Slashdot Mirror
New EU Legal Privacy Framework: We're Not Kidding
An anonymous reader writes "Viviane Reding, Vice-President of the European Commission announced today a new regulation for data privacy in Europe (PDF) in replacement of a 1995 Directive. Recently, privacy laws have been under a lot of criticism for their practical inability to ensure a high level of protection to EU citizens. The new data privacy framework will bring a lot of changes: 24 hours security breach notifications, mandatory security assessments, end of notifications to local data privacy agencies, mandatory data protection officers and huge administrative fines: up to 2% of the annual worldwide turnover (that would have meant $1.2 Billion for Microsoft in 2008). Indeed that's 'the necessary "teeth" so the rules can be enforced.'"
Where do I sign up to vote "yes please"?
No sig today...
No it can't just be ignored. If these laws pass, every EU country will be forced to implement them. The European Commission has very sharp teeth indeed on stuff like this, and does not take kindly to companies trying to ignore its rules.
I agree, but for a different reason. ACTA. This says that have to keep stuff secret, or not keep it, and ACTA says they have to keep it, and give it to the *IAAs. The media industry will not want this loophole.
The article could be misinterpreted to mean this is a done deal as is.
O2 must be glad they made their massive screw up before this came into effect...
Are these same rules going to apply to the EU, the member governments, and municipalities as well? Of course, collecting that 2% would be just book keeping ...
is it that bad seein a hot chick again? if i see a hot chick walkin down the hall i dont say "repost"
How is any of this going to protect you from the police?
It won't (well, on the basis of what the summary says) but they're surely not the only threat.
"Little does he know, but there is no 'I' in 'Idiot'!"
Transferring personal data from inside the EEA to places outside like the US, where there are not such strong data protection rules, requires either the subject's consent or certain specific guarantees under a safe harbour agreement. Otherwise taking the data out is already illegal.
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
That's roughly what a lot of people said before the EU went after Microsoft for anti-competitive behaviour, too. More than $1,000,000,000 in fines for defying sanctions later, those people had changed their tune.
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
Well the obvious answer is that they can't if it really has no EU ties, just like they can't do anything about sites outside the EU hosting child porn currently.
But that's just the way the world works, it's designed with that knowledge, but it wont protect companies like Facebook, Google, Apple etc. as they do have a prescence, and even if they withdrew that prescence they could potentially still harm those companies by preventing EU firms advertising with them for example.
I'm sure firms will argue it'll cause some competitive disadvantage, but I'm not convinced that's true- I'd argue the opposite if anything, users across the globe should feel far more comfortable using companies that adhere to these rules, than those that don't.
So I don't really see how it'll be a failure, it'll force all major online firms to adhere to it because they do have an EU prescence, and from there anyone else that doesn't comply will have the disadvantage of being much less attractive to customers. Who wants their data held by some fly by night company that has no restrictions on what it can do with that data when they can instead use a company with more ethical rules surrounding what it can and will do with your data?
In the same way that U.S. authorities enforced the warrant against MegaUpload (HK based company, owned by german-finnish citizen currently residing in NZ ...): Uni-, bi-, multiliteral contracts, I guess.
But I fear for our good-but-still-not-enough german laws. I'll bet they'll be watered down to a great degree.
Perhaps you haven't noticed, but being associated with Big Media is pretty much toxic for politicians right now.
Oh, and also in case you hadn't noticed, the EU hasn't actually signed ACTA yet. Technically they have until March next year, IIRC, though I expect someone will try to sneak it through in the very near future before the politicians realise it's too close to SOPA and PIPA (in some respects) and likely to cause similar grief.
Also, while the European Commission (the unelected guys who seem to be behind the secret negotiations) still publicly support ACTA, whether they can get it through the European Parliament (the elected guys who recently got new teeth under the Lisbon Treaty and seem to be enjoying exercising their powers) is a different question.
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
Big Fines should go to the users harmed, not the State. A corporate screw-up should be punished, but the money shouldn't be flushed down some bureaucratic hole.
Also - who is responsible for the fine if the breach is due to "off the shelf" software?
This issue is a bit more complicated than you think.
No law like this will be passed on EU level unless it is absolutely certain that the core countries will adapt it without fuss.
Funny thing: some rights, you cannot sign away. So the EULA is irrelevant. For example, no contract of indentured servitude is legal. In the same way, you cannot sign away your right to privacy.
It is completely within their remit. The part of the company paying is EU-based, but the fine is calculated based on worldwide activities.
In most of Europe, we don't vote for judges. They are appointed and are quite immune to lobbyists. Also, most of Europe has a civil law system, and under that system, the laws do not get "interpreted" by the judges...
It is a bug of the American system that judges are affected by lobbyists and get to decide what laws mean. This doesn't mean our system is better. This is just a bug we don't have.
Perhaps you haven't noticed, but being associated with Big Media is pretty much toxic for politicians right now.
It may be toxic, but they don't seem to care! http://torrentfreak.com/australia-us-copyright-colony-or-just-a-good-friend-120121/
Oh, and also in case you hadn't noticed, the EU hasn't actually signed ACTA yet. Technically they have until March next year, IIRC, though I expect someone will try to sneak it through in the very near future before the politicians realise it's too close to SOPA and PIPA (in some respects) and likely to cause similar grief.
Poland is looking to sign it now. That was the reason for all those attacks, and they seem to be pushing them forward against the public wishes. http://politics.slashdot.org/story/12/01/25/0211219/piratbyran-co-founder-says-stop-ddosing-polish-sites
Also, while the European Commission (the unelected guys who seem to be behind the secret negotiations) still publicly support ACTA, whether they can get it through the European Parliament (the elected guys who recently got new teeth under the Lisbon Treaty and seem to be enjoying exercising their powers) is a different question.
That would make sense, but the politicians all over the world seem to be doing the opposite of what is sensible. Once again, the entire world of elites are ignoring the people. And once again, there will come a point where the people remind them that they are outnumbered.
Apart from - you know - the fact that two of the more important EU institutions are the Council of Ministers and the Parliament - both of which contain people you voted for.
to be precise: The important part is a regulation, hence it does not need to be transposed into national law! It is mandatory for the member states to comply. It is down to the European Parliament to adopt it, which of course has representatives from every member state.
One of the important rules is "If the data subject's consent is to be given in the context of a written declaration which also concerns another matter, the requirement to give consent must be presented distinguishable in its appearance from this other matter." In other words, merely consenting to a long EULA that involves transference of data isn't enough. There has to be a separate checkbox to allow redistributing data. EULAs that allow one party to change the terms at any time won't qualify, either.
The Council of Ministers doesn't contain anyone I voted for. It contains people selected by the leader of the political party that won the national election. Neither the candidate MP I voted for nor the one who was elected to represent me is a member of this party, so my MP does not have any say in their selection. MPs are not supposed to respond to comments or questions from people in other constituencies, so the people who 'represent' me in the CoM are not actually supposed to communicate with me at all, and I have no influence on their reelection.
I am much better represented in the Parliament. I have 5 MEPs, one of whom does a very good job (although when the Welsh Nationalist is the sane one, you start to worry about the system), but at least there is one MEP who represents my views and is accountable to me there.
Unfortunately, every time we try to push more power to the Parliament, the Eurosceptics manage to get it overturned...
I am TheRaven on Soylent News
In most of Europe, we don't vote for judges. They are appointed and are quite immune to lobbyists. Also, most of Europe has a civil law system, and under that system, the laws do not get "interpreted" by the judges...
It is a bug of the American system that judges are affected by lobbyists and get to decide what laws mean. This doesn't mean our system is better. This is just a bug we don't have.
As a point of fact, at the federal level and in many states judges are not elected. Instead they are appointed (by someone or some group that was also elected), and are basically set for life.
Depending on the jurisdiction involved (varying states or the federal justice system), they either have lifetime appointments or appointments to a mandatory age of retirement.
Some jurisdictions allow for the removal of judges based on the quality of their work (i.e. a judge who made *many* *very* *boneheaded* decisions may get axed, but only in some states), but most only allow for their removal because they had committed a crime in office.
In these systems, the only lobbyists are legal counsel for the prosecution and defense, as it should be.
EU law has direct force in national law, EU law trumps national law, and questions of interpretation of EU law are handled by the EU court, whose decisions are binding for the national courts. The EU is very far from toothless in areas where it has legal competence.
If they are indeed replacing the '95 directive the "published document" will have the form of a EU directive, which member states are compelled to turn into national law. If they don't do so, the EC (or, I think, any citizen with standing) can sue them in the EU court for failing to comply.
What you are referring to as toothless is probably in issue domains like foreigh affairs and defense, where the member states have full competence and the only thing the EU can do is try to forge some sort of consensus.
Except in most of Europe a EULA has little to no standing in a court of law.
They're a bit like the disclaimers you see at the bottom of some companies E-mails, a waste of bandwidth.
"The likes of Facebook and WhatsApp are free to those whose privacy is of zero value."
The MAFIAA and these other organizations/business groups buy off everyone.
Everyone? They can't buy off the pirates, which are now popping up in every European country, and firmly intend to participate in the 2014 European elections...
Ok, so you may say, pirates are not in parliament yet, and 2014 will be too late to stop ACTA. However, even now, pirates are already creating enough of a stir that the current political parties are feeling compelled to adopt some of their stances about the internet. Case in point: the recent commemorations against "Vorratsdatenspeicherung" (preemptive data logging), where the pirates found some rather unlikely allies, including some parties who voted in favor of this directive 6 years ago
Good fucking riddance. If they can't actually secure my private data, they shouldn't be in business in the first fucking place.
You people always bitch and moan about "regulations being a burden!", but for some reason, you think it's completely fucking ok for companies to just not give two shits about someone's data.
Did you read my post? It's not that I didn't vote for the person who won - the person in my constituency who does represent me (even though I didn't vote for me, he is accountable to me and the other people in my constituency) has no say in selecting the people who go to the Council of Ministers. They are selected by the government (a coalition at this point, more commonly a single party with a majority) from the pool of their MPs.
These ministers are not allowed to communicate directly with other the constituents of other MPs. This means that the people who is supposedly representing me at the CoM are not allowed to communicate with me. I am not supposed to write letters to them, and they are not supposed to reply. In contrast, I have 5 MEPs who represent me and even though I only voted for two of them (I think - one definitely, I can't remember about the others) they are all supposed to be available for direct communication with me.
I am TheRaven on Soylent News
if they offered citizenships overseas for say, $100 a year. The additional rights and privacies would more than pay for the fee - and maybe get you out of NDAA Gitmo without passing Go.
art: US? Seriously? Have you ever BEEN to Europe?
transport: US? Seriously? Where do you live that has better transit systems than most of (modern) Europe?
punishment: US? Is that YOU getting punished or your desire for strict punishment on OTHERS? The latter -- US, the former, Europe.
Learning HOW to think is more important than learning WHAT to think.
And yet somehow, bureaucratic oppressive Europe got awesome privacy legislation. What did the democratic land of the free get? SOPA.
Life is good here in the socialist hellhole. ;-)
True. And they will, because it actually simplifies things, like removing obligatory reporting to state-level data protection authority. And in most states personal data protection is already strong, so business won't have change much.
The change will be dramatic to overseas companies. That is a reason for, not against.
As a computer, I find your faith in technology amusing.
Why not put corporations in 'jail'. They are persons after all. If they are convicted, all of their assets are frozen for X years, just like if a physical person was.
Then stockholders can sue the management for causing the situation and loosing them money.
Every time I see that measured, it consistently shows the US having the least social mobility of all developed nations. For example, here: http://ftp.iza.org/dp1993.pdf and http://wrap.warwick.ac.uk/81/
I do often see the claim that the US has an advantage here, but I have never, ever seen it backed up, while I have seen the counterclaim backed up.
Money: USD has heavy fluctuation. EUR is quite stable in comparison. US has wider margin between poor and the rich, making rich richer and poor poorer. It's harder to strike "little bit rich" in US in that sense.
Commerce: EU companies generally concentrate more on the quality of things, and has countries with the easiest entrepreneurship anywhere in the world, ie. Finland is one of the easiest countries in the world to run a company! and many other EU companies join the same. Companies in EU also enjoy big tax breaks for sole proprietorship, promoting entrepreneurship that way. US is more strict. I've compared forming a company at US and Finland.
Society: Depends on what is meant here. Social welfare? Cultural provisions? Friendlyness of people? Entertainment activities? Culturally most EU countries can't even be compared to US, the gap is just that big. Entertainment: US has Vegas, but we have plenty of "small vegases" all around EU. Often a part of a city. We also have "Free Cities", which are practically under Anarchy. Laws and Citizen protection? Well, we don't torture people, we do not detain them for indefinite periods of time without court. etc..
Art: You can't be serious. Look at France, Spain, Italy. Da Vinci? The Renaissance period? Art movies? Hollywood movies != ART generally, very very few of them are.
The poor: Social welfare saves many of the poor, and helps them get back to their feet. Some of them even become rich after social welfare network has saved them.
The Rich: Yeah, it's harder to be megarich in EU, so US has EU beat right there. But on the flip side of coin, almost every EU citizen can be considered rich, even unemployed poor people.
Military: This is a joke too as well, right? Ok. EU doesn't have it's own military, each country has their own. but no united military. But EU is host to some of the toughest armies in world. For example our army is nothing to mess with, fending off the Russians in Winter War: http://en.wikipedia.org/wiki/Winter_War
Russians had 200 times more tanks, 3 times more men, 34 times more aircraft. Russia suffered over 4 times more casualties, while technically we lost, in every sense we won that matters -> we remained independent, we lost some ground tho. This continued to: http://en.wikipedia.org/wiki/Continuation_War
Yes, we are one small country, but a country which packs hell of a bunch per person in active service. Last 10 years there's been a lot of stuff about our military service (everyone has to go) being too tough, our military strategies and weaponry used has been at the spotlight for being too cruel & effective (we swapped to something even more cruel and effective and stockpiled away the stuff in spotlight), and just lately that we have way too much rifle inventory, i think they were Kalashnikov clones they intend to melt now because we simply have too many of them.
Our official stance is to stay unallied because our military is a sufficient deterrent, yet we share a very long border with Russia, and are strategically important location for Russian commerce. Every General knows they are up for more than bloody nose if they pick up a fight with us, what we lack in hardware and technology we more than make up for in "Sisu" http://en.wikipedia.org/wiki/Sisu, guerrilla tactics, use of weaponry which other countries want to ban us from using. Then you add up our elite being extremely skilled: http://en.wikipedia.org/wiki/Simo_H%C3%A4yh%C3%A4
And we are just one small country part of the Europe. I would assume Norwegian and Swedish are some tough guys too, even tho Swedish don't have neighbours to worry as much.
and then you count in rest of Europe, with German people, France (those guys don't have any self preservation instinct!) and their Foreign Legion, Italian and of cours
Pulsed Media Seedboxes
We are talking about today, not past history, something which happened BEFORE even US existed.
You haven't probably heard that many EU countries too have their own form of "The Declartion of Independence".
Also, the root laws protecting citizen rights are not as easily broken here in EU than in US.
Get out from under the rock, and look around. Think PATRIOT ACT, TSA, Homeland security. All the breaches in citizen rights happening there.
They are broken so casually that even tho i'd like to visit US, i simply do not dare out of fear of getting ass raped in GITMO for next 15 years because i carried with me a laptop with encrypted password database in it.
Pulsed Media Seedboxes