Forgot your password?
typodupeerror
China Government Privacy Your Rights Online

New Privacy Laws In Asia May Cripple Data-Centric Outsourcing 98

Posted by timothy
from the death-by-a-thousand-permission-slips dept.
bizwriter writes "Think privacy issues are a pain when they affect consumers? Get ready for the grandfather of all corporate computing headaches. Big privacy-law changes in India and China are about to turn data-processing outsourcing into a hurdle-leaping, paperwork-generating mess."
This discussion has been archived. No new comments can be posted.

New Privacy Laws In Asia May Cripple Data-Centric Outsourcing

Comments Filter:
  • by thsths (31372) on Sunday May 15, 2011 @06:41AM (#36132366)

    Maybe, but I think the EU should have done this long ago. The "safe harbour" regulation, where companies in the US promise to stick to EU law, is not worth the paper it is written on. Of course the NSA, FBI, DHS and some other three letter agencies have access, and maybe even more people.

    The only way to keep data safe is to keep it under one jurisdiction. It is a sad state of affairs, but it is an accurate description of reality.

  • by jbolden (176878) on Sunday May 15, 2011 @06:48AM (#36132378) Homepage

    Yeah I think that's great. Indian outsourcing companies are basically making it hard for companies to ever get their data back. So either they will need knowledgeable staff in the USA to pull all their data off the Indian systems or it stays in India forever.

    Good. About time US companies realize, make India your IT center you are subject to Indian IT law.

  • by yacc143 (975862) on Sunday May 15, 2011 @08:55AM (#36132854) Homepage

    Well, while it seems to have superficial differences the Indian law (as described here) is rather similar to the EU data protection directive.

    Tiny issues include:

    - the form of the consent. One has to see how that is being handled, but consent to handle personal information is required in the EU too.

    - some issues are also around what is a person-linked information. IPv4 addresses are ruled sometimes so, sometimes not. IPv6 addresses almost for sure will be person-linked. Did I mention that in practice Apache's default configuration is illegal? Notice how the EU has forced most (even US-based) ad networks to work around that by at least masking the last byte of the address.

    - The right to know what a company stores about you, where it got that information from, and to correct wrong entries is rather natural. Depending upon where you ask in the EU data protection is considered either law, constitutional law, or a basic human right.

    - The only thing that has made this in the past "easier to ignore" is that the EU considers US companies that pledge to keep their laws to be legal targets of at least some personal information. (Notice that EC2 expanded first with data centers into the EU, because of data protection laws in the EU).

    - Notice that gmail/gapps are illegal to use (at least businesses) in a good part of the globe. E.g. even Canadian entities have decided not to use Google's offerings because of Canadian privacy laws. Basically the US approach of NO privacy (or actually privacy only in some niches, like HIPAA) is costing US business revenue. It will only get worse with time.

  • Re:Blah (Score:5, Interesting)

    by yacc143 (975862) on Sunday May 15, 2011 @08:59AM (#36132872) Homepage

    Well, look at it like this, when such laws become standard around the globe, and for example the EU decides to reject the US-EU data safe heaven idiocy, US businesses will overload the phone system in DC to get such laws in the US too, because more and more revenue will be lost, because it will be simply illegal to use an US provider to do anything related with personal data. Until this happens I guess nothing will happen in the US on this front.

The speed of anything depends on the flow of everything.

Working...