Slashdot Mirror

← Back to Stories (view on slashdot.org)

EU Approves Strict New Privacy Rules

Posted by ryuzaki0 on from the united-in-privacy dept.

An anonymous reader writes: The EU just approved a new set of strict rules governing privacy and data protection, which include a right to be forgotten and to "clear and affirmative consent" for any processing of private data, as well as the right to know when data has been compromised. Culminating more than four years of work, "The reform will replace the current data protection directive, dating back to 1995 when the internet was still in its infancy," the EU said in a statement, "with a general regulation designed to give citizens more control over their own private information in a digitized world of smartphones, social media, internet banking and global transfers." If the rules are broken, the new EU privacy policy includes hefty fines of up to 4% of a firm's total worldwide annual turnover.

27 of 132 comments (clear)

  1. stupid by Anonymous Coward · · Score: 3, Insightful

    The right to be forgotten is such BS.
    I say this as a European.
    Why does some murderer have the right to be forgotten?
    Do we have to delete all records of their crime from the internet?
    Completely retarded.
    Things like this make me wish freenet wasn't just some hub for perverts to share CP, but was actually used by normal people to circumvent this shit.

    1. Re:stupid by buchner.johannes · · Score: 4, Insightful

      Why does some murderer have the right to be forgotten?

      Murder cases make it on the internet because the press is reporting about it -- usually because someone has been accused.
      If you had been accused of a outrageous crime and later found innocent, you will have your name associated with those news stories forever. Every time an employer googles you, they will get that impression, and you will spend the rest of your life arguing that charges were dismissed.
      For those people I think a right to be forgotten is appropriate.

      --
      NB: The message above might reflect my opinion right now, but not necessarily tomorrow or next year.
    2. Re:stupid by LihTox · · Score: 2

      OK, so OJ Simpson was found not guilty of murdering his wife. If he asked for the record to be expunged, does that mean I can't blog about it? Tell jokes about white Broncos online? Does this Slashdot post become illegal?

      Can Adnan Sayed wipe out the first season of Serial if his case is reviewed and he's found innocent?

      And the statute says that the data can be retained "for historical, statistical and scientific purposes, for public health reasons or to exercise the right to freedom of expression." But that seems entirely too subjective for my tastes. We already have the overzealous copyright vultures shutting down parts of the Internet; now we have this?

      It all comes down to how it is enforced.

    3. Re:stupid by Computershack · · Score: 2

      The right to be forgotten is such BS. I say this as a European. Why does some murderer have the right to be forgotten?

      And in that one sentence you've demonstrated you don't have a fucking clue what you're talking about. Its not designed to enable that. Its designed to enable you to remove things like posts of stupid shit you did when you were a kid.

      --
      I only please one person per day. Today is not your day. Tomorrow isn't looking good either. - Scott Adams
  2. Right to be forgotten? by Cytotoxic · · Score: 3, Insightful

    This notion that you have a right to be forgotten is beyond parody. The idea that I have to scrub my notes of all mention of your foibles defies logic. If you were convicted of arson in 2015, what on earth makes anyone think that other people are obligated to hide that fact? And how exactly does the passage of time magically imbue facts with liability? In 2020 it will still be relevant and OK to have in the newspaper, but in 2030 it is magically verboten?

    I realize that this is motivated by politicians who don't want accounts of their youthful indiscretions publicly available, but the fact that there seems to be broad support for this law is kinda scary. Freedom of speech is a pretty basic and important right. Any law requiring censorship should be well beyond the boundary of public discourse, let alone actually being implemented as law.

    I recognize that Europe has a different history with speech and censorship and citizens rights, but c'mon folks, can't we stand up for the right to speak the truth in public?

    1. Re:Right to be forgotten? by Anonymous Coward · · Score: 3, Interesting

      It is scary if you believe the right to free speech trumps all else. The question is whether that right is morally sustainable in a world where it can have everlasting repercussions on individuals in a way they can't control. Until recently we weren't really living in that world and these situations didn't exist except in a few contrived cases.

    2. Re:Right to be forgotten? by Anonymous Coward · · Score: 5, Insightful

      Let's hope you're not falsely accused of anything then. Rape, child molestation, murder, sexism, racism, the list goes on.

      If any of these charges makes a headline, even it it's reported in a blog, it'll be one of the top results in google. Do you really think a potential employer is going to do some serious digging to find the actual truth once they see "abc drugged and raped xyz"? No way they'll move to the next just-as-qualified person.
      Likewise if you're falsely accused of something to do with children, you move into a new neighborhood and one of the mothers googles your name and "xyz touched my child" comes up...you'll be fucking lynched. No ifs, buts or maybes.

      Even if you DID commit a crime, PRISON is the punishment. Once you leave prison you have served your sentence and atoned for your sins.
      Having that conviction follow you throughout your entire life simply by someone googling your name could ruin chances of employment, housing, friends, significant others and maybe lead to a further life of crime.

      If public details of somebodies life are no longer relevant, eg time served, accusation repealed etc, then they shouldn't show up for the world to see, especially without context as i highly doubt many newspaper or blog articles are updated once the accused was found not guilty.

    3. Re:Right to be forgotten? by AmiMoJo · · Score: 5, Informative

      I'm amazed people still don't understand what this right is, considering how often it's been explained right here on Slashdot.

      The right applies to companies that hold your data, and only when there is no overriding reason for them to keep it. So you can't ask your bank to forget your debt, or a newspaper to delete old editions that mention you.

      You can ask Facebook to completely delete your profile instead of just marking it as dormant. It means you can expect credit agencies to not report your bankruptcy from 20 years ago because society says you did your time even if they think otherwise. And yes, it means companies that let others research you have a similar obligation.

      Freedom of speech is unaffected, only commercial services. Corporations are not people and don't have the same rights in the EU, and privacy is considered a human right.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    4. Re:Right to be forgotten? by guises · · Score: 2

      This notion that you have a right to be forgotten is beyond parody.

      The notion is certainly not a parody, the point of the law is that imperfect data storage and retrieval, i.e.: the old way of doing things, is preferable when it comes to issues of a personal nature. It's implementation that's difficult, though I don't think it's nearly as much of an insurmountable challenge as some people here suggest.

      Just one approach: news organizations attach an expiration date to each article and they get archived when the date expires. Search engines read that date and remove search results at the appropriate time. That's 90% of the problem solved, right there. There's always going to be some wanker who thinks he's "fighting the good fight" by rehosting an embarrassing drunken photo that someone posted when they were a teenager, but that person can be dealt with on a case-by-case basis. Most of the time, he can just be ignored.

      I am delighted to see that there's someone out there who still cares about privacy, and who hasn't been bought off by the data aggregators or cowed by overreaching law enforcement... yet. There may be a few flaws in the law, but I'm glad that it exists.

    5. Re: Right to be forgotten? by Fwipp · · Score: 2

      It's not libel to say "Joe Smith was arrested on January 1st under suspicion of aiding a child porn distribution ring." But it's sure not something you want coming up on Google.

    6. Re:Right to be forgotten? by AmiMoJo · · Score: 3, Informative

      It's worth adding that in the EU less serious crimes are considered "spent" after some time (or age 18 if committed as a child). After that point they don't have to be reported to potential employers. They can still show up on enhanced checks for sensitive jobs (state secrets, working with children etc.)

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    7. Re:Right to be forgotten? by Cytotoxic · · Score: 2

      None of the "Right to be forgotten" movement is about false accusations. It is about true statements that are reported somewhere on the web, and about blocking search engines from being able to report the results.

      It is odd that we live in a time where people are perfectly happy to prohibit a private citizen from accurately reporting the location of a news article while simultaneously ratcheting up government lists of shame like sex offender registries and "john lists". It is truly a bizarre juxtaposition to have people simultaneously clamoring for ever more restrictions on "sex offenders" (which includes a lot of things that most folks wouldn't agree are dangerous or sex-offender-ish) and lifetime public registries at the same time that we have governments coming after people for pointing to a newspaper article from 10 years back that talks about some would-be politician's divorce.

      The harms that you discuss are much more related to government action than they are to search engine technology. But it is the search engines that must be restricted. Meanwhile, if you happen to live in Miami-Dade county and were caught having sex with your high school girlfriend the government can place you on the offender registry for life and literally force you to live in a tent under an interstate overpass. Even if the young lady is now your wife. (they have rules about how close offenders can live to parks, schools, malls, etc. the only place in the entire county registered offenders can live is under a couple of overpasses. So if you happen to be on probation for your offence and can't leave the county, you have to live the life of a homeless guy.)

      So while I agree with your sentiment - both about the falsely accused and the guilty - I'd say the government "scarlet letter" is much more problematic than having some newspaper articles hanging out there. Besides, any prospective employer is going to do a professional background check, rather than just a simple google search. In which case all that old stuff is going to show up anyway.

      Which doesn't mean it wouldn't suck times ten to be falsely accused of something, particularly something prurient and involving kids. No amount of "right to forget" is going to remove that stain.

  3. Insanely complex by lseltzer · · Score: 2

    I've read a lot of this regulation and I think it's probably impossible to comply with. It's also very light on technical guidance for compliance. There are only a few passing mentions of encryption and nothing at all about particular standards. In other words, there is no specific requirement to encrypt data in transit or at rest, but rather a vague suggestion that encryption in general might be a good idea. On the other hand, with respect the right to be forgotten, which is really a right to request erasure, it's unclear whether deleting keys to encrypted data constitutes erasure. It could be read to require actually writing over all the copies of the bits.

    1. Re:Insanely complex by freakingme · · Score: 2

      If this law is to be in place for the next 20+ years it'd be pretty moronic if it laid out a very detailed set of technical measures a party is expected to take. Luckily there's lawyers who can interpet the law, and apply it to the situation they're assessing, all of its context included. If other lawyers (i.e. prosecution) disagree with their views, we have judges who can elaborate on the law, and tell how it should be interpreted in situations like those.

    2. Re:Insanely complex by lseltzer · · Score: 2

      Laws tend to get more complex over time, not less. I get the clear idea from the text that the authors would like to be able to hit up companies for fines at will, and this law will allow them to do it.

    3. Re:Insanely complex by AmiMoJo · · Score: 2

      The existing rules say that companies must protect personal data, and it's up to regulators and courts to decide exactly what that means. That's a good solution because as technology changes and the minimum protection you would expect changes companies are expected to keep up.

      For example, DES used to be fine, but now you would expect AES. Before two factor authentication was popular and free it wasn't really expected, now it's pretty much essential for any serious application.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
  4. Exceptionalism backlash by Anonymous Coward · · Score: 2, Insightful

    The US has been a bit longer at it, a bit blunter too. Don't worry, the EU have their own problems, ones they'll need to deal with or they'll cease to be a thing soonish. At the same time the US don't get to whine they're held to a double standard when that's what they've been doing for ages themselves, wholesale.

    Examples? Oh please. Here, just one: The ICC. Prime United States "we don't play well with others" of America, "FUCK YEAH!" material right there.

  5. Right to be forgotten - subcases by isj · · Score: 5, Interesting

    I checked a subset of the leaked list from BBC last year of articles they had to remove. From those samples I could see three categories:

    1: victims. Eg sexual assault victims mentioned by name. It seems OK to me that they get their name removed so that in 20 years their granchildren don't get that search result.
    2: a small category of criminals wanting to have their names removed. Which mostly seems OK to me as most countries have a limit to how long such information is publicly available. Eg. I think where I live burglaries are removed after 8 years
    3: a wtf category. Two examples: One neo-nazi wanted his name removed from an article about a white power demonstration.. His names is pretty unique so I checked - he is still sputing such nonsense on facebook and twitter, so I don't see why he wanted it removed. The other example is a man in an article about how his one testicle suddenly grew and he immediately went to the doctor. It turned out it wasn't testicular cancer but a benign internal boil. I think it is a positive story about cancer awareness, but I can see why he may not want that to be the first result when someone searches his name.

    So basically I agree with the right to be forgotten. When information is no longer in the public interest it should be possible to get the names removed.

  6. They don't... by denzacar · · Score: 5, Informative

    http://www.europarl.europa.eu/...

    The new rules will give individuals greater control over their personal data in the following ways.
    The right to be forgotten (Article 17)

    Any person will have the right to be âoeforgottenâ/have his or her personal data erased when he or shel no longer wants the data to be processed, provided there are no legitimate reasons for retaining it.

    To enforce this right, if a person asks an internet company to erase his/her data, the company should also forward the request to any others that replicate the data.
    However, this right would be restricted in some cases, for instance when the data is needed for historical, statistical and scientific purposes, for public health reasons or to exercise the right to freedom of expression.
    Also, the right to be forgotten would not apply when the retention of personal data is necessary to fulfil a contract or is required by law.

    Purpose of this is to ensure that Facebook, Google and various government and other agencies can't use or sell your private data if you don't want them to.
    Not for convicted murderers to be able to erase their past from the internet.
    Freedom of speech still applies and still includes news articles about murder.
    Just as the laws pertaining to government archives about the case still apply.

    --
    Mit der Dummheit kämpfen Götter selbst vergebens
    1. Re:They don't... by K.+S.+Kyosuke · · Score: 4, Insightful

      Except, of course, that this is what it has been used for in the past

      Which is quite understandable in some forms since people generally have a right to be rehabilitated.

      --
      Ezekiel 23:20
    2. Re:They don't... by AmiMoJo · · Score: 3, Informative

      Correction. Murders have tried to use it, but details of their serious crimes aren't covered by this right so they failed.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
  7. Re:Double standard by moronoxyd · · Score: 2

    These laws apply to companies that do business in the EU or with EU residents. If you do business in a different country, you have to follow that countries laws.
    There's nothing strange about this.

    The difference is that the EU doesn't try to impose its laws on other countries. Just on companies that do business within the EU. (And only for the data related to these transactions. As far as I know the laws don't affect what Facebook and Google do with the data they collect from US residents.)

  8. Nope... by denzacar · · Score: 2

    Not for convicted murderers to be able to erase their past from the internet.

    Except, of course, that this is what it has been used for in the past.

    Except it wasn't.
    For one, these rules won't be applicable for at least two more years.
    So unless you're claiming that what happened in the past actually happened in the future...

    Also, it didn't even happen in the past, according to your own link.

    On December 15, 2009, the German Federal Court of Justice (Bundesgerichtshof) in Karlsruhe ruled that German websites do not have to check their archives in order to provide permanent protection of personality rights for convicted criminals.

    If anything, these new rules ensure that such cases don't happen again.

    Mit der Dummheit kampfen Gotter selbst vergebens

    True. Just look in the mirror.

    Why? Plenty of illiterate idiots like you to point at and laugh.

    Point.
    Point point.
    Point point point.
    Ha-ha.

    --
    Mit der Dummheit kämpfen Götter selbst vergebens
  9. Credit Reports - example of what happenes without by ffkom · · Score: 4, Interesting

    such data privacy laws - see John Oliver's recent episode on Credit Reports in the US. That's what happenes if 1 in 20 humans is associated with wrong, outdated information by corporations.

  10. Re:Double standard by Computershack · · Score: 2

    These rules will apply to any firms that handle the data of EU residents, regardless of whether the firms have any presence in the EU or not. That is the EU forcing its laws on the rest of the world. Why is there tremendous negative backlash when the US attempts to impose its laws on other countries but the EU gets a free pass when they do the same thing. It sure seems like a double standard to me.

    The USA tried to extradite Richard O'Dwyer from the UK because of a website he ran which was illegal under US law but perfectly legal under UK law. So when it comes to countries trying to force their laws on the rest of the world the USA is right up there leading the way.

    --
    I only please one person per day. Today is not your day. Tomorrow isn't looking good either. - Scott Adams
  11. Re:Priorities ? by Computershack · · Score: 2

    Things like "everyone is required to have an id at all times" , being mandated under the law to report changes of residence to authorities - all that shit ,which is reserved to sexual offenders only in the USA, is considered normal in EU.

    Is it? We don't even have ID cards in the UK so that is over 1/10th of the entire population of the EU who don't have ID cards. I don't know of anyone in any of the EU countries I've spoken to who have ever mentioned anything about being forced to report changes of residence to the authorities - you're certainly not required to in the UK. You should stop believing everything you watch on Fox News because its making you look stupid.

    --
    I only please one person per day. Today is not your day. Tomorrow isn't looking good either. - Scott Adams
  12. Unbelievable comments. by Computershack · · Score: 5, Insightful

    I can't believe how many people, mostly Americans, think its bad that there is a law out there forcing companies to tell you what they intend to do with your personal data and if they have a breach where that data is compromised. They also seem to have a poor grasp of the right to be forgotten rule as well. Its not intended to hide stuff that politicians or corporations have done in the past but is instead there to protect private individuals from having irrelevant shit they did when they were young and stupid which no longer needs to see the light of day from being able to be found and used against them. Its there to protect those who were falsely accused from having to undergo further misery in their lives. And fuck you if you're too stupid to see that.

    --
    I only please one person per day. Today is not your day. Tomorrow isn't looking good either. - Scott Adams