Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

New EU Legal Privacy Framework: We're Not Kidding

Unknown Lamer posted more than 2 years ago | from the yes-you-can-have-a-pony dept.

Privacy 243

An anonymous reader writes "Viviane Reding, Vice-President of the European Commission announced today a new regulation for data privacy in Europe (PDF) in replacement of a 1995 Directive. Recently, privacy laws have been under a lot of criticism for their practical inability to ensure a high level of protection to EU citizens. The new data privacy framework will bring a lot of changes: 24 hours security breach notifications, mandatory security assessments, end of notifications to local data privacy agencies, mandatory data protection officers and huge administrative fines: up to 2% of the annual worldwide turnover (that would have meant $1.2 Billion for Microsoft in 2008). Indeed that's 'the necessary "teeth" so the rules can be enforced.'"

cancel ×

243 comments

So... (4, Insightful)

Joce640k (829181) | more than 2 years ago | (#38818617)

Where do I sign up to vote "yes please"?

Re:So... (4, Interesting)

Anonymous Coward | more than 2 years ago | (#38818687)

Totally agree...this idea that businesses shouldn't be held responsible for their actions (or inactions) goes back to the business "revolution" of the 70s...the professional manager who operates without ethics, and who's only allegiance is to the shareholder (or their own salaries/bonuses)...it's about time governments started standing up for their citizens again....sign me up too!

Re:So... (0)

Anonymous Coward | more than 2 years ago | (#38818865)

I dont think its enough. It should be at least 10%. Loss of private data can ruin a person.

Re:So... (4, Insightful)

Spad (470073) | more than 2 years ago | (#38818905)

Note that it's 2% of turnover, not profit; a 10% fine would ruin a lot of businesses, which is not the intent of the law.

Re:So... (5, Insightful)

TheRaven64 (641858) | more than 2 years ago | (#38818935)

Although repeated infringements can quite easily ruin a company, and that is the intent of the law: companies should never be in the situation of deciding that ignoring a law and regularly paying the fines is just the cost of doing business.

Re:So... (-1, Troll)

Anonymous Coward | more than 2 years ago | (#38819469)

Yes, +1,000,000 - All hail Nationalism and penalization of the big bad corporations - because the altruistic and incompetent government needs to grow and has an excellent track record of managing that money better to turn a profit for the nation as a whole (especially when you consider it is staffed by untrustworthy sleaze at the top and incompetents that can't work elsewhere everywhere below!)

Re:So... (2)

fibonacci8 (260615) | more than 2 years ago | (#38819201)

So it's roughly a five strikes law, that's seems pretty lenient.

Re:So... (2, Interesting)

Anonymous Coward | more than 2 years ago | (#38819289)

That would be interesting... Any company that has 3 data breaches in a 5 year period gets a year ban from the internet.

Re:So... (0)

Anonymous Coward | more than 2 years ago | (#38818711)

Everything comes with a cost. This will certainly be a tax on things you like to have and do on the Internet WRT to the EU.

Re:So... (2)

vlm (69642) | more than 2 years ago | (#38818745)

Where do I sign up to vote "yes please"?

How does someone of distantly European ancestry upgrade by moving back? Figure an average /.er, in other words highly skilled/educated but no Nobel prize, plenty of money but not a billionaire, etc. I liked visiting Ireland, although that was before the economic collapse...

Re:So... (4, Interesting)

inviolet (797804) | more than 2 years ago | (#38819035)

No it can't just be ignored. If these laws pass, every EU country will be forced to implement them. The European Commission has very sharp teeth indeed on stuff like this, and does not take kindly to companies trying to ignore its rules.

Yep yep.

As a US citizen now thoroughly ashamed of my society's behavior (esp. regulatory capture, as well as the all-classes corruption of the housing bubble), this news is the first time in my entire life that European society has seemed superior.

It is quite a moment for me, coming as it is at the tail end of twenty years of staunch libertarian patriotism.

Re:So... (1)

rmstar (114746) | more than 2 years ago | (#38819129)

It is quite a moment for me, coming as it is at the tail end of twenty years of staunch libertarian patriotism.

Interesting. So you suddenly favor big government and regulation? How did that happen? (Just curious - I am not a libertarian).

Re:So... (0)

Anonymous Coward | more than 2 years ago | (#38819539)

Maybe he got sick of companies treating his privacy as a near zero value commodity, or an asset in their posession that they need spend no time or money securing.

Re:So... (4, Interesting)

xaxa (988988) | more than 2 years ago | (#38819207)

As a US citizen now thoroughly ashamed of my society's behavior (esp. regulatory capture, as well as the all-classes corruption of the housing bubble), this news is the first time in my entire life that European society has seemed superior.

The first time ever? That's incredible.

Europe and the US have different views (to varying degrees) on many topics. Money, commerce, society, art, sex, the poor, the rich, military, environment, privacy, citizen rights and restrictions, punishment, education, transport, sport, patriotism, police, tax ...

Pick any one of those and I'll be able to describe things I like about Europe (and dislike about America), and vice-versa.

Re:So... (0)

Anonymous Coward | more than 2 years ago | (#38819041)

Highly skilled migrant program otherwise known as a tier1 general visa - currently on hold as full but basically points based and most it people would qualify (extra 5 points for being of english speaking background)

Re:So... (1)

buglista (1967502) | more than 2 years ago | (#38819147)

Marry an EU resident :)

Re:So... (3, Informative)

mrvan (973822) | more than 2 years ago | (#38819275)

In the Netherlands, there is a "knowledge worker" rule that says that if you can find a job that requires a degree and pays X% better than minimum (or modal?) wage, it's easy to get a working permit, plus you get a huge tax break (although I think there are cutting down on the latter). Any decent sized company will have someone in the HRM department who knows these rules and can help with the paper work.

If you are here 5 years and pass a test you can apply for citizenship but that might require renouncing your US citizenship.

Just sign ACTA. (0)

Anonymous Coward | more than 2 years ago | (#38818771)

This will take care of your data - it will be safer with USA media corporations when your government hands them over.

Re:So... (5, Insightful)

Xest (935314) | more than 2 years ago | (#38818887)

My only dissapoint is the constant bandying about of the fines thing. They point out that 2% is massive in monetary value, well yes, it can be, but it's not enough of a deterrent.

In the UK, for companies like Phorm, and ACS:Law, this would be zero deterrent to what they did, the fines shouldn't be capped percentage wise, as only a fine of perhaps 80% of annual revenue would've been enough to make Phorm and ACS:Law start behaving. The $1.2bn figure for MS sounds a lot less scary when you consider for someone like Andrew Crossley at ACS:Law who really has been in gross breach of the UK's data protection act, were he bringing in £250,000 a year with his personal one man business, would only see a fine of £5000, still leaving him £245,000 to take home. Where the fuck is the deterrent in that? You could write it off as the cost of doing business and just carry on doing it.

Jail terms for owners/execs, or completely uncapped fines left to the decision of the judge as to what size fine to levy would be the only real deterrents. That's the biggest problem I see with this proposed law - there's no worthwhile deterrent for companies with no positive image to protect (e.g. Phorm) in the fines, they're toothless as proposed right now.

Re:So... (1)

SomeKDEUser (1243392) | more than 2 years ago | (#38818947)

Oh, but although the company is fined 2%, ordering your employees to do something illegal is criminal... So I don't think this would end as "the cost of doing business".

Re:So... (1)

Xest (935314) | more than 2 years ago | (#38819329)

Unless there's some sanction for repeat offenders, they can just feign incompetence, so unless the authorities can find a whistleblower willing to act as a witness proving malice, there's little they can do to demonstrate it wasn't incompetence.

Re:So... (1)

SomeKDEUser (1243392) | more than 2 years ago | (#38819379)

In general, fines are associated with a delay to remedy the situation. Then it becomes a repeat offence and the fines go up.

Re:So... (1)

Joce640k (829181) | more than 2 years ago | (#38819313)

2% is massive in monetary value, well yes, it can be, but it's not enough of a deterrent.

I don't think it's meant to be a 'deterrent'. Companies don't have data breaches on purpose, even the best security can be subverted.

This is more to get them to have some security in place and to avoid coverups after it happens, eg. a decent security system doesn't let people take the data home for the weekend so no more 'lost laptops' (hopefully).

Re:So... (1)

ackthpt (218170) | more than 2 years ago | (#38818997)

Where do I sign up to vote "yes please"?

Sadly, not in the US of A. The EU may be screwed up in some ways, but on this item they have a firm grip of reality. Well done.

You Can't Vote (0, Informative)

Anonymous Coward | more than 2 years ago | (#38819067)

The EU structure is designed explicitly to prevent those pesky citizens from having a voice in how they are to be lead. The EU is designed for EU bureaucratic elites to govern what were formerly nations in ways that best benefit EU bureaucratic elites and their financial backers.

This is why the Euro debt crises is unfolding in its current forms. The entire purpose of pouring ever larger rescue funds into keeping the Euro solvent is so that losses can be transferred from banks to taxpayers.

Your input is neither required, nor desired, nor, in fact, even possible.

Re:You Can't Vote (3, Informative)

Angostura (703910) | more than 2 years ago | (#38819245)

Apart from - you know - the fact that two of the more important EU institutions are the Council of Ministers and the Parliament - both of which contain people you voted for.

Re:You Can't Vote (4, Informative)

TheRaven64 (641858) | more than 2 years ago | (#38819349)

The Council of Ministers doesn't contain anyone I voted for. It contains people selected by the leader of the political party that won the national election. Neither the candidate MP I voted for nor the one who was elected to represent me is a member of this party, so my MP does not have any say in their selection. MPs are not supposed to respond to comments or questions from people in other constituencies, so the people who 'represent' me in the CoM are not actually supposed to communicate with me at all, and I have no influence on their reelection.

I am much better represented in the Parliament. I have 5 MEPs, one of whom does a very good job (although when the Welsh Nationalist is the sane one, you start to worry about the system), but at least there is one MEP who represents my views and is accountable to me there.

Unfortunately, every time we try to push more power to the Parliament, the Eurosceptics manage to get it overturned...

Re:You Can't Vote (0)

Anonymous Coward | more than 2 years ago | (#38819363)

The EU structure is designed explicitly to prevent those pesky citizens from having a voice in how they are to be lead. The EU is designed for EU bureaucratic elites to govern what were formerly nations in ways that best benefit EU bureaucratic elites and their financial backers.

...

Your input is neither required, nor desired, nor, in fact, even possible.

Except of course we have the European Parliament. Unfortunately the continuing anti-European sentiment seems to prevent more powers going to this Parliament, meaning they stay where they are now (the Commission), which is (much) less democratic.

And the fact that most decisions are made by the misters of the Member States. Which gave up part of their sovereignty willingly (though perhaps motivated by economic benefits).

Yes, we have problems. But we citizens have a fair bit of influence over Europe.

This is why the Euro debt crises is unfolding in its current forms. The entire purpose of pouring ever larger rescue funds into keeping the Euro solvent is so that losses can be transferred from banks to taxpayers.

The crisis is unfolding this way because banks are not cooperating. The fund only exists for the governments (Portugal, Greece, possibly/in the future Spain and Italy).

Again, I'm not saying its ideal (it isn't, not by a long shot). But "evil overlords" are not the problem.

Re:So... (0)

Hatta (162192) | more than 2 years ago | (#38819193)

Vote yes for more expansive government authority to protect you from something that would be no danger if you could just keep your mouth shut. Governments shouldn't be about protecting you from yourself.

Re:So... (3, Informative)

Karl Cocknozzle (514413) | more than 2 years ago | (#38819473)

Vote yes for more expansive government authority to protect you from something that would be no danger if you could just keep your mouth shut. Governments shouldn't be about protecting you from yourself.

How would "keeping their mouth shut" prevent consumer data disclosures? Companies that aren't doing business "online" still hold a treasure trove of data about you, much of which I'd imagine you'd prefer was kept private. ...if they were under any obligation to disclose to you that they were holding information about you, that is.

Doubt it will go anywhere (-1)

Anonymous Coward | more than 2 years ago | (#38818685)

The EU really has no teeth. The individual countries have laws which matter, but the EU is a lot like the UN -- it can publish stuff, but when push comes to shove, it can be ignored.

It would be nice to see privacy and data retention laws happen (especially laws about data expiring and being removed), but in reality, there is too much money to be made from it for even an agency as large as the EU to do much other than wag a finger.

Re:Doubt it will go anywhere (5, Informative)

superglaze (1112971) | more than 2 years ago | (#38818719)

No it can't just be ignored. If these laws pass, every EU country will be forced to implement them. The European Commission has very sharp teeth indeed on stuff like this, and does not take kindly to companies trying to ignore its rules.

Re:Doubt it will go anywhere (0)

Anonymous Coward | more than 2 years ago | (#38818907)

Every EU country will be required to implement them, not forced. Those that don't will face sanctions or possible expulsion, but if one of the big countries refuse, there is basically nothing that can be done other than all the other nations turning their noses up at them and writing them nasty letters.

You know, like we all do with France already. Well, at least I do.

Re:Doubt it will go anywhere (4, Insightful)

Alkonaut (604183) | more than 2 years ago | (#38818989)

No law like this will be passed on EU level unless it is absolutely certain that the core countries will adapt it without fuss.

Re:Doubt it will go anywhere (4, Informative)

Zwerg_Sense (2560833) | more than 2 years ago | (#38819303)

to be precise: The important part is a regulation, hence it does not need to be transposed into national law! It is mandatory for the member states to comply. It is down to the European Parliament to adopt it, which of course has representatives from every member state.

Re:Doubt it will go anywhere (3, Insightful)

houstonbofh (602064) | more than 2 years ago | (#38818723)

I agree, but for a different reason. ACTA. This says that have to keep stuff secret, or not keep it, and ACTA says they have to keep it, and give it to the *IAAs. The media industry will not want this loophole.

Re:Doubt it will go anywhere (5, Insightful)

Anonymous Brave Guy (457657) | more than 2 years ago | (#38818869)

Perhaps you haven't noticed, but being associated with Big Media is pretty much toxic for politicians right now.

Oh, and also in case you hadn't noticed, the EU hasn't actually signed ACTA yet. Technically they have until March next year, IIRC, though I expect someone will try to sneak it through in the very near future before the politicians realise it's too close to SOPA and PIPA (in some respects) and likely to cause similar grief.

Also, while the European Commission (the unelected guys who seem to be behind the secret negotiations) still publicly support ACTA [europa.eu] , whether they can get it through the European Parliament (the elected guys who recently got new teeth under the Lisbon Treaty and seem to be enjoying exercising their powers) is a different question.

Re:Doubt it will go anywhere (1)

AngryDeuce (2205124) | more than 2 years ago | (#38819157)

Perhaps you haven't noticed, but being associated with Big Media is pretty much toxic for politicians right now.

Not really, considering that they're all associated with Big Media. In order for that to be a problem their political opponents would have to be able to point fingers and say "Look at him! He's in bed with Big Media!!", but none of them can do that without their hypocrisy being on display. The MAFIAA and these other organizations/business groups buy off everyone. Why throw your support behind one candidate that could potentially lose an election if you can afford to hedge your bets by supporting both? There's nothing to lose, and mountains of money and influence to gain.

This is the fundamental problem with politics in the United States as of late. In order to truly compete on the same level as these politicians you need to allow yourself to be corrupted by the same people they are. By the time you finally gain enough exposure to run for office beyond a local level, you've become the very person you're competing with. Selling out is as much a requirement for office in our government as being an American citizen. Even if you miraculously buck this trend and achieve some higher office, you have both parties and their considerable resources hammering you down pretty much constantly. They'll spare no expense to destroy you.

America! Fuck Yeah!!

Re:Doubt it will go anywhere (2)

houstonbofh (602064) | more than 2 years ago | (#38819231)

Perhaps you haven't noticed, but being associated with Big Media is pretty much toxic for politicians right now.

It may be toxic, but they don't seem to care! http://torrentfreak.com/australia-us-copyright-colony-or-just-a-good-friend-120121/ [torrentfreak.com]

Oh, and also in case you hadn't noticed, the EU hasn't actually signed ACTA yet. Technically they have until March next year, IIRC, though I expect someone will try to sneak it through in the very near future before the politicians realise it's too close to SOPA and PIPA (in some respects) and likely to cause similar grief.

Poland is looking to sign it now. That was the reason for all those attacks, and they seem to be pushing them forward against the public wishes. http://politics.slashdot.org/story/12/01/25/0211219/piratbyran-co-founder-says-stop-ddosing-polish-sites [slashdot.org]

Also, while the European Commission (the unelected guys who seem to be behind the secret negotiations) still publicly support ACTA [europa.eu] , whether they can get it through the European Parliament (the elected guys who recently got new teeth under the Lisbon Treaty and seem to be enjoying exercising their powers) is a different question.

That would make sense, but the politicians all over the world seem to be doing the opposite of what is sensible. Once again, the entire world of elites are ignoring the people. And once again, there will come a point where the people remind them that they are outnumbered.

Re:Doubt it will go anywhere (5, Insightful)

Anonymous Brave Guy (457657) | more than 2 years ago | (#38818801)

That's roughly what a lot of people said before the EU went after Microsoft for anti-competitive behaviour, too. More than $1,000,000,000 in fines for defying sanctions later, those people had changed their tune.

Re:Doubt it will go anywhere (1)

Gideon Wells (1412675) | more than 2 years ago | (#38819083)

The EU isn't that weak. The EU is sort of a cross between the UN and the USA (If you consider each state to be sovereign states instead of egotistical providences). I don't know how close to which end of the spectrum it is, however.

data location? (0)

Anonymous Coward | more than 2 years ago | (#38818713)

Well, aren't our (european) data physically located in the US anyway?

Re:data location? (4, Informative)

Anonymous Brave Guy (457657) | more than 2 years ago | (#38818777)

Transferring personal data from inside the EEA to places outside like the US, where there are not such strong data protection rules, requires either the subject's consent or certain specific guarantees under a safe harbour agreement. Otherwise taking the data out is already illegal.

Re:data location? (1)

click2005 (921437) | more than 2 years ago | (#38818895)

Thats what EULAs are for.

Re:data location? (3, Insightful)

SomeKDEUser (1243392) | more than 2 years ago | (#38818993)

Funny thing: some rights, you cannot sign away. So the EULA is irrelevant. For example, no contract of indentured servitude is legal. In the same way, you cannot sign away your right to privacy.

Re:data location? (1)

click2005 (921437) | more than 2 years ago | (#38819081)

I agree but agreeing to "Company G storing your data in various locations around the world" isn't giving up your privacy and I'm sure G's lawyers & lobbyists will quite gladly spend time & money making a few judges agree.

Re:data location? (4, Informative)

SomeKDEUser (1243392) | more than 2 years ago | (#38819213)

In most of Europe, we don't vote for judges. They are appointed and are quite immune to lobbyists. Also, most of Europe has a civil law system, and under that system, the laws do not get "interpreted" by the judges...

It is a bug of the American system that judges are affected by lobbyists and get to decide what laws mean. This doesn't mean our system is better. This is just a bug we don't have.

Re:data location? (2, Interesting)

Anonymous Coward | more than 2 years ago | (#38819523)

In most of Europe, we don't vote for judges. They are appointed and are quite immune to lobbyists. Also, most of Europe has a civil law system, and under that system, the laws do not get "interpreted" by the judges...

It is a bug of the American system that judges are affected by lobbyists and get to decide what laws mean. This doesn't mean our system is better. This is just a bug we don't have.

As a point of fact, at the federal level and in many states judges are not elected. Instead they are appointed (by someone or some group that was also elected), and are basically set for life.

Depending on the jurisdiction involved (varying states or the federal justice system), they either have lifetime appointments or appointments to a mandatory age of retirement.

Some jurisdictions allow for the removal of judges based on the quality of their work (i.e. a judge who made *many* *very* *boneheaded* decisions may get axed, but only in some states), but most only allow for their removal because they had committed a crime in office.

In these systems, the only lobbyists are legal counsel for the prosecution and defense, as it should be.

Re:data location? (1)

gstoddart (321705) | more than 2 years ago | (#38819089)

Thats what EULAs are for.

I'd like to see that in court ... an EULA can't violate the law, and if it's against the law for them to share your data with the US, they can't change the EULA to say you waive your legal protections.

I would hope that something like that would basically get pursued as a willful violation of this, and lead to a fairly epic smackdown.

Of course, since with the Patriot Act that the US has given themselves the right to demand data [theregister.co.uk] from US owned companies ... so I can see it being possible for an organization to be left with the choice of whether to violate US or EU laws; you couldn't be in compliance with both.

It's also why it's illegal to give certain kinds of data to US-owned organizations in some countries ... anything in the government of Canada can't be handled by a US owned company, because they could be required to hand over the information.

Re:data location? (1)

houstonbofh (602064) | more than 2 years ago | (#38819259)

If the website you input your data into is hosted in the US, the company did not transfer your data, you did.

Privacy pffft! (1)

countertrolling (1585477) | more than 2 years ago | (#38818715)

How is any of this going to protect you from the police?

Re:Privacy pffft! (2)

dkf (304284) | more than 2 years ago | (#38818761)

How is any of this going to protect you from the police?

It won't (well, on the basis of what the summary says) but they're surely not the only threat.

Re:Privacy pffft! (0)

countertrolling (1585477) | more than 2 years ago | (#38819159)

No, the government is actually the only threat. An advertiser can't knock your door down and drag you away.

Re:Privacy pffft! (0)

Anonymous Coward | more than 2 years ago | (#38818769)

While we have some stupid laws in the EU, we don't have a police state such as the USA (yet). Whereas the police here are often frowned upon, they're nothing compared to the "shoot first, ask questions later" types in the US.

Re:Privacy pffft! (0)

Anonymous Coward | more than 2 years ago | (#38818955)

Yeah, right.

Your paperzzz - NOW [holds out hand, accompanying agents put hands on weapons].

Re:Privacy pffft! (0)

Anonymous Coward | more than 2 years ago | (#38819003)

Did you miss the story about the German police breaking into people's houses to bug their computers without any judicial oversight?

I'd think a continent that birthed the Stasi, Gestapo, Franco, Tito, etc etc would ask least ask "Where are the laws protecting me from an invasive police state?" I'd also think they'd be a little less pompous on the subject.

Re:Privacy pffft! (1)

houstonbofh (602064) | more than 2 years ago | (#38819269)

Really? Ask Kim Dotcom and his partners in Europe about that.

I am less worried about the police than the media industry.

This is only proposed set of rules (3, Informative)

jggimi (1279324) | more than 2 years ago | (#38818733)

The article could be misinterpreted to mean this is a done deal as is.

Re:This is only proposed set of rules (1)

coastwalker (307620) | more than 2 years ago | (#38819461)

As someone who is involved in putting in place processes to cope with legislation like this I can only say it sounds like yet another ludicrous set of disincentives for small businesses. So every business needs a data protection officer, the ability to respond to a query within 24 hours, gold plated toilets, forms to fill out in triplicate. I'm all for ensuring consensual use of personal data but I am completely against legislation which mandates a bureaucratic process to implement it which means that I end up with more people administrating this sort of thing than actually working for the business. The western world is drowning under the weight of inefficient bureaucratic processes, no wonder all the work is emigrating to the far east.

O2 (4, Interesting)

CheeseyDJ (800272) | more than 2 years ago | (#38818735)

O2 must be glad they made their massive screw up [bbc.co.uk] before this came into effect...

This looks like a failure waiting to happen (1)

Attila Dimedici (1036002) | more than 2 years ago | (#38818751)

It tries to claim jurisdiction over any company that handles the personal data of EU subjects. How exactly do they intend to enforce this over companies that have no physical presence within the EU?

Re:This looks like a failure waiting to happen (5, Insightful)

Xest (935314) | more than 2 years ago | (#38818831)

Well the obvious answer is that they can't if it really has no EU ties, just like they can't do anything about sites outside the EU hosting child porn currently.

But that's just the way the world works, it's designed with that knowledge, but it wont protect companies like Facebook, Google, Apple etc. as they do have a prescence, and even if they withdrew that prescence they could potentially still harm those companies by preventing EU firms advertising with them for example.

I'm sure firms will argue it'll cause some competitive disadvantage, but I'm not convinced that's true- I'd argue the opposite if anything, users across the globe should feel far more comfortable using companies that adhere to these rules, than those that don't.

So I don't really see how it'll be a failure, it'll force all major online firms to adhere to it because they do have an EU prescence, and from there anyone else that doesn't comply will have the disadvantage of being much less attractive to customers. Who wants their data held by some fly by night company that has no restrictions on what it can do with that data when they can instead use a company with more ethical rules surrounding what it can and will do with your data?

Re:This looks like a failure waiting to happen (-1, Troll)

Attila Dimedici (1036002) | more than 2 years ago | (#38819001)

Well, it will certainly quell those little inconvenient job creators called small businesses.

Re:This looks like a failure waiting to happen (1)

Xest (935314) | more than 2 years ago | (#38819309)

No it wont, complying with this legislation isn't exactly hard and frankly a lot of responsible companies of all sizes do this sort of thing already.

I dealt with a number of recruitment agencies earlier this year, some very small, some larger, but none of them went bust when they complied with my request to remove my personal details from their systems after I'd finished looking for a new role.

Re:This looks like a failure waiting to happen (1)

CTalkobt (81900) | more than 2 years ago | (#38819333)

The intent I fully and whole-heartily agree with... However, 2% of _world_wide_revenues_ is what concerns me. I'd rather see it phrased as 2% of world-wide revenue apportioned to user base / affected users (affected or not by breach).

Hence, the larger the breach, the larger the fine. I could easily see Company A arguing to US regulators : "We shouldn't have to pay for US users as the EU already fined us for everyone.".

Re:This looks like a failure waiting to happen (2)

V for Vendetta (1204898) | more than 2 years ago | (#38818859)

In the same way that U.S. authorities enforced the warrant against MegaUpload (HK based company, owned by german-finnish citizen currently residing in NZ ...): Uni-, bi-, multiliteral contracts, I guess.

But I fear for our good-but-still-not-enough german laws. I'll bet they'll be watered down to a great degree.

Re:This looks like a failure waiting to happen (1)

V for Vendetta (1204898) | more than 2 years ago | (#38818951)

Uni-, bi-, multiliteral contracts

Erhm ... that's lateral, of course ...

Re:This looks like a failure waiting to happen (1)

houstonbofh (602064) | more than 2 years ago | (#38819295)

In the same way that U.S. authorities enforced the warrant against MegaUpload (HK based company, owned by german-finnish citizen currently residing in NZ ...): Uni-, bi-, multiliteral contracts, I guess.

But I fear for our good-but-still-not-enough german laws. I'll bet they'll be watered down to a great degree.

I would be fun to see the UK extradite from the US for a change...

Re:This looks like a failure waiting to happen (0)

Anonymous Coward | more than 2 years ago | (#38819575)

I would be fun to see the UK extradite from the US for a change...

Then enjoy your flight. Ball-touching compliments of the United States of America.

Re:This looks like a failure waiting to happen (1)

gstoddart (321705) | more than 2 years ago | (#38818967)

It tries to claim jurisdiction over any company that handles the personal data of EU subjects. How exactly do they intend to enforce this over companies that have no physical presence within the EU?

If they target the region, that's having a business there under their jurisdiction. I assume there's a google.fr and a facebook.de ... that pretty much makes you covered under their laws.

And, let's face it ... the USA is extraditing people who committed no crime in their own country and SOPA would have allowed their law to be extra-territorial. Oh, and of course getting the embassies to help push their copyright agenda in other countries.

At least with this, it's telling companies that if they want to do business in the EU, there are legal obligations to safeguard data ... unlike meddling in the laws of other countries, which is just being dicks.

Re:This looks like a failure waiting to happen (1)

Attila Dimedici (1036002) | more than 2 years ago | (#38819163)

Like most people on slashdot, you think of big companies like Google or Amazon or Facebook, but what about a small two or three person startup?

Re:This looks like a failure waiting to happen (1)

gstoddart (321705) | more than 2 years ago | (#38819265)

Like most people on slashdot, you think of big companies like Google or Amazon or Facebook, but what about a small two or three person startup?

If they're receiving and storing personal information, then they need to obey the law. Why should being a small company exempt you?

Google et al are directly gathering more personal information, and, as we've seen [slashdot.org] , they're getting more aggressive about it.

Re:This looks like a failure waiting to happen (0)

Anonymous Coward | more than 2 years ago | (#38819409)

Why, exactly the same way US enforced their law on Megaupload. ;-) If they don't pay, bag all the stockholders and executives in the middle of the night, put them away for life, and confiscate everything...

Gander/goose? (2)

sithkhan (536425) | more than 2 years ago | (#38818759)

Are these same rules going to apply to the EU, the member governments, and municipalities as well? Of course, collecting that 2% would be just book keeping ...

Re:Gander/goose? (-1)

Anonymous Coward | more than 2 years ago | (#38818835)

Of course not. This is just another attempt at cash grab against US companies.

Re:Gander/goose? (1)

buglista (1967502) | more than 2 years ago | (#38819177)

If you look, you will find that all companies operating within the EU are fined for breaches regardless of where they are nominally based.

Re:Gander/goose? (-1)

Anonymous Coward | more than 2 years ago | (#38819223)

Uh huh. So that's why not a single EU company has ever faced fines as high as those levied against US companies? This law is about further cash grabs and nothing more. A true punishment would be suspending their ability to engage in commerce in the region for a period, but that doesn't help to get cash to fill budget gaps.

Re:Gander/goose? (1)

buglista (1967502) | more than 2 years ago | (#38819417)

US fined Siemens (German) $1.6 bn. http://www.guardian.co.uk/business/2008/dec/16/regulation-siemens-scandal-bribery [guardian.co.uk]

EU fines Deutsche Post half a billion Euros. http://www.businessweek.com/news/2012-01-25/deutsche-post-to-appeal-eu-ruling-on-repaying-state-aid.html [businessweek.com]

If you don't want to get fined, don't break the rules. BTW, Korea and other jurisdictions fined Intel for breaking the rules to kill AMD.

Re:Gander/goose? (1)

Spad (470073) | more than 2 years ago | (#38819447)

Yes, yes, we all hate America over here and it's all just a big conspiracy to steal money from your corporations because we're so jealous of them.

Re:Gander/goose? (1)

Spad (470073) | more than 2 years ago | (#38818845)

The existing data protection regulations apply to government agencies as much as anyone else and as far as I can tell, so would these new ones.

Hopefully (1)

Rik Sweeney (471717) | more than 2 years ago | (#38818775)

I really hope this passes. It'll be interesting to see all the stuff that I thought I'd deleted off Facebook suddenly reappear* so that I can actually remove it permanently.

*Apparently FB doesn't actually delete anything and it's just hidden from the user.

Re:Hopefully (1)

K10W (1705114) | more than 2 years ago | (#38818973)

I thought they'd changed that policy now due to many complaining and they actually delete it now rather than put in suspension as they used to. Could be wrong but that was impression I got last time I checked to delete an account.

may go somewhere (1)

K10W (1705114) | more than 2 years ago | (#38818797)

I disagree that this may not go somewhere. Doesn't sound like an opt-in only scheme and there are different ways of enforcing such things that appeal to large bodies. Even if it was pushed in an unavoidable way at country level legislation many groups would find ways of circumventing it if it didn't suit. The reason things work is less to do with it being enforced and more to do with those adopting it see it has something in it for them. Many people are behind such ideas so thats a big plus for many large agencies and business etc etc since adopting something many are asking for can be very attractive even if the actual

Re:may go somewhere (1)

K10W (1705114) | more than 2 years ago | (#38818863)

damn it hit post before finished... even if the actual idea or principle is something they couldn't care less about, if demand or public backing is high enough (which for this IMO it probably is) many will considered adhering to such policies. Eg. you really think most corps supplying organic food produce or fair traded products care about environmental policies or workers rights? probably not but they care about increased profits from tapping a niche, wider public acceptance and support, pretty much anything which improves their image and results in more profit / positive public support.

keeping it regional? (1)

matpod (1156965) | more than 2 years ago | (#38818877)

How can a European Commission decide to charge 2% of the annual worldwide turnover, seems a little above their station...?

Re:keeping it regional? (3, Informative)

SomeKDEUser (1243392) | more than 2 years ago | (#38819015)

It is completely within their remit. The part of the company paying is EU-based, but the fine is calculated based on worldwide activities.

Why would it be? (1)

F69631 (2421974) | more than 2 years ago | (#38819055)

The idea is to create a fine that will actually hurt the companies. If they said X% of the turnover in EU, it would just give companies even more incentive (in addition to tax dodging) to claim their profits are actually from somewhere else.

I'm trying to come up with some sort of logical/ethical/economical/whatever reason for why EU shouldn't be able to fine X% of worldwide turnover but I can't come up with any.

Re:Why would it be? (1)

The Mister Purple (2525152) | more than 2 years ago | (#38819465)

I'm actually encouraged by the idea using a percentage-based fine, since it would avoid the problem of fines becoming meaningless as inflation eroded their impact. Environmental regulations in the U.S. could use some of that, but I won't be holding my breath.

Re:keeping it regional? (0)

Anonymous Coward | more than 2 years ago | (#38819059)

How

By saying so.
If the business wants, they can then say "No." and not pay the fine.
Of course, they'll then not be allowed to do business in the EU anymore

Big Fines can be OK... (2, Insightful)

NotQuiteReal (608241) | more than 2 years ago | (#38818961)

Big Fines should go to the users harmed, not the State. A corporate screw-up should be punished, but the money shouldn't be flushed down some bureaucratic hole.

Also - who is responsible for the fine if the breach is due to "off the shelf" software?

Re:Big Fines can be OK... (1)

tgd (2822) | more than 2 years ago | (#38819051)

Big Fines should go to the users harmed, not the State. A corporate screw-up should be punished, but the money shouldn't be flushed down some bureaucratic hole.

Why do you think these sort of laws are put in place? Laws can be written such that a civil lawsuit can be brought for damages, or they can be written to bring heavy fines. Which do you think a government is more likely to pass?

Re:Big Fines can be OK... (1)

Anonymous Coward | more than 2 years ago | (#38819065)

Fines != damages. Fines are punitive and cannot be covered by insurance. Damages will go to the users, fines go back to the states.

Re:Big Fines can be OK... (0)

Anonymous Coward | more than 2 years ago | (#38819073)

How cute. You think these fines are about something other than filling the coffers of the state. If they really wanted to penalize these companies they'd suspend their ability to do commerce in the region until fixing the issues along with some extra time as punishment. But that won't provide money for them to fill budget gaps with so they won't do that.

Consequences (0)

Anonymous Coward | more than 2 years ago | (#38819009)

In other news, Facebook, Google, et. al. run away screaming like little girls.

Good stuff on the way (1)

Zwerg_Sense (2560833) | more than 2 years ago | (#38819239)

I have been studying this stuff for a while and I must say there is something good on the way Some hints, likes , +1: - it must now be passed through the European Parliament might take long (2 years) but Reding is know for pushing things through, after that we have the 2 years of transition period! - The legislation is very technology neutral, which is good, because it keeps the perspective on the consumer and not on technology. Hence capturing all aspects of cookies, webbugs, flashshit, browser fingerprints etc. - opt/in will be the standard, (and is the only way it makes sense to me) - more precise and transparent privacy notices, not something like "we share information only within our group" .... (btw. we are a giant with 5000 companies) - It might be that the data portability changes the game. If they really adopt formats for export/exchange (which hardly worked in enterpise integration) this can move you from service A to B in theory, weaker lock-ins, more focus on consumer service. lets hope!!

nice one (1)

armandoxxx (2484940) | more than 2 years ago | (#38819241)

finally some good laws coming our way ...

Consent and EULAs (4, Interesting)

Animats (122034) | more than 2 years ago | (#38819323)

One of the important rules is "If the data subject's consent is to be given in the context of a written declaration which also concerns another matter, the requirement to give consent must be presented distinguishable in its appearance from this other matter." In other words, merely consenting to a long EULA that involves transference of data isn't enough. There has to be a separate checkbox to allow redistributing data. EULAs that allow one party to change the terms at any time won't qualify, either.

Red tape and garbage (1, Interesting)

AdmV0rl0n (98366) | more than 2 years ago | (#38819361)

This law simply looks like an empowering of the EU, and giving it the ability to assault companies and organisations. None of which really deals with the issue at all.

This law needs individual assertion. A citizen needs to have the right to have access to their data, and have rights to control it with limited caveats. Only laid out circumstances should exist where someone can hold your data (your employer for example) or government departments (your passport or health records) - and the citizen should have a right to challenge/edit or amend the data. In other cases of data usage (for example on the web, facebook, marketing companies) - citizens should have rights to (at least some of the) money earned from their data, a right to control what is held, and a right to have it removed on request. Where data is misused or abused, the citizen should have a direct route to compensation, with heavy compensation in cases of personal damage, damage to reputation, or so on.

I don't want Vivian Reading to give Facebook a multi billion dollar fine, that gets chucked down the back of the brussels gravy train, screw that for a game of soldiers, they already lose and waste far too much and abuse too much already. No, screw that, I want my own individual rights brought back in line so I at least have a recourse in all cases in terms of my data.

I believe that re-establishing the basics, and allowing a person to talk to an org with laid out and clear rights is a fair re-establishment of a status quo thats been blitzed for too long. I don't want or wish for the EU to gain powers for itself in my name, and to load up taxes and businesses for its own benefit.

All fines and reperations should be between the individual and the company that makes or causes the breach, government should not get its foot in there handing out red tape and crippling laws for its own benefits and empowerment.

Another Tax (0)

Anonymous Coward | more than 2 years ago | (#38819367)

Everyone wants to be secure... no question. However, where do the fines go? To the government? This will just cause a 2% hike in all products and services. Companies factor these costs in to there prices. Enjoy the increased cost of goods to pay for more political power... no scandal here people, move along. As far as fines and damages are concerned, the majority will not go to users or states, they will go to the class action lawyers and governments.

Not all bad (1)

englishknnigits (1568303) | more than 2 years ago | (#38819559)

The 24 hour security breach notification and stiff fines sound like a good idea. Punishing abuses, fraud, and negligence are one of a governments primary responsibilities. I'm also for forcing companies to disclose more information that potentially involves harming people (loss of private data, pollution, etc.). I'm not such a big fan of the mandatory officers and inspections. If you make the penalties big enough and force them to own up to their failures companies will determine how to achieve adequate levels of protection on their own. As always, companies/people will follow the incentives/disincentives.
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...