"Thanks, Obama! [And Bush!]" A European Union court has decided that loosey-goosey NSA mass surveillance programs of data within the US, with the cooperation (or coercion) of large tech companies, means personal data of EU citizens on US servers is not adequately safeguarded — which means, under EU law, it cannot be stored there.
That's a huge problem potentially for major US firms like Amazon and Facebook and the like who have used the US/EU "safe harbor" agreement to store personal data wherever they want. But it's also a problem for companies like my former employer who relied upon safe harbor provisions to store company HR data centrally. Will they now (or soon) need to break out EU employee data into a separate instance, controlled under separate rules?
Actions have consequences. By demonstrating that data is not protected from mass scrutiny in the US, the US has demonstrated that countries that care about privacy should not have their data handled by US companies. And this goes beyond just where the data resides. The US government has argued, for example, that Microsoft should be compelled to turn over data that is residing on servers in Ireland because it is a US company. If they succeed in that argument, I can see the EU saying that private individual data cannot be turned over to US companies at all. Which won't do any of us any good.
If the Internet gets broken into separate fiefdoms, it would be ironic if it weren't because of rapacious Big Business but because of overreaching Big Governments.
An EU Court Invalidates an Agreement Allowing Tech Companies to Move European Data to the U.S. – The Atlantic
The Safe Harbor agreement was challenged by an Austrian graduate student, who argued that personal data of EU citizens was misused by the NSA’s Prism program.
cringe