Only as a side note, the German speaking countries have also a system where books are not allowed to be sold below the price set by the publisher. Nothing new here.
Well, auto connect for encryption less wifis is a clear way to get MITM attacked.
But even with encryption the way Wifi work your device will broadcast all networks it tries to autoconnect. An most mobile devices that's equal to "known networks".
It's insane because it distributes data that is unnecessary.
Depending upon how "hackable" the WLAN is, if an unauthorized person accesses it, it gives the first clue what to enter in all these address boxes online.
Ok, somebody mentioned being able to contact the responsible person if there is an issue. Now that kind of presumes that the typical operator of a home wifi spot knows how to fix the issue or even can fix the issue (it's incredible what kind of trash is being sold nowadays as a wifi router, and in some cases it's the ISP that provides you the router. These are usually even trashier than what users buy on their own).
Well, who cares about that irrelevant book?
That makes one wonder, why these gits did not call AWS support to have their account completely locked down first?
Well, it's about US companies not following EU laws. It's not about spying agencies.
Got even worse news, yes it's illegal, just not by US laws. And if they do it outside of the US, it becomes illegal, if the local laws don't have loophole. In many cases such loopholes might exist, but in some, where in the past the NSA and local buddies relied more on secrecy, it might be actually criminal.
The question is of enforcing stuff, which funnily, the EU High Court is probably one of the places where this might hurt even the US (basically, even US-friendly Politicians that like to snoop on their own citizens cannot just ignore any rulings coming from them, and the EU Court has been known in the past just to follow the law. Sucks that Privacy is a basic human right.)
Hint, using tax heavens is not as simple.
The IRS have it's own idea what's okay or not.
Going through a number of countries, "First World" countries to be exact what makes this feasible. Because for the IRS, their "contact" is in Ireland. Ireland has a number of interesting regulations, as many other countries.
Dealing directly with a "low taxation" place is usually a no go, you invite problems, the nicest would be an extreme level of auditing from your local tax authorities. Instead you invoice stuff multiple times, at each step removing the taxable income away from the place where the authorities care, to a place where they are happy for some tiny fees.
E.g. our local politicians had the curious idea to shift a number of burdens onto entities doing business with tax havens. Interestingly that did not raise any objections, OTOH, a number of people in industries known for jurisdiction shopping anyway commented "well, that means one invoice more, and one UK Ltd. more, sigh."
So yes, US companies can use other tax dodges, but getting kicked out of the EU could mean still some pain.
It's not about the spy agencies. It's about US companies having a business model that is very very edge case in relationship to EU privacy laws.
Now the US companies promised to follow EU regulations voluntarily to be allowed to transfer data from the EU to the US. This guy basically has proven that Facebook (just one random example) does not even the business processes setup to to comply with EU laws. And now it has reached a new level, because they basically said that the Safe Harbour Agreement cannot work at all, because the legal environment in the US is incompatible. That's where the NSA comes in, but only on the sidelines, as one of the things that make the SHA not workable.
It's not about the spy agencies.
There are many many things in the US legal environment that make it incompatible with EU privacy laws.
Nope, fascinatingly, this is not about the NSA as such.
The issue is that for many reasons, US companies cannot implement European standards in data privacy laws. That starts from some lowly county judge issuing subpoenas and at the other end you've got the "America uber alles" chanting federal intelligence apparatus, e.g. NSLs, all kind of regulations in the Patriot Act, giving Teleco providers retroactively immunity for cooperating with the government, and so on.
So now we've got the situation where there is a law that all cars sold need to have seat belts. (privacy) But US companies are allowed to sell cars without seat belts, because they claim that they equivalent protection, because their local guru has prayed for the safety of their customers. (Safe Harbor Agreement). Now somebody has decided to call a spade a spade, and mentioned in the correct forum, that a prayer by whatever guru cannot fulfil the safety regulation in any possible way. (That's the kid that cried that the Emperor is naked.)
Worst from the "Postprivacy" faction is that EU Court has been known to issue rulings in the past that pissed of politicians, just because it's the law. And privacy is a basic human right in the EU treaties. The fact that it's inconvenient for the US companies or many Politicians (whose are seldom champions of privacy, well they only become privacy advocates when it comes to their own privacy) is not really very relevant in the context of a basic right.
Actually, the US don't get the concept of privacy as it's understood in the EU.
And basically all EU members have legislation about privacy on the books, because it's rooted in the EU data protection directive (basically, that's how the EU legal process works, and in any EU member not having legislation on the books fulfilling the requirements of the directive, the directive becomes directly applying law).
The only thing currently is that the implementation of the law and it's enforcement are done at the member country level, which means that some edge cases might be handled differently in each country. Plus the fines for illegal conduct are usually so tiny, that for international companies paying them is an rounding error in accounting.
That's what the current privacy discussion in the EU is about, moving the implementation of data protection (aka Privacy) laws to the EU level, basically meaning it's the same everywhere, plus adding fines that are big enough that they might make a dint in a balance sheet.
Well, stopping to spy won't be enough. It's that "US security complex uber alles" tune that would need to be stopped, but D.C. seems to like that perfectly fine.
Worse, if the question ever ends up before the EU Court, I'm almost certain that it would not look very favourable on this "everything outside Germany is external for purposes of surveillance" idea (substitute Germany for the your favourite EU member country), considering that the "Common Market" makes exactly that thought forbidden by default. As in, you need a very very good reason, and claiming national security might not get you far in the context of an European Court.
Well, first of all, it's about declaring an obvious fabrication as such (that an US company can, even they wanted to, comply with EU regulations, which US courts have ruled they are not allowed to, so it's obviously a fairy tale). That completely leaves the situation open concerning government aided spying, which by the way, European governments have been trying under cover. Well, vermin likes it dark.
On a commercial side, currently the situation is completely unsatisfactorily: European companies are forced to deal with privacy issues (privacy is a human right written into the EU treaties), while US companies are allowed basically to ignore the rules. So either enforce privacy rules against all comers, or get rid of the limitations on the EU IT industry.
What this might mean is that US companies will have to disassociate themselves rather strongly from their EU subsidiaries so that US courts cannot enforce US "national security laws" against them. (Hint, US companies had no problems supporting Nazi-Germany, creating the necessary legal separation. Google Dehomag if you don't believe me.)
The funny part here is, that the European High Court has had, in the past more than once kicked ass, by enforcing European law over convenient national law in the past (e.g. it has basically killed data retention no matter what the politicians wanted), and Privacy is a basic human right which means that simple economic considerations are irrelevant.