Slashdot Mirror
New EU Legal Privacy Framework: We're Not Kidding
An anonymous reader writes "Viviane Reding, Vice-President of the European Commission announced today a new regulation for data privacy in Europe (PDF) in replacement of a 1995 Directive. Recently, privacy laws have been under a lot of criticism for their practical inability to ensure a high level of protection to EU citizens. The new data privacy framework will bring a lot of changes: 24 hours security breach notifications, mandatory security assessments, end of notifications to local data privacy agencies, mandatory data protection officers and huge administrative fines: up to 2% of the annual worldwide turnover (that would have meant $1.2 Billion for Microsoft in 2008). Indeed that's 'the necessary "teeth" so the rules can be enforced.'"
Where do I sign up to vote "yes please"?
No sig today...
No it can't just be ignored. If these laws pass, every EU country will be forced to implement them. The European Commission has very sharp teeth indeed on stuff like this, and does not take kindly to companies trying to ignore its rules.
I agree, but for a different reason. ACTA. This says that have to keep stuff secret, or not keep it, and ACTA says they have to keep it, and give it to the *IAAs. The media industry will not want this loophole.
The article could be misinterpreted to mean this is a done deal as is.
O2 must be glad they made their massive screw up before this came into effect...
Transferring personal data from inside the EEA to places outside like the US, where there are not such strong data protection rules, requires either the subject's consent or certain specific guarantees under a safe harbour agreement. Otherwise taking the data out is already illegal.
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
That's roughly what a lot of people said before the EU went after Microsoft for anti-competitive behaviour, too. More than $1,000,000,000 in fines for defying sanctions later, those people had changed their tune.
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
Well the obvious answer is that they can't if it really has no EU ties, just like they can't do anything about sites outside the EU hosting child porn currently.
But that's just the way the world works, it's designed with that knowledge, but it wont protect companies like Facebook, Google, Apple etc. as they do have a prescence, and even if they withdrew that prescence they could potentially still harm those companies by preventing EU firms advertising with them for example.
I'm sure firms will argue it'll cause some competitive disadvantage, but I'm not convinced that's true- I'd argue the opposite if anything, users across the globe should feel far more comfortable using companies that adhere to these rules, than those that don't.
So I don't really see how it'll be a failure, it'll force all major online firms to adhere to it because they do have an EU prescence, and from there anyone else that doesn't comply will have the disadvantage of being much less attractive to customers. Who wants their data held by some fly by night company that has no restrictions on what it can do with that data when they can instead use a company with more ethical rules surrounding what it can and will do with your data?
Perhaps you haven't noticed, but being associated with Big Media is pretty much toxic for politicians right now.
Oh, and also in case you hadn't noticed, the EU hasn't actually signed ACTA yet. Technically they have until March next year, IIRC, though I expect someone will try to sneak it through in the very near future before the politicians realise it's too close to SOPA and PIPA (in some respects) and likely to cause similar grief.
Also, while the European Commission (the unelected guys who seem to be behind the secret negotiations) still publicly support ACTA, whether they can get it through the European Parliament (the elected guys who recently got new teeth under the Lisbon Treaty and seem to be enjoying exercising their powers) is a different question.
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
No law like this will be passed on EU level unless it is absolutely certain that the core countries will adapt it without fuss.
Funny thing: some rights, you cannot sign away. So the EULA is irrelevant. For example, no contract of indentured servitude is legal. In the same way, you cannot sign away your right to privacy.
It is completely within their remit. The part of the company paying is EU-based, but the fine is calculated based on worldwide activities.
In most of Europe, we don't vote for judges. They are appointed and are quite immune to lobbyists. Also, most of Europe has a civil law system, and under that system, the laws do not get "interpreted" by the judges...
It is a bug of the American system that judges are affected by lobbyists and get to decide what laws mean. This doesn't mean our system is better. This is just a bug we don't have.
Apart from - you know - the fact that two of the more important EU institutions are the Council of Ministers and the Parliament - both of which contain people you voted for.
to be precise: The important part is a regulation, hence it does not need to be transposed into national law! It is mandatory for the member states to comply. It is down to the European Parliament to adopt it, which of course has representatives from every member state.
One of the important rules is "If the data subject's consent is to be given in the context of a written declaration which also concerns another matter, the requirement to give consent must be presented distinguishable in its appearance from this other matter." In other words, merely consenting to a long EULA that involves transference of data isn't enough. There has to be a separate checkbox to allow redistributing data. EULAs that allow one party to change the terms at any time won't qualify, either.
The Council of Ministers doesn't contain anyone I voted for. It contains people selected by the leader of the political party that won the national election. Neither the candidate MP I voted for nor the one who was elected to represent me is a member of this party, so my MP does not have any say in their selection. MPs are not supposed to respond to comments or questions from people in other constituencies, so the people who 'represent' me in the CoM are not actually supposed to communicate with me at all, and I have no influence on their reelection.
I am much better represented in the Parliament. I have 5 MEPs, one of whom does a very good job (although when the Welsh Nationalist is the sane one, you start to worry about the system), but at least there is one MEP who represents my views and is accountable to me there.
Unfortunately, every time we try to push more power to the Parliament, the Eurosceptics manage to get it overturned...
I am TheRaven on Soylent News
EU law has direct force in national law, EU law trumps national law, and questions of interpretation of EU law are handled by the EU court, whose decisions are binding for the national courts. The EU is very far from toothless in areas where it has legal competence.
If they are indeed replacing the '95 directive the "published document" will have the form of a EU directive, which member states are compelled to turn into national law. If they don't do so, the EC (or, I think, any citizen with standing) can sue them in the EU court for failing to comply.
What you are referring to as toothless is probably in issue domains like foreigh affairs and defense, where the member states have full competence and the only thing the EU can do is try to forge some sort of consensus.
Good fucking riddance. If they can't actually secure my private data, they shouldn't be in business in the first fucking place.
You people always bitch and moan about "regulations being a burden!", but for some reason, you think it's completely fucking ok for companies to just not give two shits about someone's data.
Did you read my post? It's not that I didn't vote for the person who won - the person in my constituency who does represent me (even though I didn't vote for me, he is accountable to me and the other people in my constituency) has no say in selecting the people who go to the Council of Ministers. They are selected by the government (a coalition at this point, more commonly a single party with a majority) from the pool of their MPs.
These ministers are not allowed to communicate directly with other the constituents of other MPs. This means that the people who is supposedly representing me at the CoM are not allowed to communicate with me. I am not supposed to write letters to them, and they are not supposed to reply. In contrast, I have 5 MEPs who represent me and even though I only voted for two of them (I think - one definitely, I can't remember about the others) they are all supposed to be available for direct communication with me.
I am TheRaven on Soylent News
art: US? Seriously? Have you ever BEEN to Europe?
transport: US? Seriously? Where do you live that has better transit systems than most of (modern) Europe?
punishment: US? Is that YOU getting punished or your desire for strict punishment on OTHERS? The latter -- US, the former, Europe.
Learning HOW to think is more important than learning WHAT to think.
And yet somehow, bureaucratic oppressive Europe got awesome privacy legislation. What did the democratic land of the free get? SOPA.
Life is good here in the socialist hellhole. ;-)
Every time I see that measured, it consistently shows the US having the least social mobility of all developed nations. For example, here: http://ftp.iza.org/dp1993.pdf and http://wrap.warwick.ac.uk/81/
I do often see the claim that the US has an advantage here, but I have never, ever seen it backed up, while I have seen the counterclaim backed up.