"Governments in Australia, the United States, New Zealand, Canada, Singapore, Vietnam, Malaysia, Japan, Mexico, Peru, Brunei, and Chile will be unable to force companies from those countries to store government data in local datacentres ... governments will not only be prevented from mandating data sovereignty provision, they will also be unable to demand access to source code from companies incorporated in TPP territories."
It's incredible how deep the ideological split is, on data protection and surveillance. On one side, you have lawyers saying "hey, this is a problem, this law says you can't do that, we have to find ways to make you comply"; and on the other you have business lobbies and security agencies saying "hey, this is a problem, we need to remove all laws".
Restricting laws are always costly: Environment laws for example -- how costly it is, not to be able to pollute the air, the water, the people. Have filters, have restrictions, use of alternative fuels ... this all costs. And reduces the growth rates of our economies .... Better remove those laws and instead install strict intellectual property laws with unrestricted duration of protection.
That is, how (capitalistic) economy works: Put the costs of the business on the shoulder of many (the people of the country) and the benefits (the profits) on few people.
It isn't 'how' it works. It's something along with other many many things we may like or dislike, that happens in our complicated world. Evidently you can't resist the opportunity to push a political agenda.
Well, in terms of economic theory, he has a point. Markets usually don't take into account so-called externalities such as the environmental impacts of pollution (or individual loss of privacy) when setting prices. Perhaps a better way to view environmental (or data-protection) legistation is not as constraining the untrammelled workings of the free market, but as modifying the market mechanisms themselves to take certain externalities into account, so that they get factored into production costs instead of being passed on to society.
Maybe I'm reaching a bit too far, but we're mainly discussing this in the context of non-US resident's data being transferred to the US, without their say so, where the NSA then does whatever it likes with it. But surely this treaty goes both ways? Doesn't it also allow US citizen's data to be transferred to Vietnam etc, without the person's permission, under their legal framework and their government and commercial agencies get to do what they like with it according to their laws? And the US government is ok with that?
Unless I'm missing something, the US government (and NZ, and Australian, etc) just completely sold out their citizen's privacy to a whole bunch foreign nations including a communist dictatorship. Wow.
This has never been illegal in the US, and in fact has been happening for a while. The US has no general privacy law, and the First Amendment is usually construed against privacy.
(There are some narrowly focused privacy laws like HIPAA)
> "Few legal restrictions exist on financial service companies sending customer data to foreign countries. Financial institution customers may not opt out of these information transfers to nonaffiliated service providers if the transfer is for a purpose described in section 502(e) of the Gramm-Leach-Bliley Act (GLBA). For example, the opportunity to opt out does not apply where the information transfer is to: (1) service or process a financial product or service that the customer requested or authorized; or (2) maintain or service the customer's account."
I don't think so. What it is saying is that if a Vietnam-based cloud company sets up shop, the US cannot mandate that it keep US customer data on US servers. I can see why the US wants this: They want everyone's data in the US. What I cannot see is why anyone else would agree to this.
My guess is that what it really means is that such companies are allowed to operate. OK, fine. But no one is forced to use them. So the US might say "Nice service, Vietnam. But we won't buy it unless you put servers in the US." They aren't forcing anyone to do anything.
The end user doesn't get a choice. The US has no general data protection law. Customer loyalty cards, credit records, ad tracking data: all of these may already be kept overseas.
But surely there never was any requirement that to sell things to US customers you have to have servers in the US. People in the US have been buying things from Alibaba and other Asian companies based solely in Asia for years. Similarly you could log from the US to Baidu in China and create a personal account full of personal data, and that hasn't changed either. These laws are all about transferring data between jurisdictions, not whether or not you have to operate your services locally.
No it doesn't de facto because the biggest (by user count) internet services are based and operated from USA, e.g. Google, Apple, Microsoft, Ebay, Youtube, Twitter, Uber etc. And it probably will not change in the future. So keeping current situation is good for USA and bad for everyone else.
It is better to have local services so the money and personal data don't go overseas and help local economy. The current situation is obviously wrong. There are customs duties that protect local companies and there is nothing to protect them in the internet. So we have USA taking over this new market. This should be changed.
China is an example of a country that has their own search engine, blogging platforms, video sharing sites and most of people prefer them over USA based websites.
> just completely sold out their citizen's privacy to a whole bunch foreign nations including a communist dictatorship.
No they did not because nobody uses services from those countries.
TPP doesn't apply to EU, but TTIP and TISA do, and indeed they could also be used as a "backdoor" for the US to get the data anyway.
At the very least we may see that the TTIP Tribunal would override ECJ rulings (terrible idea for obvious reasons), but I'm hoping that if such an agreement is passed, the ECJ would also rule it invalid for not being in accordance with EU regulations and the fundamental charter of human rights.
Do we have some sources on this? And aren't the proposed Tribunal for ISDS arbitration (where companies can protest/appeal laws and court rulings that treat foreign companies on an unequal footing to domestic or other special status ones)?
"The 12 parties also agree not to require that TPP companies build datacenters to store data as a condition for operating in a TPP market, and, in addition, that source code of software is not required to be transferred or accessed."
Stated that way, it sounds far more reasonable. Source code, yeah of course. You don't want country X being able to demand country Y's company's source right?
And the data centre requirement also makes sense. You can't lock out online competitors on grounds that they aren't setting up local servers. But I don't see anything that mandates you must buy from such a service. If Mexico starts a cloud hosting company and refuses to run Canadian servers, Canada is under no obligation to buy such service. They just can't ban the service for not having Canada-based servers.
The article states that Russia's law requiring Russian personal info to be stored in Russia would be banned if Russia was in the TPP. But they don't state the language used there. It wouldn't be surprising if all other rules and regulations apply. It wouldn't make sense if, say, HIPAA didn't apply to foreign-country clouds under TPP. And if HIPAA applies, then why wouldn't other privacy regs?
Like the source code for critical systems in cars. There should be a requirement for that to be open. It seems that TPP would preempt any such safety legislation.
> Stated that way, it sounds far more reasonable. Source code, yeah of course. You don't want country X being able to demand country Y's company's source right?
I do. Company X is totally free to not operate. My citizens well being or my ability to oppress my own people - depending on the type of country, trumps Y's company rights to make profit from my people.
People don't belong to the Government, the Government belongs to the people. If people choose to do business with a company based in a different country they should be able to.
"Governments in Australia, the United States, New Zealand, Canada, Singapore, Vietnam, Malaysia, Japan, Mexico, Peru, Brunei, and Chile will be unable to force companies from those countries to store government data in local datacentres ... governments will not only be prevented from mandating data sovereignty provision, they will also be unable to demand access to source code from companies incorporated in TPP territories."