undefined | Better HN

0 pointsNursie1y ago0 comments

> Can someone clarify for me why the physical location where data is stored is a big deal?

Because the place where data is collected and stored may have different rules around privacy and data protection then the place it is exfiltrated to.

If I give my data to a company in one place that has strict laws on what may be done with that information, I don’t want it escaping to a low-protection jurisdiction where there are no penalties for selling it to the highest bidder for god knows what purpose.

If there was an acceptable worldwide convention on personal data privacy that would solve the problem. Until there is, it matters a lot.

0 comments

lolinder1y ago

But again I ask, why does the physical location of the data matter? Why do the laws care?

The EU has a law that said you must treat data of their citizens with respect. Fine, that's great. Any business that has a presence in the EU will need to follow that law. At that point, why does it matter where the bits are actually stored? Can the EU for some reason not enforce its privacy laws on Uber if Uber keeps its data somewhere else?

Conversely, if a business has no presence in the EU, can the EU enforce its data location laws on them?

The only thing that seems to matter for enforcement is where the company is located, so I'm really unclear what data location has to do with anything.

kangda1231y ago

> Can the EU for some reason not enforce its privacy laws on Uber if Uber keeps its data somewhere else?

Yes. Even assuming these laws still work if data is in another jurisdiction (prob. not), they become unenforceable. If someone sells your data in, say, Somalia, how could EU gather evidence and start a legal process?

NursieOP1y ago

> Can the EU for some reason not enforce its privacy laws on Uber if Uber keeps its data somewhere else?

Maybe not, especially if they are separate corporate entities. Uber EU may choose to pay for operation of data storage by Uber US. Uber US is not under the same privacy restrictions and sells the data for profit, then what? Who sues who and for what?

This is also partly about governments - the US in particular is known for compelling access to servers that are on its soil and doing large-scale spying (not that EU powers don’t do the same, but bear with me). Companies operating in the US may not be legally able to guarantee data privacy. So having the data not enter US jurisdiction in the first place is considered safer.

j / k navigate · click thread line to collapse

0 pointsNursie1y ago0 comments

> Can someone clarify for me why the physical location where data is stored is a big deal?

Because the place where data is collected and stored may have different rules around privacy and data protection then the place it is exfiltrated to.

If there was an acceptable worldwide convention on personal data privacy that would solve the problem. Until there is, it matters a lot.

0 comments

lolinder1y ago

But again I ask, why does the physical location of the data matter? Why do the laws care?

Conversely, if a business has no presence in the EU, can the EU enforce its data location laws on them?

The only thing that seems to matter for enforcement is where the company is located, so I'm really unclear what data location has to do with anything.

kangda1231y ago

> Can the EU for some reason not enforce its privacy laws on Uber if Uber keeps its data somewhere else?

NursieOP1y ago

> Can the EU for some reason not enforce its privacy laws on Uber if Uber keeps its data somewhere else?

j / k navigate · click thread line to collapse