Slashdot Mirror

← Back to Stories (view on slashdot.org)

EU Data Protection Could Clamp Data Flows

Posted by timothy on from the verklampt dept.

Pointing to this Financial Times article, an unnamed reader excerpts: "'The wide-ranging directive aims to protect data about EU citizens against misuse worldwide. It is backed by the power to cut off data flows to countries that the EU judges not to have adequate data protection rules and enforcement.'"

5 of 174 comments (clear)

  1. The USA is already doing this by Tor · · Score: 5

    USA already has extraterritorial laws of this nature. For instance, one law enacted circa 1997 says that any US citizen has the right to sue anyone from anywhere that does business with a Cuban entity (specifically, a Cuban entity which uses native Cuban resources that the US citizen considers his or hers). Not only that, but the lawsuit would take place in a US court.

    Another one is the US law which prohibits trade with nations that the US considers to have "inadequate" copyright protections.

    This legislation by the EU has been mentioned in Slashdot earlier, before it was temporarily shelved due to US pressure. The status quo is that US organizations like Microsoft can easily build up a vast array of information on citizens in, say, Germany, whereas German companies are prohibited from doing the same due to privacy protection laws. Hence, this law which applies the same standard to everyone who does "business" with Germans.

  2. Data Protection Legislation by The+Trinidad+Kid · · Score: 4

    First up, I have registered a number of organisations under the UK data protection act, work for a major UK bank, and am a politician manque so I know what I'm talking about.

    The data protection regulations affect:
    (1) the storing of information about an individual in an electronic format which can be accessed via indexes.
    (2) the storing of information about an individual in non-electronic format but with electronic indexes by which it can be searched and collated.

    Data Protection regulations require an individual to give informed consent for any use of data that they provide. The customer relationship is protected (ie any organisation can legitimately keep data collected by them about thier clients).

    This is a good thing, it protects the customers data - in databases. It does not affect data packets in transfer, or other non-indexed/databased information.

    However if I take data from a customer and that customer indicates to me that I may make that information available to other bodies I can only pass that information over to those bodies under the condition that they respect the customer wishes. To this extent Data Protection legislation is viral like open source licenses. I, the customer, make my information available to you for you to do certain things with. If I permit you to distribute it, you may do so provided that my wishes are respected.

    The US is not regarded by the EU as having appropriate Data Protection regulations (we think your money laundering regulations are weak as well).

    --
    http://scottish.politicaldiscussion.org
  3. "Cutting off" is incorrect by Animats · · Score: 5
    That's just alarmist. All the EU Data Protection Directive affects is privacy of personal data, data that has somebody's name, address, etc. attached. If you collect such data within the EU, you can't use it in ways the owner of the data (by law, the person mentioned) didn't specifically approve. To make this enforceable, the EU prohibits getting around the EU rules by sending such data to areas with weaker rules, unless there's an enforceable agreement in place to protect the data while it's outside the EU. The EU has had rules in this area since 1981, and the current rules date from 1995. So this is old stuff in the EU. US complaints are mostly whining by the Direct Marketing Association. Even the DMA, though, points out that companies which actually comply with the DMA's own "principles" don't have real problems. What scares them is that the EU Directive has enforcement power behind it. If a company misuses your personal data, it might be denied the right to maintain files of personal data at all.

    Basically, it put a lid on most slimy marketing practices that misuse personal data. Too many US companies are used to getting away with this, and much of the direct mail industry depends on it.

    But it has zero effect on open source or anything like that.

  4. Re:We need some international treaties by YKnot · · Score: 4

    The directive isn't primarily aimed at the internet. It's about what companies are allowed to do with information on the net as well as outside of it. The main aspect is data gathered by financial institutions. That's mostly a non-internet thing.
    Europe has a different, more restrictive view on protection of person-related information. Companies are trying to evade the restrictions by moving data across the border and having it processed by non-european companies. The regulation tries to stop this malpractice.
    The EU has been accused of trying to impose laws beyond its frontiers. The regulation does not tell non-EU companies how they may handle data. It tells EU companies how they must not use data and forbids exporting that data to circumvent the law. This is not even close to the US pushing the DMCA beyond US territory.

  5. 'bout time the EU do this... by nz_mincemeat · · Score: 4

    Draconian from first glance, but it is indeed the best way to safeguard EU citizens' privacy (at least against entities outside the EU nations). Similar to the "ultimate form of security" - disconnecting the computer and bury it under meters of concrete (in terms of concept, effectiveness and amount of inconvenience caused.)

    As for the U.S. diplomatic feathers being ruffled - it's about time somebody/something stood up to their schoolyard-bully style of foreign policy.

    First the Kyoto accords, then the Spy Plane "accident"... all within three months!