什么是安全港？ (What Was Safe Harbor?)

The US-EU Safe Harbor laws declared US soil as a safe location for user data to fulfill the European Privacy Directive. In a nutshell: this was the only reason any modern internet service could keep their primary user data in the United States on services like Amazon EC2 or Heroku.

美国-欧盟安全港法律宣布美国土壤为用户数据实现欧洲隐私指令的安全场所。 简而言之：这是任何现代互联网服务都可以在Amazon EC2或Heroku等服务上将其主要用户数据保留在美国的唯一原因。

In essence Safe Harbor was a self assessment that an American company could sign to make itself subject to the European Data Protection Directive. At least in principle. Practically very few US companies cared about privacy which is probably a big reason why we ended up in this situation right now. The second one is the NSA surveillance but I want to cover this in particular separately a bit later.

本质上，Safe Harbor是一种自我评估，美国公司可以签署自我评估使其服从欧洲数据保护指令。 至少在原则上。 几乎没有美国公司关心隐私，这可能是我们现在陷入这种情况的重要原因。 第二个是NSA监视，但我想稍后再单独讨论。

发生了什么变化？ (What Changed?)

Maximillian Schrems, an Austrian citizen, has started an investigation into Facebook and its data deletion policies a while ago and been engaging with the Irish authorities on that matter ever since. The Irish rejected the complaint because they referred to the Safe Harbor act. What changed now is that the European Court of Justice ruled the following:

奥地利公民马克西米利安·施雷姆斯（Maximillian Schrems）不久前已开始对Facebook及其数据删除政策进行调查，并从那时起一直与爱尔兰当局进行接触。 爱尔兰人拒绝了申诉，因为他们提到了安全港法案。 现在发生的变化是欧洲法院做出以下裁决：

In today’s judgment, the Court of Justice holds that the existence of a Commission decision finding that a third country ensures an adequate level of protection of the personal data transferred cannot eliminate or even reduce the powers available to the national supervisory authorities under the Charter of Fundamental Rights of the European Union and the directive.

在今天的判决中，法院认为，委员会裁定存在第三国确保对所传输的个人数据提供足够水平的保护的裁决，并不能消除甚至削弱《基本宪章》赋予国家监管当局的权力。欧盟的权利和指令。

[…]

[…]

For all those reasons, the Court declares the Safe Harbour Decision invalid. This judgment has the consequence that the Irish supervisory authority is required to examine Mr Schrems’ complaint with all due diligence and, at the conclusion of its investigation, is to decide whether, pursuant to the directive, transfer of the data of Facebook’s European subscribers to the United States should be suspended on the ground that that country does not afford an adequate level of protection of personal data.

出于所有这些原因，法院宣布“安全港裁决”无效 。 该判决的结果是，爱尔兰监管机构必须尽一切努力调查Schrems先生的投诉，并在调查结束时决定是否根据指令将Facebook欧洲用户的数据转移给美国应以该国未提供足够水平的个人数据保护为由而被暂停。

The detailed ramifications of this are a bit unclear, but if you were relying on Safe Harbor so far, you probably have to move servers now.

对此的详细影响尚不清楚，但是到目前为止，如果您依赖安全港，则可能现在必须移动服务器。

为什么安全港有用？ (Why Was Safe Harbor Useful?)

So if you take the internet three years ago (before the Ukrainian situation happened) the most common of legally running an international internet platform as a smallish startup was to put the servers somewhere in the US and fill out the safe harbor self assessment every 12 months.

因此，如果您三年前（在发生乌克兰局势之前）使用互联网，那么作为一家规模较小的初创公司，合法运行国际互联网平台的最常见做法是将服务器放置在美国某处，并每12个月填写一次安全港自我评估。

To understand why that was a common setup you need to consider why it was chosen in the first place. The European Data Protection Directive came into effect quite a long time ago. It’s dated for the end of 1995 and required user data to be either stored in EFTA states or optionally in another country if it can be ensured that the same laws are upheld. This is what safe harbor did. In absence of this, all data from European citizens must be stored on European soil.

要了解为什么这是常见的设置，您需要考虑为什么首先选择它。 欧洲数据保护指令早已生效。 它的日期为1995年底，并且如果可以确保遵守相同的法律，则要求将用户数据存储在EFTA州或可选的其他国家/地区。 这就是安全港所做的。 否则，所有来自欧洲公民的数据都必须存储在欧洲土壤中。

After the Ukrainian upraising and after Crimea fell to the Russian Federation a few things changed. International sanctions were put up against Russia and Russia decided to adopt the same provision as the European Union: Russian citizen’s data has to be stored on Russian servers. This time however without an option to get exceptions to this rule.

在乌克兰人暴涨之后和克里米亚沦陷到俄罗斯联邦之后，发生了一些变化。 对俄罗斯实施了国际制裁，俄罗斯决定采用与欧盟相同的规定：俄罗斯公民的数据必须存储在俄罗斯服务器上。 但是这一次没有选择获取该规则例外的选项。

It’s true that the US do not yet have a provision that requires US citizen data to be stored in the States, but this is something that has been discussed in the past and it’s a requirement for working with the government already. However with both Russia and Europe we now have two large international players that set the precedent and it can only get worse from here.

的确，美国还没有要求将美国公民数据存储在美国的规定，但这是过去已经讨论过的事情，并且已经是与政府合作的要求。 但是，对于俄罗斯和欧洲而言，我们现在都有两个大型国际公司树立了先例，而且从这里只会变得更糟。

隐私与数据控制 (Privacy vs Data Control)

The core of the issue currently is that data is considered power and privacy is a secondary issue there. While upholding privacy is an important and necessary goal, we need to be careful to not forget that the European countries are not any better. While it’s nice to blame the NSA for world wide surveillance programs, we Europeans have our own governmental agencies that act with very little supervision and especially in the UK operate on the same invasiveness as in the US.

当前问题的核心是数据被认为是功能，而隐私是次要问题。 维护隐私是一项重要且必要的目标，但我们需要注意不要忘记欧洲国家并没有任何改善。 尽管将NSA的全球监视计划归咎于我们很高兴，但我们欧洲人拥有自己的政府机构，这些机构的行为很少受到监管，尤其是在英国，其行为与美国一样具有侵略性。

A European cloud provider will have to comply with local law enforcement just as much as an American cloud provider will have to be with federal US one. The main difference just being the institutions involved.

欧洲云提供商必须遵守当地法律，就像美国云提供商必须遵守美国联邦法律一样。 主要区别只是所涉及的机构。

The motivation for the Russian government is most likely related to law enforcement over privacy. I’m almost sure they care more about keeping certain power over companies doing business in Russia to protect themselves against international sanctions than their citizens privacy.

俄罗斯政府的动机很可能与隐私保护执法有关。 我几乎可以肯定，与公民的隐私相比，他们更关心对在俄罗斯开展业务以保护自己免受国际制裁的公司拥有一定的权力。

数据位置和个人数据 (Data Locality and Personal Data)

So what exactly is the problem with storing European citizens data in Europe, data of Americans in the states and the data of Russians somewhere in the Russian Federation? Unsurprisingly this is a very hard problem to solve if you want to allow people from those different countries to interact with each other.

那么，在欧洲存储欧洲公民数据，在各州的美国人数据以及在俄罗斯联邦某处的俄罗斯人数据到底有什么问题呢？ 毫不奇怪，如果您想允许来自不同国家的人们相互交流，这将是一个非常棘手的问题。

Let’s take a hypothetical startup here that wants to build some sort of Facebook for climbers. They have a very niche audience but they attract users from all over the world. Users of the platform can make international friendships, upload their climbing trips, exchange messages with each other and also purchase subscriptions for “pro” features like extra storage.

让我们在这里假设一个想要为登山者建立某种Facebook的初创公司。 他们的受众非常小众，但吸引了来自世界各地的用户。 该平台的用户可以建立国际友谊，上传自己的登山旅行，彼此交流信息，还可以购买“专业”功能的订阅，例如额外的存储空间。

So let’s say we want to identify Russians, Americans and Europeans to keep the data local to each of their jurisdictions. The easy part is to set up some servers in all of those countries and make them talk to each other. The harder part is to figure out which user belongs to which jurisdiction. One way would be to make users upload their passport upon account creation and determine their main data center by their citizenship. This obviously would not cover dual citizens. A Russian-American might fall into two shards on a legal basis but they would only opt into one of them. So let’s ignore those outliers. Let’s also ignore what happens if the citizenship of a user changes because that process is quite involved and usually takes a few years and does not happen all that commonly.

因此，假设我们要识别俄罗斯人，美国人和欧洲人，以将数据保留在各自辖区的本地。 最简单的部分是在所有这些国家/地区中设置一些服务器，并使它们彼此通信。 最难的部分是弄清楚哪个用户属于哪个管辖区。 一种方法是让用户在创建帐户时上载护照，并根据国籍确定其主要数据中心。 这显然不能涵盖双重公民。 俄裔美国人可能会在法律上分成两个碎片，但只能选择其中一个。 因此，让我们忽略那些离群值。 让我们也忽略如果用户的公民身份发生变化会发生什么，因为该过程涉及到很多时间，通常需要几年时间，而且不会普遍发生。

Now that we know where users are supposed to be stored, the question is how users are supposed to interact with each other. While distributed databases exist, they are not magic. Sending information from country to country takes a lot of time so operations that affect two users from different regions will involve quite a bit of delay. It also requires that the data temporarily crosses into another region. So if an American user sends data to a Russian user, that information will have to be processed somewhere.

现在我们知道应该将用户存储在哪里，问题是用户应该如何进行交互。 尽管存在分布式数据库，但它们并不是魔术。 从一个国家到另一个国家发送信息需要花费大量时间，因此影响来自不同地区的两个用户的操作将涉及很多延迟。 它还要求数据临时进入另一个区域。 因此，如果美国用户向俄罗斯用户发送数据，则必须在某处处理该信息。

The problem however is if the information is not temporarily in flux. For instance sending a message from Russia to America could be seen as falling as being a duplicated message that is both intended for the American and Russian jurisdiction. Tricker it gets with information that cannot be directly correlated to a user. For instance what your friends are. Social relationships can only be modelled efficiently if the data is sufficiently local. We do not have magic in computing and we are bound to the laws of physics. If your friends are on the other side of the world (which nowadays the most likely are) it becomes impossible to handle.

但是，问题在于信息不是暂时变化的。 例如，从俄罗斯向美国发送消息可能被视为重复发送给美国和俄罗斯司法管辖区的消息。 可以将无法与用户直接关联的信息发布给它。 例如您的朋友是什么。 如果数据足够本地化，则只能有效地建立社会关系模型。 我们在计算中没有魔力，我们必须遵守物理定律。 如果您的朋友在世界的另一端（如今最有可能）将变得无法应付。

Credit card processing also falls in to this. Just because you are British does not mean your credit card is. Many people live in other countries and have many different bank accounts. The data inherently flows from system to system to clear the transaction. Our world is very connected nowadays and the concept of legal data locality is very much at odds with the realities of our world.

信用卡处理也属于此。 仅因为您是英国人，并不意味着您的信用卡就是。 许多人居住在其他国家，并且拥有许多不同的银行帐户。 数据固有地在系统之间流动以清除事务。 当今世界与世界紧密相连，法律数据本地化的概念与当今世界的现实大相径庭。

The big cloud services are out, because they are predominantly placed in the US. Like it or not, Silicon Valley is many, many years ahead of what European companies can do. While there are some tiny cloud service providers in Europe, they barely go further than providing you with elastically priced hardware. For European startups this is a significant disadvantage over their American counterparts when they can no longer use American servers.

大型云服务已经淘汰，因为它们主要位于美国。 不管喜欢与否，硅谷比欧洲公司能做的事要长很多年。 尽管欧洲有一些小型的云服务提供商，但它们仅能为您提供价格弹性的硬件而已。 对于欧洲的初创企业来说，当它们无法再使用美国服务器时，这是一个相对于美国同行的显着劣势。

隐私而不是数据位置 (Privacy not Data Locality)

The case has been made that this discussion is not supposed to be about data locality but about privacy. That is correct for sure, but unfortunately data centers fall into the jurisdiction of where they are placed. Unless we come up with a rule where data centers are placed on international soil where they computers within them are out of government’s reach, a lot of this privacy discussion is dishonest.

已经提出的理由是，该讨论不应与数据局部性有关，而应与隐私有关。 可以肯定，这是正确的，但不幸的是，数据中心属于其放置地的管辖范围。 除非我们提出一个规则，将数据中心放置在国际土壤上，而其中的计算机不在政府的控制范围内，否则很多此类隐私讨论都是不诚实的。

What if the bad player are the corporates and now the governments? Well in that case that was the whole point of safe harbor to begin with: to enforce stricter privacy standards on foreign corporations for European citizens.

如果坏人是公司，现在是政府，该怎么办？ 在那种情况下，这就是安全港的全部出发点：对欧洲公民的外国公司实施更严格的隐私标准。

如何遵守？ (How to Comply?)

Now the question is how to comply with what this is going into. These new rules are more than implementable for Facebook size corporations, but it is incredibly hard to do for small startups. It’s also not quite clear what can and what cannot be done with data now. At which point data is considered personal and at which point it is not, is something that differs from country to country and is in some situations even not entirely clear. For instance according to the UK DPA user relationships are personal information if they have “biographical significance”.

现在的问题是如何遵守这一要求。 这些新规则对于Facebook规模的公司而言不但可以实施，但对于小型初创公司而言却很难做到。 现在还不清楚数据可以做什么和不能做什么。 在什么时候数据被认为是个人数据，而在什么时候它不是数据，这是因国家而异的，并且在某些情况下甚至还不是很清楚。 例如，根据英国DPA，如果用户关系具有“传记意义”，则它们是个人信息。

分离的世界 (A Disconnected World)

What worries me is that we are taking a huge step back from an interconnected world where people can share information with each other, to more and more incompatible decentralization. Computer games traditionally have already enforced shards where people from different countries could not play together because of legal reasons. For instance many of my Russian friends could never play a computer game with me, because they are forced to play in their own little online world.

让我担心的是，我们正在从互联互通的世界迈出一大步，在这个互联互通的世界中，人们可以彼此共享信息，而分散的权力越来越分散。 传统上，计算机游戏已经强制执行分片操作，由于法律原因，不同国家的人不能一起玩。 例如，我的许多俄罗斯朋友无法与我一起玩电脑游戏，因为他们被迫在自己的小网络世界中玩。

Solutions will be found, and this ruling will probably have no significance for the average user. Most likely companies will ignore the ruling entirely anyways because nobody is going to prosecute anyone unless they are Facebook size. However that decisions of this magnitude are made without considering the technical feasibility is problematic.

将会找到解决方案，并且该裁决对于普通用户可能没有意义。 最有可能的公司无论如何都会完全忽略该裁定，因为除非他们拥有Facebook的规模，否则没人会起诉任何人。 然而，在不考虑技术可行性的情况下做出如此大的决定是有问题的。

解决方法 (The Workaround)

For all intents and purposes nothing will really change for large companies like Facebook anyways. They will have their lawyers argue that their system cannot be implemented in a way to comply with forcing data to live in Europe and as such will refer to Article 26 of the Data Protection Directive which states that personal data to an untrusted third country on either a user given consent to this or there being a technical necessity for fulfilling the contract between user and service provider. The TOS will change, the lawyers will argue and in the end the only one who will really have to pick up the shards are small scale companies which are already overwhelmed by all the prior rules.

无论如何，对于像Facebook这样的大公司来说，什么都不会真正改变。 他们将让律师辩称，他们的系统无法以强制数据在欧洲存在的方式实施，因此将参考《数据保护指令》第26条，该条规定将个人数据发送至不受信任的第三国用户对此表示同意，或者在技术上有必要履行用户与服务提供商之间的合同。 律师们会争辩说，服务条款将发生变化，最后唯一真正需要选择的就是那些已经被所有先前的规则所​​淹没的小型公司。

Today does not seem to be a good day for small cloud service providers.

对于小型云服务提供商而言，今天似乎不是一个好日子。