Read on Twitter
The EU and US are both using concerns around data transfers (Facebook & TikTok), and the privacy and security of and government access to that data to further OTHER goals under the guise of furthering privacy interests of users/country residents.
This isn't really about privacy.
This isn't really about privacy.
If these were really concerns about privacy, security, and surveillance, we would be having a deeper discussion about transfers of data to other countries as well.
We'd also be talking a LOT more about how access to data while in a country is a transfer of data to that country.
We'd also be talking a LOT more about how access to data while in a country is a transfer of data to that country.
In order to effectuate real privacy change, we need to actually pass legislation and enforce laws that ENHANCE the privacy of individuals.
We need to give users choice and require companies to fix underlying privacy issues. Data residency will not fix privacy.
We need to give users choice and require companies to fix underlying privacy issues. Data residency will not fix privacy.
There's a lot of bad privacy happening that will have detrimental long term effects.
I'm afraid that people will feel like privacy was used as a sword and will tire of the issue before actually aligning on a solution.
I'm afraid that people will feel like privacy was used as a sword and will tire of the issue before actually aligning on a solution.
Here's a SIMPLE privacy & security law that could be passed in the US tomorrow:
Federal data breach legislation. Let's get rid of the 53 state and territory regime and standardize WHAT, WHEN & HOW breaches should be reported.
Give–prob the FTC–the authority to FINE for breach.
Federal data breach legislation. Let's get rid of the 53 state and territory regime and standardize WHAT, WHEN & HOW breaches should be reported.
Give–prob the FTC–the authority to FINE for breach.
Data localization laws are about POWER—not privacy.
Data localization resists two very powerful realities: 1. a globalized, interconnected world & 2. the architecture of the Internet.
To further privacy, we shouldn't resist these. We need solutions to move w/in these realities.
Data localization resists two very powerful realities: 1. a globalized, interconnected world & 2. the architecture of the Internet.
To further privacy, we shouldn't resist these. We need solutions to move w/in these realities.
Data localization/residency will not save you.
Technically-there is a fine distinction between the two but most people don't appreciate these distinctions & use them interchangeably.
Data localization = data must stay in country
Data residency = data must be stored in country
Technically-there is a fine distinction between the two but most people don't appreciate these distinctions & use them interchangeably.
Data localization = data must stay in country
Data residency = data must be stored in country
So what are we talking about: localization or residency?
Schrems: definitely localization
TikTok: who *really* knows? Bc I'm pretty sure the folks screaming about TikTok don't know there's a difference.
Schrems: definitely localization
TikTok: who *really* knows? Bc I'm pretty sure the folks screaming about TikTok don't know there's a difference.
Oracle will have a US based infrastructure. Residency? 
Localization?
Will Bytedance still be able to ACCESS TikTok Global data? Maybe? We don't really know yet. TikTok could voluntarily hand it over or a majority stake might be enough for Chinese intelligence law to apply.
Localization?
Will Bytedance still be able to ACCESS TikTok Global data? Maybe? We don't really know yet. TikTok could voluntarily hand it over or a majority stake might be enough for Chinese intelligence law to apply.
With TikTok, it appears to be motivated by concerns traditionally associated with localization - but the solution seems to be focused on residency.
PRIVACY smoke and mirrors.
PRIVACY smoke and mirrors.
If the EU *really* cared about localization as a method to further privacy, we'd see inquiries about Facebook's data transfers to other countries with vast surveillance laws, not just the US. Instead, it's focused on the US.
It's not about privacy–it's about power over Facebook.
It's not about privacy–it's about power over Facebook.
Maybe the conversation will shift in that direction, but I doubt it. For Schrems, it's personal.
This is what is driving privacy folks nuts. WE *CARE* ABOUT PRIVACY.
Stop using the thing I care about as a sword to further your agenda. If you're going to do privacy–do it right.
This is what is driving privacy folks nuts. WE *CARE* ABOUT PRIVACY.
Stop using the thing I care about as a sword to further your agenda. If you're going to do privacy–do it right.
Let's actually make corporations do privacy work that actually enhances individuals' privacy.
Otherwise you're just doing privacy a huge disservice.
Otherwise you're just doing privacy a huge disservice.
Happy to rant more about this, but for now...
Thank you for coming to my TEDrant x Privacy.
Thank you for coming to my TEDrant x Privacy.
