New EU Legal Privacy Framework: We're Not Kidding 243
An anonymous reader writes "Viviane Reding, Vice-President of the European Commission announced today a new regulation for data privacy in Europe (PDF) in replacement of a 1995 Directive. Recently, privacy laws have been under a lot of criticism for their practical inability to ensure a high level of protection to EU citizens. The new data privacy framework will bring a lot of changes: 24 hours security breach notifications, mandatory security assessments, end of notifications to local data privacy agencies, mandatory data protection officers and huge administrative fines: up to 2% of the annual worldwide turnover (that would have meant $1.2 Billion for Microsoft in 2008). Indeed that's 'the necessary "teeth" so the rules can be enforced.'"
Re:So... (Score:4, Interesting)
Totally agree...this idea that businesses shouldn't be held responsible for their actions (or inactions) goes back to the business "revolution" of the 70s...the professional manager who operates without ethics, and who's only allegiance is to the shareholder (or their own salaries/bonuses)...it's about time governments started standing up for their citizens again....sign me up too!
O2 (Score:4, Interesting)
Re:So... (Score:5, Interesting)
No it can't just be ignored. If these laws pass, every EU country will be forced to implement them. The European Commission has very sharp teeth indeed on stuff like this, and does not take kindly to companies trying to ignore its rules.
Yep yep.
As a US citizen now thoroughly ashamed of my society's behavior (esp. regulatory capture, as well as the all-classes corruption of the housing bubble), this news is the first time in my entire life that European society has seemed superior.
It is quite a moment for me, coming as it is at the tail end of twenty years of staunch libertarian patriotism.
Re:So... (Score:5, Interesting)
As a US citizen now thoroughly ashamed of my society's behavior (esp. regulatory capture, as well as the all-classes corruption of the housing bubble), this news is the first time in my entire life that European society has seemed superior.
The first time ever? That's incredible.
Europe and the US have different views (to varying degrees) on many topics. Money, commerce, society, art, sex, the poor, the rich, military, environment, privacy, citizen rights and restrictions, punishment, education, transport, sport, patriotism, police, tax ...
Pick any one of those and I'll be able to describe things I like about Europe (and dislike about America), and vice-versa.
Re:So... (Score:2, Interesting)
That would be interesting... Any company that has 3 data breaches in a 5 year period gets a year ban from the internet.
Consent and EULAs (Score:5, Interesting)
One of the important rules is "If the data subject's consent is to be given in the context of a written declaration which also concerns another matter, the requirement to give consent must be presented distinguishable in its appearance from this other matter." In other words, merely consenting to a long EULA that involves transference of data isn't enough. There has to be a separate checkbox to allow redistributing data. EULAs that allow one party to change the terms at any time won't qualify, either.
Red tape and garbage (Score:2, Interesting)
This law simply looks like an empowering of the EU, and giving it the ability to assault companies and organisations. None of which really deals with the issue at all.
This law needs individual assertion. A citizen needs to have the right to have access to their data, and have rights to control it with limited caveats. Only laid out circumstances should exist where someone can hold your data (your employer for example) or government departments (your passport or health records) - and the citizen should have a right to challenge/edit or amend the data. In other cases of data usage (for example on the web, facebook, marketing companies) - citizens should have rights to (at least some of the) money earned from their data, a right to control what is held, and a right to have it removed on request. Where data is misused or abused, the citizen should have a direct route to compensation, with heavy compensation in cases of personal damage, damage to reputation, or so on.
I don't want Vivian Reading to give Facebook a multi billion dollar fine, that gets chucked down the back of the brussels gravy train, screw that for a game of soldiers, they already lose and waste far too much and abuse too much already. No, screw that, I want my own individual rights brought back in line so I at least have a recourse in all cases in terms of my data.
I believe that re-establishing the basics, and allowing a person to talk to an org with laid out and clear rights is a fair re-establishment of a status quo thats been blitzed for too long. I don't want or wish for the EU to gain powers for itself in my name, and to load up taxes and businesses for its own benefit.
All fines and reperations should be between the individual and the company that makes or causes the breach, government should not get its foot in there handing out red tape and crippling laws for its own benefits and empowerment.
Re:data location? (Score:2, Interesting)
In most of Europe, we don't vote for judges. They are appointed and are quite immune to lobbyists. Also, most of Europe has a civil law system, and under that system, the laws do not get "interpreted" by the judges...
It is a bug of the American system that judges are affected by lobbyists and get to decide what laws mean. This doesn't mean our system is better. This is just a bug we don't have.
As a point of fact, at the federal level and in many states judges are not elected. Instead they are appointed (by someone or some group that was also elected), and are basically set for life.
Depending on the jurisdiction involved (varying states or the federal justice system), they either have lifetime appointments or appointments to a mandatory age of retirement.
Some jurisdictions allow for the removal of judges based on the quality of their work (i.e. a judge who made *many* *very* *boneheaded* decisions may get axed, but only in some states), but most only allow for their removal because they had committed a crime in office.
In these systems, the only lobbyists are legal counsel for the prosecution and defense, as it should be.
Re:So... (Score:4, Interesting)
I'm in risk management. The fine is pretty much already a deterrent, or rather, it's a good incentive to invest a few bucks in security.
Security, or rather, anything related to heeding a law in a company, is a game of chances. What's my gain to break the law (or ignore it), what's the cost of the fine and how likely is it to happen. These are, in a nutshell, the things I deal with on a daily base. Yes, laws and following them is not a matter of "being good" or "doing no evil". It is simply and bluntly a matter of cost and benefit.
2% annual revenue as budget is a wet dream for security and risk management. And while we won't get it (not by a longshot), we can now easily argue with the increased monetary risk when it comes to the question whether and how much investment is necessary for security.
Re:Here's mine (Score:5, Interesting)
Every time I see that measured, it consistently shows the US having the least social mobility of all developed nations. For example, here: http://ftp.iza.org/dp1993.pdf [iza.org] and http://wrap.warwick.ac.uk/81/ [warwick.ac.uk]
I do often see the claim that the US has an advantage here, but I have never, ever seen it backed up, while I have seen the counterclaim backed up.