Maybe I'm reaching a bit too far, but we're mainly discussing this in the context of non-US resident's data being transferred to the US, without their say so, where the NSA then does whatever it likes with it. But surely this treaty goes both ways? Doesn't it also allow US citizen's data to be transferred to Vietnam etc, without the person's permission, under their legal framework and their government and commercial agencies get to do what they like with it according to their laws? And the US government is ok with that?
Unless I'm missing something, the US government (and NZ, and Australian, etc) just completely sold out their citizen's privacy to a whole bunch foreign nations including a communist dictatorship. Wow.
This has never been illegal in the US, and in fact has been happening for a while. The US has no general privacy law, and the First Amendment is usually construed against privacy.
(There are some narrowly focused privacy laws like HIPAA)
> "Few legal restrictions exist on financial service companies sending customer data to foreign countries. Financial institution customers may not opt out of these information transfers to nonaffiliated service providers if the transfer is for a purpose described in section 502(e) of the Gramm-Leach-Bliley Act (GLBA). For example, the opportunity to opt out does not apply where the information transfer is to: (1) service or process a financial product or service that the customer requested or authorized; or (2) maintain or service the customer's account."
I don't think so. What it is saying is that if a Vietnam-based cloud company sets up shop, the US cannot mandate that it keep US customer data on US servers. I can see why the US wants this: They want everyone's data in the US. What I cannot see is why anyone else would agree to this.
My guess is that what it really means is that such companies are allowed to operate. OK, fine. But no one is forced to use them. So the US might say "Nice service, Vietnam. But we won't buy it unless you put servers in the US." They aren't forcing anyone to do anything.
The end user doesn't get a choice. The US has no general data protection law. Customer loyalty cards, credit records, ad tracking data: all of these may already be kept overseas.
But surely there never was any requirement that to sell things to US customers you have to have servers in the US. People in the US have been buying things from Alibaba and other Asian companies based solely in Asia for years. Similarly you could log from the US to Baidu in China and create a personal account full of personal data, and that hasn't changed either. These laws are all about transferring data between jurisdictions, not whether or not you have to operate your services locally.
No it doesn't de facto because the biggest (by user count) internet services are based and operated from USA, e.g. Google, Apple, Microsoft, Ebay, Youtube, Twitter, Uber etc. And it probably will not change in the future. So keeping current situation is good for USA and bad for everyone else.
It is better to have local services so the money and personal data don't go overseas and help local economy. The current situation is obviously wrong. There are customs duties that protect local companies and there is nothing to protect them in the internet. So we have USA taking over this new market. This should be changed.
China is an example of a country that has their own search engine, blogging platforms, video sharing sites and most of people prefer them over USA based websites.
> just completely sold out their citizen's privacy to a whole bunch foreign nations including a communist dictatorship.
No they did not because nobody uses services from those countries.
Unless I'm missing something, the US government (and NZ, and Australian, etc) just completely sold out their citizen's privacy to a whole bunch foreign nations including a communist dictatorship. Wow.