The Coming Collision Between EU Privacy Regulation And American Free Speech

from the this-won't-be-fun dept

Earlier this week, we wrote about the EU Court of Justice’s decision that the NSA’s surveillance of the internet meant that the EU-US data protection safe harbor was invalid. As we noted, there’s a lot of mess in all of this, but losing that safe harbor would be tremendously problematic for the internet. And the impact could be that the NSA basically screwed things up royally for American internet companies by spying on European users. But, the issue actually goes much deeper. As that ruling recognized, the crux of the matter was dependent on the EU’s Data Protection Directive. And that Data Protection Directive is about to be updated.

And the end result may be very, very bad for the internet.

That’s the conclusion of Daphne Keller at Stanford’s Center for Internet and Society, who is writing a series of blog posts detailing the problems with the current drafts. At the core of the issue, as Keller notes, the worlds of “privacy protection” and “free speech/intermediary liability protection” are two separate worlds — and people on both sides don’t seem to realize just how much the two can and do overlap.

Historically, many lawyers have not drawn a connection between data protection and the law of intermediary liability. The two fields use very different vocabularies, and are for the most part interpreted, enforced and litigated by different practitioners. A lawyer who views an issue through the lens of intermediary liability and one who views the same issue through the lens of data protection may have trouble even understanding each other’s concerns.

Another way to look at it, though, is basically a European approach vs. an American approach. And this is something of a generalization, but the European approach values privacy above most other factors, while the American approach values free speech above most other factors. Both approaches have pros and cons, frankly. But when you don’t realize where they conflict, problems can arise. There is no doubt that Europeans, generally speaking, are much more concerned about protecting the privacy of individuals, and are quite reasonably concerned about excesses done by either governments or companies that intrude on individual privacy. The US, by comparison, has very little in the way of regulations concerning privacy, but does have very strong protections for free expression.

But sometimes “free expression” and “privacy” can clash in big, big ways.

A perfect example of the conflict would be the right to be forgotten. The big ruling out of the EU Court of Justice last year was entirely about privacy. It felt that if there was old, out-dated, irrelevant information it should be “de-linked” from databases, in order to protect the “privacy” of those individuals. The “free speech” concerns didn’t even really come into play at all. It was all about “data protection.”

And that’s where the new General Data Protection Regulation (GDPR) can present serious problems. First, it would expand what internet companies are likely covered by the regulations. Lots of American companies, which barely have any operations in Europe, have the potential of being impacted by these rules — which would more or less lock in the right to be forgotten in a way that might even allow it to expand.

The GDPR asserts jurisdiction over entities that offer services to or ?monitor? EU users. ?Monitoring? seems to be defined broadly enough to include fairly standard web and app customization features, so the law reaches many online companies outside of the EU. In practice regulators presumably will not prioritize or dedicate limited resources to policing small and distant companies. But the GDPR will be an issue for companies with growing EU user bases and presence in Europe; and regulators can choose to enforce the law against many more entities around the world.

It could also wipe out further intermediary liability protections that have been so important to the internet and its success. While the US has strong intermediary protections in the form of CDA 230, Europe already had a much weaker form of intermediary liability based on the EU’s E-commerce directive. The fear is that the new GDPR could more or less eat away at the existing protections, making more companies “liable” for content posted by users, if it’s somehow deemed to violate some sort of privacy right.

And, as we’ve pointed out for years, when you don’t have strong intermediary liability protections you tend to end up with widespread censorship and gatekeepers over expression. That’s because no internet company wants to face a lawsuit just because some of its users are jerks. And the new rules are not at all clear — and vagueness will create incentives for massive censorship:

For intermediaries processing third-party data, free expression is also relevant, though in ways that can be hard to pin down in practice. The legal basis for intermediaries? processing in the first place is often that the processing serves ?legitimate purposes.? … When an intermediary declines to honor a removal request on free expression grounds, the GDPR provision invoked is one that references only ?legitimate interests.?… While undefined, such legitimate purposes and interests clearly include expression and information rights. But the GDPR and existing law provide scant detail on how to assess these interests ? this was one common critique of the Costeja ruling. And important questions about whose interests may be considered ? which come up in litigation about content removal ? are not always addressed well in GDPR drafts. For example, one draft provision allows controllers to decline to remove content based on ?legitimate interests pursued by the controller, or by the third party or parties to whom the data are disclosed[.]? … Under this formulation, the interests of the speaker ? the user whose content is indexed, transmitted, or hosted ? fall out of the analysis. Data protection law?s lack of detailed provisions for free expression made more sense in an era when regulated entities were assumed to be banks, employers, medical offices, and the like. Today, inattention to the unique role of Internet intermediaries in GDPR drafting will likely lead to more removals of lawful expression ? and more litigation.

On top of this it would appear to expand the right to be forgotten even further, noting a general right to “erasure” as part of the data protection regulation — which is a pretty damn Orwellian term in this context. Erasure is a tool that we should be very wary of, because as we’ve seen time and time again, when you give people the power to take content down, it gets abused massively by people trying to censor all kinds of content they don’t want. Protecting privacy is one thing. “Erasing” public content people just don’t like is another.

As someone who has strong beliefs about protecting both privacy and freedom of expression, it seems to me like it’s fairly important to make sure that everyone’s on the same page about what is private and what is not. This often seems to be where much confusion lies. In the EU’s right to be forgotten case, it was basically decided that old but accurate information that was publicly released in newspapers, should be considered private when linked to a person’s identity. Frankly, this approach seems nonsensical to me. If we’re talking about actual private information — i.e., information that was never publicly available in a perfectly legitimate form — then perhaps there’s a point. I can understand the arguments for potentially removing truly private information. But when “private information” is so broadly defined, and then internet platforms are suddenly liable for policing such content, you have a recipe for mass censorship, or even companies moving out of offering service in Europe altogether.

On top of that, as we’ve discussed at length, the idea of holding intermediaries liable for the actions/statements of their users is a really dangerous idea. It creates massive uncertainty that is only going to lead to greater censorship as internet companies start blocking content just to avoid any possibility of liability.

As Keller notes in this post, if this is to not create a massive mess for the internet around the globe, those who are concerned about privacy and those who are concerned about free speech (along with those who are concerned about the internet itself) need to get on the same page or in the same room to discuss these issues. Because, so far the discussions have been separate, and the end result may be a “data protection” regulation, put in place with truly good intentions by those who believe they’re looking out for important privacy interests, but the end result is to whittle away at freedom of expression and at the keys to maintaining a free and healthy internet. Pretending that you can just focus on “privacy” without considering free expression or how the internet itself works is not only foolish and naive, but potentially dangerous for the internet.

Filed Under: , , , , , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “The Coming Collision Between EU Privacy Regulation And American Free Speech”

Subscribe: RSS Leave a comment
Anonymous Coward says:

Re: You don't have a right to talk trash about anyone -- whether true or not -- as practical matter, they just can't stop you.

Um, yes, I do have that right, because I live in America and we have this thing called the First Amendment.

And actually, being able to talk negatively about someone is essential to a civil society. To take your position to the extreme, nobody should be able to be convicted of a crime, ever. Because that involves witnesses “talking trash” about the defendant.

Anonymous Coward says:

Re: Re: You don't have a right to talk trash about anyone -- whether true or not -- as practical matter, they just can't stop you.

“Um, yes, I do have that right, because I live in America and we have this thing called the First Amendment”

That doesn’t make it your right to do so in Europe unless American Exceptionalism.

You can’t cry about ISDS and expect the EU to cowtow to the US constitution.

Mason Wheeler (profile) says:

Re: You don't have a right to talk trash about anyone -- whether true or not -- as practical matter, they just can't stop you.

[Citation needed]

Leaving aside all the rest of the nonsense you managed to pack into three short sentence, give me one good reason why anyone should not have the right to say any thing that’s true.

Certainly there are times and circumstances when it is impolite or unwise to voice certain truths, but unless the thing in question is a secret covered by a legal contract, which is not what you’re talking about here, to say that someone does not have the right to say it is to advocate straight-up tyranny.

JustShutUpAndObey says:

The rights of society

Because society is always in constant flux, and because most (possibly all) societies are controlled by elites who are hostile at best to the rights of pesky individuals, some of us take the position that societies and governments have (or should have) NO rights, only duties. A healthy society will best flourish only insofar as it respects its individual members.

Anonymous Coward says:

Re: The rights of society

We are not talking separate independent societies, you can define that way, at least not today. We are talking interactions here, since many sub-societies in the common societies on their own are in conflict. The problem is created where some societies with colliding ideas of what respect of individual members entail. To me “Respect individuals rights” is like saying “Create more jobs”, “I love our country” and “Terrorism is unacceptable”. Unless you are being very precise in your definitions, most politicians on earth would claim it is what they are doing.

JoeCool (profile) says:

Not about privacy

This has NOTHING to do with privacy, and EVERYTHING to do with control. As we’ve seen from folks over there recently, the EU wants more control over what’s going on in the net in their region, even going so far as talking about bringing down google simply to allow their own offerings the chance to take its place.

They may argue that it’s privacy they’re talking about, but this is the same EU that includes Britain, where they can stick cameras IN YOUR HOME, and whose own version of the NSA arguably scooped up more world data than the NSA. How come they aren’t pestering the UK? Because they LIKE what the UK is doing – consolidating control over the masses. And that’s what the EU is pushing in their “privacy” policy – more control over the masses.

Europe has ALWAYS asserted more control over their people… who then fled to the US for freedom. More control over speech, more control over religion, more control over businesses. The whole region is full of control freaks. Even couple of generations, it gets so bad they start a World War to break the hold of the ultra control freaks, then they slowly build back up until the next war.

Anonymous Coward says:

Re: Not about privacy

No, actually, us europeans don’t like what the UK, Germany or France are doing.

And btw, I see that you americans are really pestering the NSA and your politicians over surveillance.

Who will win the next elections? Democrats? Republicans?

Wait, haven’t both parties spied on you? And you’re still willing to put either of them in the government?

At least in most EU countries there are 3-4 parties (or more) competing for who reaches the government. Even the EU Parliament has 3-4 major alliances.

And btw, talking about control… it’s strange, but you see, our schools control us less than yours do. At least, many of our universities don’t care about what you do out of campus.

We aren’t the freaks that got their police forces armed with APCs and military grade weaponry. At least, we don’t have cases here of toddlers being flashbanged because some guy wanted to play SWAT.

And control over businesses? What’s so bad about it? Do you like eating rotten food? Chemicals with it? Being fired because your boss happens to dislike you even if you do your job? Or do you like having to come to a EU country because you won’t get treated in the US because you got no money?

Either citizens control businesses, or the businesses will control the citizens. You seriously think you got something called “Free Trade” in the US? Lololol.

Yup, that’s why they are pushing shit like the TPP and TTIP on other countries, aren’t they? And what did your Congress do? Pass a shitty Fast Track legislation to make things easier.

Sorry buddy, but if you think that you belong to the “land of the free”, you got the wrong country. I won’t say that the EU is better, but don’t come bragging about the US, please.

Chris Maresca (profile) says:

Re: Re: Not about privacy

EU countries have far, far higher rates of spying on their own citizens than the US does. See this article

Yeah, it’s 10 years old, but if you think it’s gotten any better, you are fooling yourself. Coupled with ubiquitous CCTV, quite a lot of the EU exists in a surveillance society and most EU citizens couldn’t care less. In a lot of countries, it’s not even on the political agenda (cf. UK, France, Italy, NL). The Germans are slightly more sensitive to it because of East Germany, but I have yet to see an actual political movement around this.

In the end, these policies (and the data retention policies) are all about control and access. The EU wants to control the data so that EU intelligence agencies have access to it. And if EU intelligence agencies have access, so do US intelligence agencies.

I’m not sure what a multiplicity of parties or how your political system works has to do with spying on your citizens, esp. since EU countries have higher surveillance rates than the US with far fewer judicial controls…. But, hey, ad-hominy attacks on the US seem to be popular, so…

Anonymous Coward says:

This a bit of a different fight than the one regarding the safe harbour.

You see, I’m an EU citizen.

I’m against any company, whether it’s from the EU, from the US or from whatever place in the world, processing my personal information around the globe without proper regulations and care about the privacy and integrity of that data.

Roughly speaking, just because I gave my personal data to a company, or just because I’m using a service, any kind of personal information, including my metadata and browsing habits, shouldn’t be bouncing around governments and companies either to profile me, to earn money from me or both; moreover if it’s done without my consent and control.

For example, I’m not specifically against Google for using my searching queries for their own gain (Google Ads), as long as it’s properly anonymized and deleted after some time.

My problem is when that information ends in 3rd parties hands, whether they are LEAs, other companies or criminals that hacked their servers (sometimes it’s the same, lol).

Because, first of all, they should never have that data to begin with. The Constitution of my country, plus the URHD, says it clearly that Privacy is a right. The same as you aren’t allowed to put cams on my home to spy what I do, the same applies to the internet. Or should apply.

If you need to monitor someone because you suspect he’s a terrorist, first you get a court order with a valid suspicion cause (well, not sure about the proper word) and then you can start monitoring him. But that’s the job of the LEAs, not the job of Google.

And any scheme that allows a company to monitor you, whether you sign a EULA, ToS or whatever, should be voided and the company fined for even trying it.

The same as we don’t allow people to sell their organs or to sell rotten food, that should be regulated too.

Human Rights shouldn’t be for sale.

On the other hand, I’m also against that “right to be forgotten”, particularly in those cases where the information provided was true (the first case, the info about him was true) and it belonged to the press.

Talking about something that is true is something that should never be forgotten, whether it was now or in the past.

On the other hand, I do agree that if some information is false, the first one that should be targeted is the media that published it and then, the search engines should be properly updated.

See that I’m not talking about outdated information, but about false.

There have been a lot of cases where “the right to be forgotten” has been used to make information about politicians disappear, particularly cases about scandals and fraud.

That should never be allowed.

Still, I can’t say I’m 100% against it. It’s quite creepy to know that everything about you will be monitored and kept, particularly when you’re a private citizen, not a public one.

You make youthful mistakes, or you just tweet something that later on you regret. IRL, you’re allowed to be forgotten about it and to move on.

If you did something illegal and you paid for it, that should be it. That such act should haunt you forever and ever, wherever you are (a google search and there you pop up) is something that is quite creepy too.

See that here I include the police records too, even if they are public. For example, you took drugs and were arrested and it will remain with you for your entire life. 20 years later, you’re going to explain to every border official what happened there, when you might have changed the way you were.

See that there are crimes, even the worst kind, that prescribe after X years. Certain records about you should prescribe too, IMO.

Of course, there are cases and cases here. I don’t think that a public person, such as a politician, should have that much leeway, particularly regarding their comments, their public speech or their scandals.

They aren’t a citizen that is just trying to make a living, they are someone that might be trusted with a lot of power, and people do have the right to know what they are voting for.

I mean, for example, getting drunk in parties when you were young, to be honest, isn’t something that should even be accounted for. Unless, of course, you happen to be one of those anti-alcohol advocates, lol.

I’m not sure how to address the latter point, to be honest. I’m a radical advocate of freedom of speech, but I’m also one of privacy.

Oh, and one thing:

Companies should never be liable for what their users do with their services, whether is a site or not.

Other thing is that if after a court, that is the institution that has the role of determining whether something is illegal or not, has ruled that they should delete such content (for example, in the case of the “right to be forgotten”) and they still choose to defy it. Then you could hold them liable.

And yeah, I’m talking about a court ruling, with the company having the right to defend themselves on a court.

Because when basic rights clash (privacy vs. freedom of speech, for example), only a court has the proper standing to determine which applies and which has priority.

That’s one of the tenets of our society. Parliaments/Congress make the laws, the Governments manages the country, Courts apply those laws.

Gwiz (profile) says:

Re: Re:

The same as you aren’t allowed to put cams on my home to spy what I do, the same applies to the internet. Or should apply.

I don’t necessarily disagree with you or your comment, but I do have question concerning the sentence I quoted:

Does this privacy right you speak of extend to when you are in public areas? IE: Could I legally photograph you walking down the street? If so, wouldn’t most your activities on the internet also be considered to be happening in a public space?

Anonymous Coward says:

Re: Re: Re:

Can you photograph me on a pubic street? Yes. Can you have surveillance cameras in your store? Of course. But can you follow me around with a camera every day and photograph everywhere I go? That might be crossing a line.

There’s a difference between a website tracking you when you’re on their site, and tracking almost every single site you go to.

A. Lauridsen says:

Re: Re: Re:

In my country, you aren’t allowed to take pictures of individual people in a public area. Wide angle pictures of a crowd is fine. As soon as you focus on one individual, you are breaking the law.

The same applies to webcams. Only certain institutions are allowed to have webcams which provides images of a public area, e.g. a sidewalk. Exceptions are banks which are allowed to focus on the sidewalk immediately in front of the bank, and cabs which are allowed to take pictures of customers.

Anonymous Coward says:

Re: Re: Re:

Does this privacy right you speak of extend to when you are in public areas? IE: Could I legally photograph you walking down the street? If so, wouldn’t most your activities on the internet also be considered to be happening in a public space?

You just explained exactly why I don’t leave my house anymore. I can’t cope with the possibility that some punk with an iPhone might snap my picture on the street without my knowledge or consent and then upload it somewhere for no other purpose but to make fun of me for some reason. Once it’s out there, it’s out there, and there’s no way I can take it back. So I might as well just not contribute to the problem at all.

I’m no big fan of the PC, SJW types who ran Reddit into the ground (much less the hysterical counter-trolls who wasted the U.N.’s time whining about “cyber bullying” — read: disagreeing with the feminist narrative — when they’re the real bullies against anyone who calls them out on their BS), but as someone who isn’t exactly bathing suit material, I feel I have a personal responsibility not to allow myself to end up on a site like FPH (Fat People Hate) or RoK (Return of Kings).

I’m not taking a side here in this ugly debate between the E.U. and the U.S. I’m just saying that circumstances of technology are probably going to lead to an uptick in social isolation of those deemed “undesirable” by the Roman colosseum cacophony of jeering perfectionists and appearance/speech police among the digital masses. Already it’s a phenomenon in Japan that has its own unique word: hikikomori, youthful recluses who’ve rejected the untenable pressures of modern life. Sooner or later, that phenomenon will come here to the ‘States too. And maybe that’s not necessarily a good or bad thing, but (human) nature’s way of “thinning” the herd. Those of us who are on the fringes of society hiding out from bullies of all sorts can only hope that our relative uninvolvement with the public sphere earns us a “right” to be forgotten.

Chris Maresca (profile) says:

Re: Re:

Unfortunately, there is your idealism and then there is reality. You also have some misconceptions about the US and where the ideas that form the basis of ‘your society’ actually come from…

The US was founded by people who fled Europe to escape control and intolerance. Separation of powers is also a fundamental tenant & innovation of the US Constitution. Over the centuries, the founders idealism has eroded and realpolitik has taken over. Which is largely why you see movements like the Tea Party, who want to go back to this idealism (however naive & misguided this might be…).

The harsh reality, even in your country, is that surveillance is pervasive. You may think intelligence agencies need court orders, but all countries have exceptions to this. And EU countries have even more exceptions than exist in the US.

Why? Because EU countries have Civil Services – a large body of people who stick around through political transitions and manage the affairs of state. They believe (rightly or wrongly) that they are ‘protectors’ of the state and institutions and carve out policies to insure this, including extensive surveillance. I’ve seen it up close working for 3 EU governments and I have been reminded (repeatedly) of the civil service importance in insuring the continuity of things.

The primary difference in the US is that every new president appoints all of the dept heads down to very junior levels. When a new president comes in, there is wholesale, top to bottom, reshuffle of the government and a very, very large number of ‘political appointees’ come from outside the gov’t and are loyal only to the president. It’s very disruptive, but it also is great insurance against what has happened in EU govt’s. So, while the US only has two parties, the transformation in the transition between the two is very, very real and dramatic.

I would also note that the EU civil service problem is made even worse by the fragmentation of EU political parties. That basically insures that there is ongoing role for this permanent bureaucracy to manage the state.

As far as private companies ability to track you, that is a contract between you and the company. Even in the EU, it’s possible to do this (cf. AVG). It has nothing to do with jurisdiction – Google can track you in the EU, even in Germany, since you agreed to this when you started to use their service….

P.S. Most of what you are advocating already exists in the US – it’s even possible to scrub your police records.

Anonymous Coward says:

Re: Re: Re:

“Unfortunately, there is your idealism and then there is reality. You also have some misconceptions about the US and where the ideas that form the basis of ‘your society’ actually come from…”

Ah, well, when I say “our”, I mean western democratic society, including the US, that’s why I also said Parliament/Congress and not only Parliament.

I think that the US has proper core values, even if their citizens (and governments) forget about them.

Still, I know it’s idealism. But you see:

“I’d rather strive to turn an utopia into reality, than make the current reality an utopia.”

Women’s rights were pure idealism (worse than mine) a century ago. Now, while they aren’t perfect and they can be better, at least they are considered intelligent and rational persons, the same as men.

Before they weren’t allowed an education, for example, because many men considered them more stupid than chimpanzees.

Yesterday’s idealism can turn into tomorrow’s reality if we fight for it hard enough.

“The US was founded……….However naive & misguided this might be…).”

In the EU there are a lot of movements like that. Some got political representation too, such as the Green Party or EFA, that advocate for separation of powers, plus they are pretty hardcore on citizens’ rights.

And there are parties like the Tea Party too, that advocate similar points of view.

“Why? Because EU countries have Civil Services………….bureaucracy to manage the state.”

Well, I can’t say whose is better.

You see, if the president apoints them, it means that they will favour the party that put them there first, because they care about their jobs, not the citizens.

In many EU countries, the ruling government appoints specific directors and top civil servants too in many cases.

Still, the idea behind civil services is to make sure that they are kept neutral, because they have a lot of power that can be used.

See this way: president appointed civil services could be used against opposing parties and dissenters. They are loyal to their party, and thus, they can use the power given to them to keep that party ruling.

And well, what you’re telling me about civil services bringing massive surveillance… hasn’t that happened already in the US?

Don’t the NSA, FBI and other bodies consider themselves the protectors of the citizens and that they got the right to monitor them?

Aren’t those bodies more worried with their power and keeping their jobs that serving the citizens?

Isn’t your police the same with that “us or them” mentality?

You see, surveillance has nothing to do with having civil services or not. As you see, the US has plenty of it even if you appoint most of your civil servants.

Btw, I’m not sure about what the civil servants do in other countries. In mine? They just want to do their job without complicating things. Why bother? Their job is safe and their pay is a decent one. And they even got labour rights!

“As far as private companies ability to track you, that is a contract between you and the company. Even in the EU, it’s possible to do this (cf. AVG). It has nothing to do with jurisdiction – Google can track you in the EU, even in Germany, since you agreed to this when you started to use their service….”

They can track you. But they aren’t allowed to share that data with 3rd parties without a valid reason, and neither without your express consent when they do so (no, a simple blog entry doesn’t count, they have to ask you specifically and you got the right to make them delete all the data they have about you).

The AVG thingy? It’s been just 2 weeks. Wait until the Data Privacy Watchdogs catch up on that. We are talking about the guys that got through that “right to be forgotten” thing.

And yet, let’s say that due to citizen pressure or whatever, we want to toughen privacy laws. The data being on EU servers gives the EU citizens some power over it.

At least, more than if it’s in the US.

Anonymous Coward says:

Re: Re: Re: Re:

Well, not all women are seen as rational agents who value fact over superstition and reason over emotion.

Just look at the two little neon-haired hysterics who wasted the U.N.’s time trying to impose draconian censorship laws on anyone who has a differing opinion than they do or calls them out on their bullshit.

Sadly, if Republicans end up finding a way to repeal the 19th Amendment, it’ll be Anita Sarkisian’s fault for being the plump, pierced public face of “feminism.” No rational woman (and I am one myself) wants to be associated with that.

tqk (profile) says:

Re: Re: Re:2 Re:

Well, not all humans are seen as rational agents who value fact over superstition and reason over emotion.

FTFY. Not to mention, we are far from that possible ideal. How did this question even become a gender issue? Most people I see are clueless, ignorant idiots who’re satisfied to be that way. Alternatives actually scare them. Just look at the US’ political system. They wouldn’t have it any other way.

Wendy Cockcroft says:

Re: Re: Re:3 Re:

Thank you, tqk.

RE: the article, honestly I don’t know what all the carping is about. Once CETA and TTIP have been rammed through the European Parliament, then our national parliaments, we’re going to be stuck with whatever privacy-invading nastiness is in there whether we like it or not. And since the EU Commission is performing David Cameron-esque activities to get the damn agreements through, this is only so much noise being made to make them look like they actually give a rats about us before they sell us down the river.

Our only hope is to mobilise against them the way we did with ACTA, and kill them in the Plenary voting sessions.

Chris Maresca (profile) says:

EU law enforcement & intelligence agencies wet dream

This decision is a wet dream for EU police & intelligence services. They will no longer have to beg (or go through legal niceties) the US for access to this data, it will right on their doorstep.

As for the NSA, the two countries through which most of the EU internet connections travel (the UK and Netherlands) are very, very closely aligned with US intelligence agencies and rank at the top of EU countries spying on people. Anything they can hoover up is accessible by the US and I’m sure the NSA will be happy to subsidize more hoovering tech. In fact, the EU is going to make things much easier for them when they legislate data retention.

As far as ‘EU privacy’, what a joke. As AVG proved a couple of weeks ago, you only need to have the data located in the EU and tell your users you are going to do whatever you want with their data.

I’m sure Max Schrems is feeling very smug right now, but he’s just made the situation infinitely worse in terms of privacy for both EU & US persons as you won’t be able to ‘jurisdiction shop’ as easily as you can now. And if he thinks he’s ‘stopped the NSA’, well, I have a bridge for sale…

Coupled with the EU being hell bent on data retention and pervasive and expansive spying on their own citizens, I’m surprised EU intelligence services aren’t dancing in the street.

The EU – the gift that keeps on giving citizen data away….

(note – not that the US is any better, but at least it’s blatantly cynical about it and doesn’t hide behind pretend privacy claims. And where is the European Edward Snowden?)

Anonymous Coward says:

Re: EU law enforcement & intelligence agencies wet dream

Well, it’s a matter of points of view.

You see: US citizens distrust governments. EU citizens distrust companies. To be honest? In the end both are the same shit: you trust companies that bribe your government (even legally), we trust governments that are bribed by companies (technically it’s illegal, lol).

You see, for starters, the EU has directives that cover data privacy, while the US doesn’t. They got some sort of mix and patch, but there is no law that limits what companies can do with the data.

In fact, it’s US companies the ones that lobby hardest to weaken EU data privacy laws.

And btw, you know why that AVG thing can happen? Because of that “jurisdiction shop” thingy you mention. That wouldn’t be allowed in many EU countries, while it may be allowed in Czech Republic.

While directives are a thing, how each national government applies them is another thing.

I’m not sure about privacy. It will probably be the same: shit.

And don’t you think that EU governments are all buddy-buddy with each other. Hah. This is the EU, not the US. We’ve been hating each other for centuries and that hasn’t changed that much. We look nice on the outside while we keep backstabbing each other.

Still, I got a question for you: would you want Facebook or Google servers in Russia, for example? Sure, your government wouldn’t be able to get you because of Russian “legal niceties”, but Russian government would be able to do a lot of things with that data; like blackmailing you, use it for their economical gain or even send it to LEAs to fuck up your life.

You see, my own government is spying on me already. If it wants my IP or my data, your companies will cough up it without issues.

Still, there are legal niceties here regarding coughing up the data too. Don’t you think that just because the government comes asking for data, any company will cough up just because. Only a court order or warrant can make a company cough up the data here too.

Also, you talk about mandatory data retention but… what’s the purpose of not being mandatory when then the companies will keep that data nonetheless? Google, Facebook, Amazon, Apple… don’t all of them keep that data whether mandatory or not?

And well, I’m not sure if they give it to EU governments, but they sure give it to the US government. Apart that it gains advantage with EU citizen data, I’d say that they trade it like Magic TG cards.

And there have been plenty of stories here of them coughing up that data and in some, even not being allowed to tell their customers about it.

And btw, not sure about “hiding behind privacy claims”, but “metadata isn’t data” sounds pretty hypocritical to me, if you get my drift.

Still, from the EU point of view this ruling is a precedent regarding:

– A court has considered valid Snowden leaks regarding the NSA. Not a government or a parliament, but a court. It gets harder to say that such things are false (or just leaks) when a court has believed them.
– A court, the highest court, has said that mass surveillance goes against EU data privacy laws. That means that there are grounds to go further to target local mass surveillance programs set by the different governments.

Anonymous Coward says:

Re: EU law enforcement & intelligence agencies wet dream

There cannot be a European Edward Snowden since there is no “european” to speak of here. It is a question of the specific countries and their secret services.

USA can play with them all day long: Sure it is a more expensive interaction and gives a lot of duplicate data, but you can be certain to get everything on everyone in Europe. NSA doesn’t really care much about this since it is their backup system for acquiring data on europeans.

But when it comes to the councils of EU, the data collection desire is endless. Effectivising the system requires data and data requires bureaucracy which you need data for to effectivise, which requires bureaucracy etc. Right now the debate is about that issue. Surveillance is way down the list, only getting raised as an issue by the extreme left politicians, and the hypocricy caused by their big state ideals is making it a moot point. A group of libertarians do exist, but they are more interested in making the rich, richer and more untouchabel than actually protecting personal rights.

Anonymous Coward says:

Re: Re: EU law enforcement & intelligence agencies wet dream

Well, something should be said about “big state” ideals.

There is the fallacy of identifying right wing with anti-state and left wing with pro-state.

To be honest: both are pro-state. When you look at the extremes, both fascism and most of the real forms of communism (the theoretical ones too, but they tried to protect people’s individual rights), put the state before the individual. The only difference is that one claims to do so for morals or traditions, and the other is for the people.

Now, without going to the extremes, right and left wing parties both support using the state. Just that how each uses (or says that uses) it it’s different:

– Right wing parties use the state, as you say, to make the rich richer and more untouchable. They are big supporters of regulating speech on the internet, including mass surveillance for “your security” or tougher IPR laws. They are the biggest opponents of net neutrality too, for example. Want an example of them using some sort of “superstate”? Think of TTIP/TPP/TiSA. If you see it this way, the TTIP would set some sort of “superstate” that would forbid states (and citizens) from changing the laws if they go against that “superstate”.

– Left wing parties. Well, most of what are called left wing parties (including extreme left) are actually social democrats, although pure communist parties do exist, though they aren’t as common as you think. As social democrats (S&D) have turned more to the right (they are center to center right in some countries, like in France or Spain) they keep labelling the left wing parties as extreme left, to avoid their lefty voters going to those parties.
But if you check their records, they are the biggest supporters or freedom of speech and privacy on the internet, plus net neutrality and against data retention directives. They also use the state and regulations too, and are as big lovers of them as right wing parties, just that their purpose tends to be more in line with the rights of their citizens (or at least, a majority/the weakest of them). Still, they are the biggest supporters of direct democracy methods, rather than the representative one.

So yeah, contrary to the beliefs of most, it can’t be said that right wing or left wing are anti and pro state. Both are pro state.

The “so called” libertarians actually are pretty pro-state too. Maybe they aren’t in some parts, but touch their patents or their IPR, and expect some hell. And sure, they talk about reducing the budget for welfare or healthcare, but they tend to be big supporters of increasing the budget of the police and military.

Another fact of EU politics is that labelling is VERY important. I’ve mentioned a few examples of that, such as Social Democrats calling themselves center-left when that’s not the case (see their behaviour with TTIP, lots of makeup but the essence is that they support it) or left parties being called extreme left to make them look as commies and bad guys.

Other examples are the ALDE calling themselves liberals. Well, they are, in some way. But if you check some of the members of that coalition, many of them belong to Christian Democrat parties and right wing oriented parties. In the end, they aren’t that different from EPP, they tend to be nicer, but not much better, tbh.

And btw, the data collection desire is endless everywhere, be it the EU or the US; or any other country.

Anonymous Coward says:

First, the “legally photograph” should depend on what you’re doing.

To be honest, I disagree with surveillance cams put on the street, because they are a way of tracking people even if it’s for our safety (or so they claim).

That being said, you should remember that when you’re connected to the internet, you’re communicating with a server (sending and receiving information). As all are the users that are connected to it.

So first of all, you “don’t walk” on the internet, you communicate with other computers.

Privacy includes the privacy of your communications.

That is appliable whether you’re out of your home or not. No one can just monitor what you’re talking on your mobile phone just because you’re physically on the street.

On the other hand, communications done at home have a further layer of privacy, because it’s the privacy of your home. Where you are physically is also important for that, because if you monitor someone at their home, you’re breaking the privacy of their communications, plus their privacy at home.

See it other way: paper mail is done either using a company or, in some countries, it’s a government agency the one that does it.

Even if your mail is delivered via post office and most of the time remains in public areas. And yet, it belongs to private communications and no one has the right to read it unless there is the suspicion of a crime (and even then, they have to follow a procedure).

Gwiz (profile) says:

Re: Re:

The reason I asked the question the way I did is because here in the US we have very little legal expectation of privacy while in a public space.

I’m also not sure your statement of “privacy includes the privacy of your communications” is as absolute as you make it out to be. Posting a notice on public bulletin board is a form of communication that has no expectation privacy whatsoever. Wouldn’t posting a comment to a website be similar?

On a similar vein concerning snail mail, mail sealed within an envelope has an expectation of privacy, but a postcard does not.

I’m not trying to argue here. Like I said I mostly agree with your sentiments, I’m just trying to figure out in my own mind, where the line between “private” and “public” is concerning activities online.

tqk (profile) says:

Just a nitpick: "... dangerous for the internet."

Pretending that you can just focus on “privacy” without considering free expression or how the internet itself works is not only foolish and naive, but potentially dangerous for the internet.

I don’t much care about “dangerous for the internet.” Yeah, it’s a technological marvel and tres cool and all, but it’s essentially a machine which leverages communications between humanity, and the latter I do care about.

“Right to be forgotten” and “free speech” are not just internet related. Those concepts impact many more forms of intellectual commerce than those facilitated by computers and the net.

Whatever (profile) says:

The true difference I think (opinion, nothing more) is that all American things are rooted in absolutism. You must have absolute free speech or you have none, you must have absolute access to guns or you have none, etc. The American constitution basically defines things in absolute ways, and odern society has taken them to their nth degree limits.

The usual phrase is “your rights end where my nose begins”.

The European version is much different. It’s much more “your rights ends at the defined and somewhat expanding bubble of my rights”. There is a certain amount of extra space given to the individual rather than to everyone else.

Put another way, the US freedoms are based on in many ways not so much personal rights as much as what the public’s rights are against your space, and you get what is left. The EU versions seem to be much more based on creating the personal space, and defining the public’s rights in consequence of that.

The difference is quite simple: Americans can say, report, share, and take pictures of things that might not be entirely acceptable in the EU (and many other places, it should be said). One of the reasons many Hollywood stars relocate to places like the South of France is to take advantage of much stronger anti-paparazzi laws which give them much more privacy.

The US constitution is an amazing document, but since it was written so long ago, perhaps doesn’t entirely reflect on modern life or consider the implications in a modern world. The second amendment is an abomination, allowing the wholesale production, distribution, and carrying or firearms – in a country with huge amounts of gun crime, inuries, and murders. It allows free speech from the likes of the Westboro church… and so on. It’s absolute and inflexible and while is represents freedom, it often seems to prove that absolute anything isn’t a good solution.

JoeCool (profile) says:

Re: Re:

One of the reasons many Hollywood stars relocate to places like the South of France is to take advantage of much stronger anti-paparazzi laws which give them much more privacy.

Those would be the same laws that protected Princess Diana when she was in essence “killed” by the paparazzi in Paris? Those laws?

I would assume any such laws have maybe come around AFTER that particular incident.

A. Lauridsen says:

Re: Re:

Although I think you go too far in certain areas, I do believe you have touched upon a very valid point.

The cultural difference between Europe and the US. We have a lot of similarities, but also a few subtle differences.

One important area is the concept of compromise. In many respects, compromise is seen as a weakness in the US, as a willingness to concede your own morals. In Europe, compromise is seen – not only as a means to at least affect some changes – but also as a means for letting minorities have some say in crucial matters.

Privacy and Freedom of speech can at times be at odds with each other, e.g. the right to be forgotten verdict. Here in Europe we try to achieve a balance – a compromise – between the to – sometimes – opposing views.

The US constitution grants no explicit right to privacy. Privacy is derived by common law from the 1st and 4th amendments.

An American trying to understand the European viewpoint will have to, not only, grasp the concept of an explicit right to privacy, granted by the constitution, but also to see the value in achieving a compromise.

Anonymous Coward says:

Re: Re:

I don’t know – it’s the same absolute anything that allows you to say things such as undying support for police collateral damage.

What you consistently desire is neither US or EU. It’s a system where personal rights are restricted to an elite few, including you, at the expense of everyone else.

Anonymous Coward says:

Re: Re: Re: Re:

True, and if you took a look at Whatever’s post history, he certainly qualifies as a Sith.

Whatever has constantly and adamantly stated his belief that the police are under immense pressure against overwhelming odds of crime, and society now has become extremely self-centered who hate the police. Therefore the only way the police can effectively enforce law is by escalating every possible situation, shoot unarmed citizens and scoop up as much data as possible while banning any investigation or scrutiny of their reckless conduct.

tqk (profile) says:

Re: Europe Cesspool

Europeans are all socialist.

I was teenaged in the sixties and I know what it’s like to grow up hearing that word used as “in league with the devil”, but the Cold War is over now, and we don’t have to worry about the Red Threat anymore (Russia’s no longer a communist threat, Cuba’s even being welcomed back), so is “socialist” really devilish, or just Cold War propaganda?

The phrase “We The People” is “socialist”, you know?

Anonymous Coward says:

Re: Re: Europe Cesspool

No, in fact, it is not.

If you’re in the US, get back on your scooter and return to whatever Bernie convention you’re missing while posting here . . . if you’re in the .eu, well, who cares what you think?

Your fiasco of a “union” is fragmenting faster than the US, and until I saw the wanton logistical suicide being committed by your political leaders in the form of mass importing violent young men who are clearly anything but actual refugees, I didn’t think that was possible.

DavidMxx (profile) says:


It’s good to see the comments here, especially because the comments come from both US and from EU individuals (and no doubt other areas of the world).

If I could summarize what I’ve read: One cannot trust US companies to honor data privacy, and one cannot trust EU governments to honor data privacy.

I live in the US, and so let me add that one cannot trust the US Government to honor data privacy either. So for now I think we have the EU beat when it comes to not honoring data privacy.

I would add only one thing to the discussion…I would like to point out that we allow the conversation to be controlled by adversaries of the right to privacy when we repeat statements like “The European Union Charter grants data privacy”. That is NOT actually correct. The correct statement is that the Charter acknowledges that data privacy is a fundamental human right. It does not grant that right, it acknowledges that the right exists, whether or not the Charter includes provisions for it.

In the same fashion, the US Constitution grants no individual rights. It acknowledges that those rights exist, irrespective of any governing body of law.

In the course of events in the last few decades, we have lost sight of that. As a US citizen, I would remind the US Government that the Constitution is a document with the specific focus of limiting GOVERNMENT. The human rights that are acknowledged by the Constitution were put into the Constitution in order to remind the Federal government that those rights cannot be abridged by any law or policy. I realize as a society that we have passed laws clarifying those rights (example, one cannot harm another by lying abut their character), but this does not detract from the fundamental rights we enjoy.

So it is important to remember that the Constitution does not grant human rights. They exist, period. If the Constitution was done away with tomorrow, the rights would still exist.

It is good to see that the vast majority of us agree that the rights acknowledged by the US Constitution and by the EU Charter apply to citizens of all countries equally.

Mr.Mohsin (user link) says:

Leather Manufacturer Producer & Exporter.

Khawaja Tanneries(Pvt)Ltd is specialized in producing excellent varieties in COW & BUFFALO and enjoying 1.5 Million production capacity per month in Square Feet.Through time, our business has gradually broadened towards the various countries world-wide such as China, India, Vietnam, Thailand, Russia, Indonesia, Malaysia, Japan, USA, South Korea, Taiwan, Italy, France, Spain, Poland, South Africa, Germany and many other countries around the world.We also have developed quality standardization and remarkable service level to ensure complete customer satisfaction.Khawaja Tanneries is ranked amongst the most modern production units of Pakistan.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...