Facebook and other US companies that regularly transfer data from European servers operate under a “Safe Harbour” agreement – a self-policed data privacy agreement which has been widely criticised for lax enforcement. Yesterday’s ruling means tech companies will have to review how they transfer data to ensure they comply with European data protection law.
Europe v Facebook
The agreement was invalidated yesterday after a longstanding legal battle between the European court and Facebook, brought by privacy campaigner Max Schrems.
Schrems filed a data protection complaint in 2012 after former NSA employee Edward Snowden’s revelation that the US government had infiltrated the social media giant’s user data as part of a wider civilian surveillance initiative.
While it is too early to comprehend the repercussions the ruling will have on how Facebook, Twitter and many international companies transfer data between Europe and abroad, Wales warned the crumbling of the agreement could cause technical barriers which may decrease service levels.
He said: “The implications for Facebook are, quite possibly, incredibly complex. The whole point of Facebook is to share data across many jurisdictions. How are they going to cope with that? Whether they store my posts here [London] or in California, they are still sharing my posts.”
Wales added that the ruling “concerns me that we may be moving to a balkanised era of data, where data needs to be held in many different jurisdictions.
“From a technical point of view it is complicated to partition things in this way that users don’t even really care about. If I’m using cloud storage like Dropbox as a consumer I don’t care where my data is – I just want it to be fast. I want Dropbox to move the data around to optimise my experience if putting it in California versus London means my syncing is slower then I want it in London.”
Privacy advocate Wales said it would take some time for companies to take stock of the implications of the ruling. But it will have little effect on Wikipedia as it has no legal presence in Europe, Wales said, “so good luck stopping us doing what we want in America.”
State intrusion and Wikipedia in China
Wikipedia has recently encrypted all its pages with SSL, rolling the security measures out on a country-by-country basis.
SSL encryption prevents third parties – or state surveillance – from monitoring traffic or blocking on a page-by-page basis. For example, China has previously blocked certain pages on Wikipedia due to their sensitive nature, like Tiananmen Square’s history.
Prior to encrypting China’s Wikipedia pages, the government blocked the website entirely, Wales revealed.
He will visit the Chinese the government in the next couple of weeks, he said, but expressed a dim view of companies that have been complicit in China’s surveillance policies in a bid to enter the market – companies which include Facebook and Google.
“If you are doing business in a bad place you really should be there for public improvement,” he advised.