If you care about privacy, does it matter where your data resides? Does it matter if the company you have trusted to host your data is a UK, European or US legal entity?
Did you know that Google, Apple, Microsoft and DropBox have some fairly interesting privacy policies. They can access your data and if you use their service you have already agreed to give them access to your private data.
In an article published by The Guardian newspaper, titled "Snowden: Dropbox is hostile to privacy, unlike 'zero knowledge' Spideroak" . "Whistleblower urges consumers to adopt more secure file storage systems which are less susceptible to government surveillance" read the full article here: https://www.theguardian.com/technology/2014/jul/17/edward-snowden-dropbox-privacy-spideroak
"And Google has information you deleted"... even the data on your GoogleDrive you explicitly deleted. Read another article from The Guardian, titled "Are you ready? Here is all the data Facebook and Google have on you" by Dylan Curran, read the full article here: https://www.theguardian.com/commentisfree/2018/mar/28/all-the-data-facebook-google-has-on-you-privacy
And if we do, do we challenge them? Many contracts have terms that we might not like, understand or agree with but there is very little we can do to change them. Some large organisation who have the spending power to force their suppliers to change their policy, might make some changes, which later prove to be worthless. If you could change the terms you would find that it is largely pointless, many of these providers are US owned and operated and the US Government and the US Department of Justice (DoJ) has some pretty far reaching laws such as the recently introduced CLOUD Act (Clarifying Lawful Overseas Use of Data Act). The CLOUD Act is a new law that allows the DoJ to file motions in the United States Supreme Court to compel US companies such as Microsoft, Apple, DropBox, BOX and many other US owned and operated organisation to share data it is storing regardless of where it is located, in a recent article in The Register: www.theregister.co.uk/2018/04/03/us_government_serves_microsoft_with_fresh_warrant_for_irishheld_emails/ a new light is shone on the lengths the US Government will go to gain access to private data. In the article a source is quoted as saying "The CLOUD Act requires a provider to preserve, backup or disclose data even if the data is outside the USA." This means if you have subscribed to a service provided by a US company and the service is hosted in a facility in the UK or Europe, the US Government by legal means can gain access to it.
The challenge will now be how will UK & European law makers rationalise this with our own laws such as the new General Data Protection Regulation (GDPR) and how will a US owned organisation react to the potential of choosing to violate a law of its own country or that of a foreign nation that makes up a fraction of their annual revenue.
The debate and laws will undoubtedly rage on and like some, you may think "if you have nothing to hide you have nothing to fear" that may be true but the readers of George Orwell and historians who have studied the darker days of European history can tell you where that might lead. Whichever, side you come down on what we can say for sure is that if the you choose a service provider to host your data that is a UK owned and operated company it will be governed but the laws of the UK Government and rightly that of a US or EU country will be governed by that respective countries laws and regulations, if you are a citizen of that country and you don't like the laws you can use your vote or lobby your MP to influence those laws. You can also choose to select a service that is governed by the laws you trust and respect!
Your comment will be posted after it is approved.
Leave a Reply.