Slashdot Mirror

← Back to Stories (view on slashdot.org)

New EU Legal Privacy Framework: We're Not Kidding

Posted by Unknown on from the yes-you-can-have-a-pony dept.

An anonymous reader writes "Viviane Reding, Vice-President of the European Commission announced today a new regulation for data privacy in Europe (PDF) in replacement of a 1995 Directive. Recently, privacy laws have been under a lot of criticism for their practical inability to ensure a high level of protection to EU citizens. The new data privacy framework will bring a lot of changes: 24 hours security breach notifications, mandatory security assessments, end of notifications to local data privacy agencies, mandatory data protection officers and huge administrative fines: up to 2% of the annual worldwide turnover (that would have meant $1.2 Billion for Microsoft in 2008). Indeed that's 'the necessary "teeth" so the rules can be enforced.'"

23 of 243 comments (clear)

  1. So... by Joce640k · · Score: 4, Insightful

    Where do I sign up to vote "yes please"?

    --
    No sig today...
    1. Re:So... by Anonymous Coward · · Score: 4, Interesting

      Totally agree...this idea that businesses shouldn't be held responsible for their actions (or inactions) goes back to the business "revolution" of the 70s...the professional manager who operates without ethics, and who's only allegiance is to the shareholder (or their own salaries/bonuses)...it's about time governments started standing up for their citizens again....sign me up too!

    2. Re:So... by Xest · · Score: 5, Insightful

      My only dissapoint is the constant bandying about of the fines thing. They point out that 2% is massive in monetary value, well yes, it can be, but it's not enough of a deterrent.

      In the UK, for companies like Phorm, and ACS:Law, this would be zero deterrent to what they did, the fines shouldn't be capped percentage wise, as only a fine of perhaps 80% of annual revenue would've been enough to make Phorm and ACS:Law start behaving. The $1.2bn figure for MS sounds a lot less scary when you consider for someone like Andrew Crossley at ACS:Law who really has been in gross breach of the UK's data protection act, were he bringing in £250,000 a year with his personal one man business, would only see a fine of £5000, still leaving him £245,000 to take home. Where the fuck is the deterrent in that? You could write it off as the cost of doing business and just carry on doing it.

      Jail terms for owners/execs, or completely uncapped fines left to the decision of the judge as to what size fine to levy would be the only real deterrents. That's the biggest problem I see with this proposed law - there's no worthwhile deterrent for companies with no positive image to protect (e.g. Phorm) in the fines, they're toothless as proposed right now.

    3. Re:So... by Spad · · Score: 4, Insightful

      Note that it's 2% of turnover, not profit; a 10% fine would ruin a lot of businesses, which is not the intent of the law.

    4. Re:So... by TheRaven64 · · Score: 5, Insightful

      Although repeated infringements can quite easily ruin a company, and that is the intent of the law: companies should never be in the situation of deciding that ignoring a law and regularly paying the fines is just the cost of doing business.

      --
      I am TheRaven on Soylent News
    5. Re:So... by inviolet · · Score: 4, Interesting

      No it can't just be ignored. If these laws pass, every EU country will be forced to implement them. The European Commission has very sharp teeth indeed on stuff like this, and does not take kindly to companies trying to ignore its rules.

      Yep yep.

      As a US citizen now thoroughly ashamed of my society's behavior (esp. regulatory capture, as well as the all-classes corruption of the housing bubble), this news is the first time in my entire life that European society has seemed superior.

      It is quite a moment for me, coming as it is at the tail end of twenty years of staunch libertarian patriotism.

      --
      FATMOUSE + YOU = FATMOUSE
    6. Re:So... by xaxa · · Score: 4, Interesting

      As a US citizen now thoroughly ashamed of my society's behavior (esp. regulatory capture, as well as the all-classes corruption of the housing bubble), this news is the first time in my entire life that European society has seemed superior.

      The first time ever? That's incredible.

      Europe and the US have different views (to varying degrees) on many topics. Money, commerce, society, art, sex, the poor, the rich, military, environment, privacy, citizen rights and restrictions, punishment, education, transport, sport, patriotism, police, tax ...

      Pick any one of those and I'll be able to describe things I like about Europe (and dislike about America), and vice-versa.

    7. Re:So... by s73v3r · · Score: 4, Insightful

      Shut the fuck up, seriously. This idea that companies should not be held responsible for their actions is completely asinine.

      If you don't want companies to be held responsible, go find somewhere without "government intervention". I hear Somalia is lovely this time of year.

    8. Re:So... by gnasher719 · · Score: 4, Insightful

      You fine me 90% of my annual revenue? The same nanosecond a new company is created, which just happens to have the same board, who scoops up everything from the yard sale the company you fined has after going bankrupt, including all brands and patents. How do you plan to avoid that? Short answer, you can't. The company just went bankrupt due to the fine, in the bankruptcy process all liabilities get cut to a certain percentage and the new company can scoop up everything for a penny for the dollar. Yes, it's still some money lost, but we're a far cry from the 90% you wanted. if you're lucky, you get 1-2%. Which is pretty much where we're right now.

      Not that easy. If a company goes bankrupt and has sold on all kinds of stuff before the bankruptcy, all these sales can be invalidated, with more additional consequences.

      And think what would happen to a company like Google, or Facebook, or Apple, or Microsoft. Going bankrupt is not an option. If Google sold patents to Google v.2 for a dollar each, and then declares bankruptcy, surely Apple and others would go to the courts and offer twice the money.

  2. Re:Doubt it will go anywhere by superglaze · · Score: 5, Informative

    No it can't just be ignored. If these laws pass, every EU country will be forced to implement them. The European Commission has very sharp teeth indeed on stuff like this, and does not take kindly to companies trying to ignore its rules.

  3. O2 by CheeseyDJ · · Score: 4, Interesting

    O2 must be glad they made their massive screw up before this came into effect...

  4. Re:data location? by Anonymous+Brave+Guy · · Score: 4, Informative

    Transferring personal data from inside the EEA to places outside like the US, where there are not such strong data protection rules, requires either the subject's consent or certain specific guarantees under a safe harbour agreement. Otherwise taking the data out is already illegal.

    --
    If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
  5. Re:Doubt it will go anywhere by Anonymous+Brave+Guy · · Score: 5, Insightful

    That's roughly what a lot of people said before the EU went after Microsoft for anti-competitive behaviour, too. More than $1,000,000,000 in fines for defying sanctions later, those people had changed their tune.

    --
    If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
  6. Re:This looks like a failure waiting to happen by Xest · · Score: 5, Insightful

    Well the obvious answer is that they can't if it really has no EU ties, just like they can't do anything about sites outside the EU hosting child porn currently.

    But that's just the way the world works, it's designed with that knowledge, but it wont protect companies like Facebook, Google, Apple etc. as they do have a prescence, and even if they withdrew that prescence they could potentially still harm those companies by preventing EU firms advertising with them for example.

    I'm sure firms will argue it'll cause some competitive disadvantage, but I'm not convinced that's true- I'd argue the opposite if anything, users across the globe should feel far more comfortable using companies that adhere to these rules, than those that don't.

    So I don't really see how it'll be a failure, it'll force all major online firms to adhere to it because they do have an EU prescence, and from there anyone else that doesn't comply will have the disadvantage of being much less attractive to customers. Who wants their data held by some fly by night company that has no restrictions on what it can do with that data when they can instead use a company with more ethical rules surrounding what it can and will do with your data?

  7. Re:Doubt it will go anywhere by Anonymous+Brave+Guy · · Score: 5, Insightful

    Perhaps you haven't noticed, but being associated with Big Media is pretty much toxic for politicians right now.

    Oh, and also in case you hadn't noticed, the EU hasn't actually signed ACTA yet. Technically they have until March next year, IIRC, though I expect someone will try to sneak it through in the very near future before the politicians realise it's too close to SOPA and PIPA (in some respects) and likely to cause similar grief.

    Also, while the European Commission (the unelected guys who seem to be behind the secret negotiations) still publicly support ACTA, whether they can get it through the European Parliament (the elected guys who recently got new teeth under the Lisbon Treaty and seem to be enjoying exercising their powers) is a different question.

    --
    If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
  8. Re:Doubt it will go anywhere by Alkonaut · · Score: 4, Insightful

    No law like this will be passed on EU level unless it is absolutely certain that the core countries will adapt it without fuss.

  9. Re:data location? by SomeKDEUser · · Score: 4, Informative

    In most of Europe, we don't vote for judges. They are appointed and are quite immune to lobbyists. Also, most of Europe has a civil law system, and under that system, the laws do not get "interpreted" by the judges...

    It is a bug of the American system that judges are affected by lobbyists and get to decide what laws mean. This doesn't mean our system is better. This is just a bug we don't have.

  10. Re:Doubt it will go anywhere by Zwerg_Sense · · Score: 4, Informative

    to be precise: The important part is a regulation, hence it does not need to be transposed into national law! It is mandatory for the member states to comply. It is down to the European Parliament to adopt it, which of course has representatives from every member state.

  11. Consent and EULAs by Animats · · Score: 4, Interesting

    One of the important rules is "If the data subject's consent is to be given in the context of a written declaration which also concerns another matter, the requirement to give consent must be presented distinguishable in its appearance from this other matter." In other words, merely consenting to a long EULA that involves transference of data isn't enough. There has to be a separate checkbox to allow redistributing data. EULAs that allow one party to change the terms at any time won't qualify, either.

  12. Re:You Can't Vote by TheRaven64 · · Score: 4, Informative

    The Council of Ministers doesn't contain anyone I voted for. It contains people selected by the leader of the political party that won the national election. Neither the candidate MP I voted for nor the one who was elected to represent me is a member of this party, so my MP does not have any say in their selection. MPs are not supposed to respond to comments or questions from people in other constituencies, so the people who 'represent' me in the CoM are not actually supposed to communicate with me at all, and I have no influence on their reelection.

    I am much better represented in the Parliament. I have 5 MEPs, one of whom does a very good job (although when the Welsh Nationalist is the sane one, you start to worry about the system), but at least there is one MEP who represents my views and is accountable to me there.

    Unfortunately, every time we try to push more power to the Parliament, the Eurosceptics manage to get it overturned...

    --
    I am TheRaven on Soylent News
  13. Re:Here's mine by chill · · Score: 4, Insightful

    art: US? Seriously? Have you ever BEEN to Europe?
    transport: US? Seriously? Where do you live that has better transit systems than most of (modern) Europe?
    punishment: US? Is that YOU getting punished or your desire for strict punishment on OTHERS? The latter -- US, the former, Europe.

    --
    Learning HOW to think is more important than learning WHAT to think.
  14. Re:You Can't Vote by Arancaytar · · Score: 5, Insightful

    And yet somehow, bureaucratic oppressive Europe got awesome privacy legislation. What did the democratic land of the free get? SOPA.

    Life is good here in the socialist hellhole. ;-)

  15. Re:Here's mine by Your.Master · · Score: 5, Interesting

    Every time I see that measured, it consistently shows the US having the least social mobility of all developed nations. For example, here: http://ftp.iza.org/dp1993.pdf and http://wrap.warwick.ac.uk/81/

    I do often see the claim that the US has an advantage here, but I have never, ever seen it backed up, while I have seen the counterclaim backed up.