Slashdot Mirror

← Back to Stories (view on slashdot.org)

GAO Gives Congress Go-ahead For a GDPR-like Privacy Legislation (zdnet.com)

Posted by msmash on from the now-we-wait-for-stars-to-align dept.

An independent report authored by a US government auditing agency has recommended that Congress develop internet data privacy legislation to enhance consumer protections, similar to the EU's General Data Protection Regulation (GDPR). From a report: The 56-page report [PDF] was put together by the US Government Accountability Office (GAO), a bi-partisan government agency that provides auditing, evaluation, and investigative services for Congress. Its reports are used for hearings and drafting legislation. The House Energy and Commerce Committee, which requested the GAO report two years ago, has scheduled a hearing for February 26, during which it plans to discuss GAO's findings and the possibility in drafting the US' first federal-level internet privacy law. If the committee's members would be to follow GAO's conclusions, a GDPR-like legislation should be coming to the US.

10 of 54 comments (clear)

  1. Re:Ha like this will ever work by Anonymous Coward · · Score: 3, Insightful

    Why the fuck to people want more government?

    People don't want more government. They want big corporations to stop fucking them. Unfortunately, the only way to do this is to get the government involved.

  2. Re:Lawyers always win by Waffle+Iron · · Score: 3, Insightful

    but since the "data controller" is completely liable, personally, under GDRP for any real or imagined breach

    So they actually made somebody liable for data breaches?

    Sounds good to me, whether big company or small. Let's do it.

  3. Re: Lawyers always win by Anonymous Coward · · Score: 2, Informative

    This is incorrect. The data controller generally refers to the organization that is responsible for processing personal information. Some companies are however required to have a data protection officer.

    GDPR is essentily the general principles for privacy that have been codified into law. It probably improves privacy a lot over a few years. It is complicated, but in a few years it will probably be natural to always consider privacy.

    I work as a data protection officer myself.

  4. Re:Lawyers always win by Waffle+Iron · · Score: 4, Insightful

    It's not my problem if an outfit is too small to responsibly handle my data. They need to up their game on security or get out.

  5. Re:Lawyers always win by Guybrush_T · · Score: 4, Insightful

    That, or stop asking customer tons of personal information then store it in an xls file accessible to everyone on the cloud.

    That's by far the biggest win of GDPR. And small shops in EU didn't disappear due to GDPR. They just need to stop doing stupid things that will hurt them and their customers.

  6. Re:Lawyers always win by WolfgangVL · · Score: 4, Insightful

    Boo-hoo, cry me a river. If safeguarding my personal information puts your business in the red, then maybe you should stop collecting so much personal information.

    You want to hoover up every bit of PI you can find about me, you're on the hook to safeguard it. As it stands right now, there is no reason not to gobble up every little data point you can get your hands on, no matter if it's relevant to your business/service or not. When you lose it (you will) you lose nothing.

    Over the past 5 years or so, have you noticed how every damn thing wants you to setup a profile? Notice how these profiles are asking all sorts of different data points that have shit-nothing to do with the provided service? Right now there is no reason not to ask for everything from sexual preference to political association, and turn around and sell to the first bidder.

    There is freemium services, and then there is what we have now. Something has got to change. If I have to click through a "we use cookies" banner from time to time, and in return, my valuable personal information is treated with a little respect.... I'm ok with that.
       

    --
    You are being ripped off every second of every day, so that advertisers can help rip you off even more tomorrow.
  7. Re:Lawyers always win by ceoyoyo · · Score: 2

    OR, you could just not collect personal information. Yeah, I know, radical solution.

  8. Re:Lawyers always win by cdwiegand · · Score: 2

    Just because the recommendations were "in flux" doesn't magically absolve potential liability. You are not a US criminal lawyer. And reasonable effort is decided by a judge and/or jury - not a CEO, a lawyer, or the public, unwashed masses of social media. And it can be decided many years after the fact, since the law is now on the books. The fact that you don't know, for sure, exactly HOW to follow it doesn't mean you're absolved from needing to follow it anyways.

    --
    . Define sqrt(x) as something really evil like (x / rand()), and bury it deep. Watch your coworkers go nuts.
  9. Re: Well, shit. by Zmobie · · Score: 3, Informative

    Except it really isn't that difficult to comply with GDPR regulations. I've had training on it since I work for an internationally present company, and it basically amounts to only a few tenants for most software.

    First, gather only information necessary to perform the tasks or services being offered. Any information gathered should be clearly stated in a way the user can understand and they should have easily accessible and granular controls for that information (i.e. don't bury the privacy toggle under 100 menus that don't even seem related) unless it is absolutely essential for basic operation. Finally, the user has a right to that information and should be able to get a copy of all of the data related to them and easily be able to request the irreversible deletion of that data at any time.

    There are other recommendations and compliance guidelines, but none of it is that complicated. Really it just protects users from having massive data harvesting efforts go on without their consent, gives some teeth to the courts to enforce the restrictions, and creates transparency about what a company is actually doing. I'm really not sure why people are so against it. Small companies don't even have the resources or wherewithal to be violating a large portion of the regulation without ill-intent from the start, and the violation penalties are based on the size of the company, users affected, and scales down based on their revenue. Hell, it hasn't even changed most of our development process at my job because we weren't violating this shit to begin with.

  10. Re:Lawyers always win by Zmobie · · Score: 3, Informative

    I call your bullshit. I know what the regulation requires and this is nothing but a bunch of arguments that some asshole executive at Google would parrot out. Small companies can easily comply with a large swath of the regulations without that much more effort. Most of my software and infrastructure I have at my HOUSE, developed exclusively by me, can comply with the regulations. The only people that have issues with this are people that were recklessly throwing out hot garbage to snag a quick buck at someone else's expense, companies that make most of their money from dragnet style data collection of users, or people that heard some talking head drone on about "undue hardship and government overreach."

    I plan to start a software company (without some random jackass giving me free money) within the next decade and I fully support these regulations being implemented in the US.