US Servers”

Subscribe: RSS Leave a comment
44 Comments
Anonymous Coward says:

If Yahoo! says “No, screw you. We won’t give you the data and won’t pay your fine.” what will the Belgium officials do? Write Yahoo! a very angry letter explaining how angry they are?
Where Yahoo! hasn’t got a presence there, I would of given them the finger too. Heck, I think Yahoo! has gone above and beyond already by noting the US government that such a request by the Belgiums might be underway.

interval says:

Re: Re: Re:

Typical bureaucratic nonsense. The Department of Public Whohaws and Geegaws receives an officially stamped Letter of Objection from the Representative of Nonsense and Jokes that “…something must be done about this outrage.” and so shoots off a Punitive Action Item to several Committees About Nothing which spurs into action a number of Canonical Discussions of Writ in which… well, you get the gist. We all have this kind of crap, but Europe really values them and takes political process really seriously.

John Doe says:

The current state of affairs...

With countries trying to enforce their laws on foreign internet companies, it is a wonder anyone would want to start a new website. If Belgium doesn’t like Yahoo, then why don’t they just put in a national filter? Or would that not be popular with the Belgians and cause a backlash? I hope Yahoo gives them the proverbial finger.

interval says:

Re: The current state of affairs...

Its really not a problem; if Yahoo is smart (and we’ve seen that they aren’t particularly bright over there in some respects) they will simply ignore Belgium. The WORST thing they could do is send some one over there to parley with with the Belgium Parliament and “…try to work something out.”

btr1701 (profile) says:

Unenforceable

> Yahoo noted, accurately, that it does not have any operation in Belgium

If that’s the case, then they should just ignore the fine. If the company has no presence in Belgium, there’s nothing the country can do to collect the fine. What are they gonna do? Come over here and arrest the CEO? Try that and the Belgian officials would be arrested themselves for kidnapping.

I know if I was a US citizen just going about my business in the US and I got a notice of fine from Belgium for something I said on the internet that violates Belgian law, I’d crumple it up and toss it. It’s completely unenforceable.

Dark Helmet (profile) says:

Re: Unenforceable

“I know if I was a US citizen just going about my business in the US and I got a notice of fine from Belgium for something I said on the internet that violates Belgian law, I’d crumple it up and toss it. It’s completely unenforceable.”

Are you crazy? Be careful what you do with that notice! The Belgiums are everywhere!

See, even conspiracy theorists can make fun of themselves ๐Ÿ™‚

JackSombra (profile) says:

Re: Unenforceable

In the US, yes you would be safe, but come to the European union (or in the case of Yahoo, any of it’s exec’s) and they could be arrested

And it was the USA that started that messy precedent during the whole internet gambling ban by grabbing execs from gambling companies while they transferring flights on US soil

Extra: Even worse for UK citizen’s, due to the Gov stupidly if you break US law while in the UK you can get extradited with no legal recourse

interval says:

Re: Unenforceable

@btr1701: “(If) I got a notice of fine from Belgium for something I said on the internet that violates Belgian law, I’d crumple it up and toss it.”

I’d laugh my ass off and frame the f#cker. “I got noticed by Belgium for my nonsense!” I’d tell everyone who looked at the framed copy hanging on my wall.

interval says:

Re: Re: Unenforceable

Of course. When *I* am threatened, the entire destructive force of the US Armed Forces spur into action. Reserves are called, F-22 Raptors are built (on credit), nuclear arsenals are activated, Congressmen are paid, Multinational Banking Conglomerates fail, etc. I’m that important.

Dark Helmet (profile) says:

Re: Re: Re: Unenforceable

“Of course. When *I* am threatened, the entire destructive force of the US Armed Forces spur into action. Reserves are called, F-22 Raptors are built (on credit), nuclear arsenals are activated, Congressmen are paid, Multinational Banking Conglomerates fail, etc. I’m that important.”

Awesome return sarcasm, being serious. You just made one mistake. This is an overreactive international war, so Banking Conglomerates win, not fail.

yacc says:

Re: Unenforceable

First it’s a rather stupid idea, but it’s rather common. E.g. all countries, including the US to work with this legal setup.

Second the US has clearly shown how to enforce stuff like that. E.g. arrest the officers of the company when they enter the US. In this case Yahoo officers and/or employees might get arrested when entering the Union.

Third, the US is also one of the countries that consider it okay to kidnap somebody abroad to try him at home.
(http://www.questia.com/googleScholar.qst;jsessionid=KhRWVzZ8d4yPFH1nSBNBGB1Z1xsygKbHMCj2YTpwTJxFNWd3bTV5!342583392!-481857147?docId=5000479708)
)

Basically, this happens all the time, in the real economy (not just the Internet), and it’s usually the USA that forces it’s laws on the rest of the world. Though luck when it happens the other way.

(Examples the Cuba embargo has caused an Austrian bank that got acquired by an US fond to cancel accounts by Cubans. Which is punishable in the EU and in Austria. Hence the fund had to get an exception, or the bank would be continually fined. Or the UBS handling. Guess not many people in the US realize that handing over customer data like that has been a felony in Switzerland. Or how the US has forced SWIFT to hand over data clandestinely. And so on.)

yacc

Anonymous Coward says:

Re: Re:

Oh, so it’s OK to violate individual privacy as long as a government says that they’re doing it for the right reason? It sounds like you’d agree with the US’s warrantless wiretapping program then too.

Any government is, by definition, a heartless and mindless organism that should be naturally mistrusted.

ethorad says:

For many years, we’ve discussed the many challenges faced by countries in trying to recognize that “jurisdiction” on the internet isn’t what they probably think it is. Many countries want to interpret internet jurisdiction as “if it’s accessible here via the internet, it’s covered by our laws.”

So, in this instance a US company with no links to Belgium and US data should be under US laws. The law in Belgium shouldn’t be applied to Yahoo just because someone in Belgium accessed a yahoo site. Agree with that.

But then how about the NPG case – a UK entity with (as far as I know) no outlet in the US, and UK data … but somehow people are arguing that just because the pictures on their website are available in the US they come under US copyright laws?

Sounds to me like it’s not just countries coming up with odd conclusions on jurisdiction?

Anonymous Coward says:

Re: Re:

The two cases aren’t even remotely similar. In the NPG case, they willfully allowed the pictures to be transferred to the United States. Once that has happened, the pictures fall under United States copyright law, that is correct. To think otherwise would be foolish. Do you know where the servers you access are located? Are you familiar with every countries laws? How do you know that you haven’t violated a law in boogywoogievillestein when you viewed that ad that was on that page you saw last week?

Judsonian (profile) says:

Intresting

While this cover international aspects of internet law, This has potential ramifications in interstate internet law. Specifically tax collection. If there is no physical presence in the users state should sales tax be collected for that state? The item was purchased from the servers in state “X” so it seems that sales tax could be collected for all sales in state “X” but not for sales in state “Y” ….. hmmmm

Kevin says:

EU ramifications?

OK, I’m making a small jump here by assuming that Belgium is part of the EU, but let’s assume that they are. In that case, can Belgium require other EU nations where Yahoo actually does have a presence to enforce judgements from Belgium? If they can, then this will be an issue for Yahoo and they probably will have to deal with it sooner or later.

Stephan Wehner (user link) says:

Individuals already affected

I am getting the suspicion that this story pretends this to be a bigger issue because it affects an American company.

However, this kind of “which laws are affecting what I do” has already got individuals. See for example the case of Hew Raymond Griffiths,

http://en.wikipedia.org/wiki/Hew_Raymond_Griffiths

http://www.ibls.com/internet_law_news_portal_view.aspx?id=1778&s=latestnews

Griffiths was extradited to the U.S., a country he had never visited, for some “Intelectual Property” crimes.

For a company it is a mere money issue, but when individuals are extradited it becomes extremely problematic.

Stephan

Yves says:

Difference in jurisdiction

Every communication system in a local country is being watched by local authorities. The bigger countries also have a spy system to watch communications outside their borders. US has, Belgium has not such a system.

In case of criminal investigation, local police can ask for information cross border. In Europe, there is special legislation to pass information cross-border.
There is no such system in between Belgium and the US for criminal action. Everything has to go over interpol or by means of political pressure, embassies or direct contacts in between police systems.

This can upset local police and tresspass the borders of what they are authorized to do. In Belgium there are laws that authorize jurisdiction to tresspass all borders as soon as a person with links to Belgium is involved.

I guess both issues have been mixed here and this should really be left to lawyers.

And yes, Belgium can ask retaliation all over Europe against Yahoo, but they will have to convice the Polish and UK to do so as well.
And yes, Belgian companies are attacked all the time this way by US juridical systems. And yes the US has more local laws allowing to protect interests of US individuals and companies around the world.

In globo, if yahoo can be forced to hand over data about individuals to US juridical system, it should also be possible for other countries that are part of the WTO to ask the same. And this in all countries and in all directions.

femtobeam says:

Personal Indentifying Information

All of the security systems are moving toward a system of Personal Indentifying Information (PII). If it was the United States (not Belgium) and the Chinese government attacked your computers en masse, would you trust Yahoo! to keep their information private from the US Government so that no-one knows who they are? Don’t confuse the Government mandate to keep information private from keeping a way to catch criminals. Belgium is doing nothing more than protecting it’s citizens from unknown criminal gangs of hackers.

Anonymous Coward says:

Re: Personal Indentifying Information

“Don’t confuse the Government mandate to keep information private from keeping a way to catch criminals. Belgium is doing nothing more than protecting it’s citizens from unknown criminal gangs of hackers.”

Privacy is privacy. If you don’t protect the privacy of ‘alleged’ criminals before they’ve even been brought to trial, then you’re simply not protecting privacy at all. You can’t pick and choose.

If Belgium wants to protect its citizens, then it should work within the law: contact the US Government and obtain a subpoena for the information from Yahoo. If it ignores the proper channels, Yahoo has no recourse but to protect the rights of its users under US law, which states that it can’t just randomly give out information just because someone asked for it. Not even the US Government gets that. It has to ask for it in a proper and legal way.

Add Your Comment

Your email address will not be published.

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop ยป

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Loading...