Slashdot Mirror

← Back to Stories (view on slashdot.org)

EU Data Protection Could Clamp Data Flows

Posted by timothy on from the verklampt dept.

Pointing to this Financial Times article, an unnamed reader excerpts: "'The wide-ranging directive aims to protect data about EU citizens against misuse worldwide. It is backed by the power to cut off data flows to countries that the EU judges not to have adequate data protection rules and enforcement.'"

2 of 174 comments (clear)

  1. The USA is already doing this by Tor · · Score: 5

    USA already has extraterritorial laws of this nature. For instance, one law enacted circa 1997 says that any US citizen has the right to sue anyone from anywhere that does business with a Cuban entity (specifically, a Cuban entity which uses native Cuban resources that the US citizen considers his or hers). Not only that, but the lawsuit would take place in a US court.

    Another one is the US law which prohibits trade with nations that the US considers to have "inadequate" copyright protections.

    This legislation by the EU has been mentioned in Slashdot earlier, before it was temporarily shelved due to US pressure. The status quo is that US organizations like Microsoft can easily build up a vast array of information on citizens in, say, Germany, whereas German companies are prohibited from doing the same due to privacy protection laws. Hence, this law which applies the same standard to everyone who does "business" with Germans.

  2. "Cutting off" is incorrect by Animats · · Score: 5
    That's just alarmist. All the EU Data Protection Directive affects is privacy of personal data, data that has somebody's name, address, etc. attached. If you collect such data within the EU, you can't use it in ways the owner of the data (by law, the person mentioned) didn't specifically approve. To make this enforceable, the EU prohibits getting around the EU rules by sending such data to areas with weaker rules, unless there's an enforceable agreement in place to protect the data while it's outside the EU. The EU has had rules in this area since 1981, and the current rules date from 1995. So this is old stuff in the EU. US complaints are mostly whining by the Direct Marketing Association. Even the DMA, though, points out that companies which actually comply with the DMA's own "principles" don't have real problems. What scares them is that the EU Directive has enforcement power behind it. If a company misuses your personal data, it might be denied the right to maintain files of personal data at all.

    Basically, it put a lid on most slimy marketing practices that misuse personal data. Too many US companies are used to getting away with this, and much of the direct mail industry depends on it.

    But it has zero effect on open source or anything like that.