Slashdot Mirror

← Back to Stories (view on slashdot.org)

EU Privacy Directive — Coming To the US?

Posted by Zonk on from the enjoy-your-privacy-citizen-it's-the-law dept.

An anonymous reader writes "An article over at ComputerWorld implies that the EU Privacy Directive, or something like it, will soon be signed into law here in the USA. The author seems to think this is a good thing, but I'm not so sure. From the article: 'We've finally come to realize that self-regulation by industry hasn't worked. The states have stepped in, creating the same situation of conflicting regulation that led to the creation of the EU privacy directive. The only question now is if the law that comes out of Congress will be a small step strictly focused on breaches, such as S.239, or whether we take the bigger step of forming a permanent committee under the FTC to monitor privacy as outlined by S.1178. Either way, the U.S. is finally moving away from the fractured environment of the past and toward a comprehensive privacy strategy.' Is it time for a national privacy law or 'Privacy Czar', or are we better off letting things be?"

5 of 180 comments (clear)

  1. By the time this thing... by Anonymous Coward · · Score: 5, Insightful

    ...ever makes it into US law (if ever), it will be so watered down and ineffective that it might as well not even exist. The corporations who now run the USA will not stand for it.

  2. Re:Is it just me by WrongSizeGlass · · Score: 5, Funny

    or has this whole "Czar" thing been way overused. Yes. Yes it has.

    I believe Czar is a Native American word meaning destined for failure.
  3. It is already "watered down..." by msauve · · Score: 5, Insightful
    if you read the bill, it's nothing like the EU privacy laws. The EU laws protect a person's privacy, requiring their permission to disclose personal information (among other things).

    The US bill does nothing to prevent a corporation from deliberately disclosing whatever they want to whomever they want - it's focused exclusively on securing those transactions from third parties.

    The law is summed up in this paragraph:

    A covered entity shall develop, implement, maintain, and enforce a written program for the security of sensitive personal information the entity collects, maintains, sells, transfers, or disposes of, containing administrative, technical, and physical safeguards

    I have a thing about my Social Security number - I only give it to those who require it to fulfill legal mandates. That includes my employer, who has decided (without my permission, and despite my express denial) to give it to a health care provider. This proposed law does nothing to prevent that.

    I want them to be prevented from "selling or transferring" my confidential information, without my voluntary consent (no consent as a condition of employment, etc.).
    --
    "National Security is the chief cause of national insecurity." - Celine's First Law
  4. Re:Is it just me by PhxBlue · · Score: 5, Funny

    I believe Czar is a Native American word meaning destined for failure.

    Y'know, based on my knowledge of history, I'd have to guess it means the same thing in Russian.

    --
    !#@%*)anks for hanging up the phone, dear.
  5. Re:Gaaah!! Go, go fist of death! by emm-tee · · Score: 5, Informative

    No, I do not want the government monitoring my privacy. That is the exact opposite of privacy. You don't understand (or maybe you are a troll). The government doesn't monitor the individual. This is a set of rules to limit what organisations can do with information about individuals.

    I know almost nothing about the EU Privacy Directive, but I think the UK's Data Protection Act implements all or part of it, and I have a basic understanding of this. Please note my knowledge is very limited, there may be factual errors in my post, I'm not a lawyer.

    The Data Protection Act restricts what an organisation can do with any personal data (such as your address), which it processes.

    For example, the organisation:
    • can only use your data for the purposes stated when you gave them the data.
    • cannot keep much more data than is necessary for the purpose stated.
    • cannot pass your data on to a third party without your permission (this means that I get no junk post at all).
    • must ensure that any data they hold on you is accurate.
    • is not allowed to hold the information for longer than is necessary.
    • must keep the data secure.
    • may not export your data to a place where it is subject to less stringent privacy rules.
    • must provide you a copy of any data they have on you for a small fee (this is what allows people to request copies of closed-circuit television tapes they may appear in).


    See http://www.direct.gov.uk/en/RightsAndResponsibilit ies/DG_10028507 for more information.