But user names in e.g. Facebook aren't private information, they are explicitly public. As are messages you publish to people. That's just not an issue. The issue concerns private information associated with your account that you have not chosen to share such as your personal phone number, physical address, date of birth, etc. Of course if you send that information around in public messages that's your problem, but if you keep it in your account, then the company, such as Facebook, transferring that account information to the US it is a problem.
My name is private data and should be treated as such. Companies need to have my permission to gather my name, and they need to tell me what they use it for and how long they store it, they should not gather it if they don't need it, they should store it securely, they should not share it with other people without getting my explicit opt-in.
That doesn't make it impossible for Facebook to do business. It just means Facebook needs to be more careful with what they gather and store.
I don't know. The EU's own website[1] on data protection refers to your name and photographs as private information that is subject to privacy protection laws.
Relevant quote:
> Individuals regularly disclose personal information such as their names, photographs, telephone numbers, birth date and address while engaged in a whole range of everyday activities.This personal data may be collected and processed for a wide variety of legitimate purposes such as business transactions, joining clubs, applying for a job, and so on.
> Nonetheless, the privacy rights of individuals supplying their personal data must be respected by anyone collecting and processing that data.
Where it gets really tricky is caching. Say you do your intercontinental join but then want to cache HTML fragments for performance, well, is that classed as "transferring data" because technically it is...
I think it will be reasonably argued that data in this context is the master record. The source of truth to which queries are sent.
A cache is not that, and you need only look at something like the EU e-commerce directive to find exceptions for caches and networks on the basis of being a "mere conduit" for the communication.
It is not as if the data is now toxic and cannot be cached or communicated outside of the EU, only that the data must be stored in the EU and should not be replicated to any database or storage outside of the EU that would prevent EU privacy law taking effect. That's important as EU privacy law already has enough exceptions to allow reasonable scenarios like caching to function.
And if you are going to say "well I could just query my cache", then I'd suggest that if your cache is able to do much more than a single key|value lookup to retrieve the cached item then it is in fact a database you'd lose the protections of being a cache and you're back in the world of not storing EU data outside of the EU.
