U.S.-E.U. Data Privacy Deal Near 83
Duckie01 writes: "There's an
interesting report
about a deal being made between the European Union and the U.S. concerning companies collecting customer information on the Web. Right now privacy protection under EU laws is much stricter than under U.S. laws. With this 'Safe Harbor' deal, companies that choose to comply are to police themselves. Can you say 'sellout' and 'conflict of interest'?" In other words, says
EPIC,
"the fox guarding the hens." The pact must still be approved by the European Parliament.
Re:General Questions I have (Score:1)
Within the current situation - yes.
As you have observed, it's basically related to urbanisation. Within a small, local community there is very little *need* for privacy. Anyone who makes a pest of themself to other people is quickly hauled into line by the social pressure of the other members of the local community.
This breaks down in the urban environment where you can move around amongst large numbers of people. Essentially it means that you can act like a jerk in one place on the other side of the city and people have their work cut out for them tracking you down.
The internet takes this to an absurd degree.
Some would argue that the solution is transparency - the end of all privacy so that accountability for ones actions is restored.
Where this argument fails is that there are ( and arguably allways will be ) holes in the system that can be used by a minority ( ie; the ones with the money and the resources to find them ) to escape from scrutiny.
So essentially transparency boils down to the formation of a "privacy underclass" while the rich and powerful continue to do pretty much whatever they want.
This is why privacy must be maintained at all cost at this point in time and why people must be educated to maximise their privacy even if it means giving up a few freebies. Once a "privacy underclass" forms, it's going to be even harder to stop the "privacy elite", since they can just steal someone else's identity for their own use.
Hence, we must not only fight for our own privacy, we must insist that it is a "right" that everyone is entitled to. Privacy must be universal and it must be egalitarian.
You might be strangling my chicken, but you don't want to know what I'm doing to your hampster.
Re:General Questions I have (Score:1)
If so, then this might not fly for very long
Re:More information (Score:1)
I see somebody is playing with Cross Site Scripting (well, same site really).
WARNING: DO NOT CLICK ON THAT LINK (Score:1)
Moderators: please moderate the parent down and any that have links to http://hobbiton.org/~zk65/wow.cgi
Thanks very much
Re:Communications Privacy (Score:1)
More information (Score:1)
More information (Score:1)
Re:Stoppable? (Score:4)
HA HA ha ha ha ha ha ha Ohhh ho ho ho ho ho tee hee heee heee *splutter* Oh my sides Ho ho ho ho ha Ha ha ha ha ha.
You don't live in Europe do you? The European Parliament is in some fashion amenable to corruption, large expense accounts, glorying in its own power and self importance and congratulating itself on being the driving force of the amazing new wonderful federal Europe.
That said, they sure don't like the U.S. because the EU to some extent defines itself as being not American. So yes, they may well put up a fight, and I hope they do, but don't for one moment think that it's because they listen to public opinion!
Re:Communications Privacy (Score:1)
OFCOURSE this would be legal! It's the data miner that asks the little daemon for its cookies without the owner's permission, and the daemon happily hands out those cookies - it's not at all illegal to give false information. How can it possibly be illegal to broadcast garbage information across the internet for semi-legal data miners to choke on? What could they do about it? Whine that the data they collect in such a controvercial way is false?
Doing this is rather similar to leaving a car unlocked as bait to catch car thieves, or putting up a box with a few juicy security holes and back doors as bait for script kiddies and other crackers.
)O(
the Gods have a sense of humour,
Re:How do you feel (Score:1)
That's not entirely true. First, it also has impact on companies in the USA doing business with consumers in the EU via the web.
The agreement makes the company responsible while they would gain "safe harbor" from prosecution or lawsuits by EU governments.
I read that as: "You can do what you want with my personal data and I can't do a damn thing about it". If they're responsible, give me the right to file a complaint. That's not too weird, is it?
Re:General Questions I have (Score:1)
If you live in the union.
Re:Communications Privacy (Score:1)
What I'm wondering (Score:1)
If so can I sue doubleclick.com & friends? :-)
Ah well, maybe turning off cookies helps a lot too...
General Questions I have (Score:4)
Ordinarily, I'd hope that the European users, having a clear choice between privacy in Europe and blatant abuse in the US, would avoid American sites, and send a strong message that American companies might understand. I tend to favor free market solutions, and this might stand as a backup if we don't succeed in regulating US companies in their use of a commodity that does not truly beling to them: our personal info and patterns.
However, as a practical matter, it's not always easy to know when you're dealing with an American company:
I suppose that a privacy leak anywhere is a threat to privacy everywhere.
The fact that far too few people fully appreciate their privacy, or personal info protections, can only make things worse. It would hardly be the first time a right ot privilege was not appreciated until it wa attenuated or gone.
However, I must say that, privacy advocate that I am, I am still troubled by a paradox I've never been able to resolve: is privacy fundamental? Keep in mind that "urbanization" is a relatively ne phenomenon -- until the Great Depression (or a little later) most Americans lived in small towns or rural environments (I presume Europe was similar) and people rarely moved, compared to today. In a small town, a lot of what we now consider basic privacy was impossible. "Everyone knew your business": your salary, work history, the embarrassing things you did in third grade. Perhaps this is why our Founding Fathers did not address 'privacy' in the Constitution, though they seem to have a prescient awareness of other crtitical issues
Perhaps the key is that the companies buy, sell, and use *our* information anonymously. They do not tell us exactly what they do, nor do we have any right of consent. Once the information is 'out', it is considered "their" property, not ours.
Still, "privacy" is an important concept, if only because it is a major legal tool (in the American system) for defending and arguing for rights that were not mentioned in the Constitution, partly because wholesale violation was unthinkable before today's mindless technology evolved.
------------------
"Dum spiro, spero. Dum vivimus, vivamus."
(While I breathe, let me hope. While I live, let me live)
Privacy (Score:2)
Privacy/Commerce laws seek to ensure that people's personal information does not become a negotiable item, a commoddity. It's not supposed to be. It's wrong.
If you give your name at Blockbuster.. they have the right to know some things about you. Specifically, your name and address and other proof of identification so they can find you when you dont' return their property. This is fine.. nboody disputes this.
But.. when you give them this information, you naturally assume that this is the only reason you are giving them this information. (well.. today people assume other things.. but they have been brainwashed into thinking this is acceptable).
Under EU privacy laws, such information gathered in order to complete a business transaction may *not* be used in *any* way other than to complete the sale at hand. This is great.
Re:Privacy second to Money (Score:2)
When the electric company guy comes to the door saying that it's time to pay the bill on the spot or get disconnected, he informs me that he 'cannot accept cash, only cheque or credit card'.
The telephone company office is the same way.. they won't accept cash at their head office.
Many hotels and motels, especially (strangely) some cheap ones won't let you stay without a credit card. You can't rent a car without a credit card.
Let's look at the hotel too... I find it funny.
If you stay at the hotel.... they get your credit card presumably so they can 'charge' you for things you might otherwise not pay for. Well.. surprise surprise.... they can't really do this ultimately. Whether it's cash or charge, your agreement is absolutely *required* in order to pay. Just like fine print on porn sites.. if they have deceptive agreements, you can dispute it at the credit company.
Re:The next step in dealing with privacy (Score:2)
People come first. Business exists to serve people.
Laws exist for the betterment of society, not for the betterment of business.
Re:Privacy Crumbles (Score:2)
Yep.
Companies will sell you software to help violate someone else's privacy, and software to protect your privacy, which means that privacy itself is for sale.
Nope. Just because tools for for invasion/protection of privacy are being sold, does not mean privacy itself is being sold. I could download some, say, nasty sniffer software, and I could download some military-strength encryption software. Does this mean privacy is being downloaded?
Unless protecting my privacy becomes profitable, companies will sell my details to the highest bidder.
They most certainly will.
This leads to the question: is there a way to guarantee that it is in Company X's best interest to protect my privacy?
Why should that be so? Why should company X be concerned about your privacy? You are not in the business of protecting the privacy of your next-door neighbor, and company X is not in the business of protecting your privacy. Your privacy is your own concern -- if you care about it, you can protect it.
I don't want anybody to protect my privacy -- but I want tools and rights to do the job on my own.
Kaa
Objections to privacy as a natural right (Score:4)
That's a common objection to privacy as a right -- "we didn't have any before urbanization". It has a bit of validity, but not much. Some problems with it:
(1) Just because something hasn't always been a right does not mean it's not what we consider a "natural right". For example in ancient Greece personal freedom was not a basic right -- you could become a slave by being captured, by not paying your debts, etc. In medieval Europe (and in the Soviet Union until early 90s, that's 1990's) people could not freely change their place of living, though most American consider the right to settle anywhere to be a "natural right".
(2) Even if you had no privacy against other inhabitants of your village, you had privacy against the world. A stranger coming into the village and asking about you would gain little information. Compare to contemporary situation where anybody with the right tools and access can get what's available.
(3) The village's information-gathering system was highly imperfect. Some information was known by all, some by few, some by nobody. Yes, everybody knew what you did and how much you made, but goings-on inside the house were generally private. Nowaday the ability to concentrate information in one place is much higher.
(4) The village's storage of information was short-term. Human memory is selective and lossy. Nobody remembers your third-grade grades or the fact that you were expelled from the class five times for being disrespectful to a teacher. Compare to now -- databases never forget.
(5) The villagers would not generalize about you because they had too little information about people like you (and too little processing capability, too). Today it's perfectly feasible to make the following chain of connections: "This guy buys a lot of red meat and butter and we see no gym payments anywhere -- we know that statistically such people die early from heart disease -- so let's target this guy for cholesterol-lowering medication and raise his life insurance rates".
So, no, "we all lived in villages with no privacy" is not a good argument.
Kaa
Re:Stoppable? (Score:1)
(!USA && !Canada)
then
How about class action suits (Score:3)
In effect this privatises the enforcement side. All it takes is a few lawyers who make a practice of signing up for things under false names and tracking the resulting spam. When they find a violation they can sue and pocket a fee.
This leaves open two issues:
Paul.
Another (real) article on cNet (Score:1)
Luckily, under the proposed regulations congress is looking at, the cgi script kiddie would be locked up for 20 years.
Oh, you don't think that's lucky? Well, since noone is complaining to their elected officials (and they screen you out if you don't gave name, address, and phone) you don't get any say in the matter. We already sold your privacy rights in the US, and now we're going to sell the privacy rights of all EU citizens.
What ya gonna do about it, cypherpunk?
Re:Most People Don't Care (Score:1)
EZ
-'Press Ctrl + Alt + Delete to log on..'
Re:Most People Don't Care (Score:1)
If you do not trust the programs to abide by their bargain, their are safe guards that you can seek. First, are third party seals that guarentee privacy policies. You can investigate into the seal programs as well:
- Some only collect complaints
- Some only seek a promise of compliance
- Some perform periodic audits and report either:
(1) Transgressions from promise
AND/OR
(2) Potential security violations
Their are some regulatory standards as well. Programs that are tied to a financial instrument or involve banking institutions are going to be affected by Gramm-Leach-Bliley, and some provisions of the Fair Credit Reporting Act (particularly regulation E).
The FTC has recently tried to position itself to do oversight, but that has met with "big brother" style flames.
As for the mini-disclaimer, I do have two clients that participate in this space. I do not think nor intend to market their services. I have spent some time collecting information for online privacy, particularly consumer rights. This has been both for business and academic purposes.
Re:Privacy Crumbles (Score:1)
If Company A offers me a $##load of money to track my spending habits, explains to me that they will use this information to develop an XYZ profile, will not use this data for any other purpose, and will destroy the data at X period of time, then it becomes my choice as to whether I want to enter into a contract. This is not very different than what Nielsen does to compile ratings, and is how most market research companies operate.
Consumers major fears are that Company A will breach their agreement, or worse yet, assume that they have this right implicitly without disclosure. Consumers lack an oversight mechanism, and it would be very costly and timely to pursue a claim. IMHO, the mechanism that protects the consumers will be one of the major policy questions of the next few years.
The EU clearly codifies that the later right does not exist, and demands disclosure. The "safe harbor" debate mainly was EU protecting their consumers against businesses gaining this right through common law. (Per other post, the US has codified the rights and responsibilities for financial institutions and using information for credit reporting; however, all other businesses could claim that it was the other parties duty to create limitations/rights in the contracting language).
Privacy will be/is a commodity, much the same as speech is a commodity. You can freely negotiate "gag" provisions. I doubt the US government will ever restrict the freedom to disallow a user from being able to contract away this priveledge. Selling your Pokemon purchase may never be as dangerous as selling a kidney. IMHO, it would be more advantageous to have more Gramm-Leach-Bliley/FCRA style legislation that require disclosure, or prohibit businesses from seeking this right as a mandatory contract provision.
Re:Who's At Fault? (Score:1)
I'm not sure that I totally agree. You could use a third-party to process the data. The third-party could maintain the "safe-harbor" status as its certain to evolve and create about the same type (although maybe not magnitude) of cost as maintaining banking regulations. The third-party could disclose the information it would reveal to the US company, and mask all other data.
The US company could be insulated from direct action under certain circumstances. If they didn't have privity of contract with the person whose data was being released, and they were not negligent in choosing the company/processor any claim against them would be tenuous. They wouldn't be liable under respondeant superior, and they have not breached any contract with the consumer. If their actions were deplorable, they might get "third-party" contract status, but this would be an exception rather than a "deep pockets" rule.
I am interested if you have alternative thoughts. I am trying to explore this further for professtional and academic reasons.
Re:Communications Privacy (Score:1)
Re:Communications Privacy (Score:2)
Why would you ever think that it hasn't?
Of course it has. Licensing commercial entities to bypass the Bill of Rights, and then granting Law Enforcement the ability to access such "public" information, is part of a strategy to bypass constitutional protections which limit police powers.
After all, the US Constitution only applies to restrict the actions of certain governments. If the Feds can't do it, get the states to; if the states can't, get the feds or a private corporation to do it; if all else fails, rely on "anonymous" tips (that is, do the illegal wiretaps, as in the decades-long illegal wiretap system in Los Angeles). Any surveillance target that complains has clearly got something to hide, and likely less money than any govt or corporation to throw into the legal system ...
The US has police state tendancies, which are increasingly showing clear and strong. J. Edgar Freeh is watching, be careful.
Re:Privacy Crumbles (Score:1)
OK, so maybe its a little off-topic, but I think that it is a natural progression when one thing after another becomes a product instead of a legally protected right...
Re:Most People Don't Care (Score:2)
//rdj
Re:What I'm wondering (Score:2)
//rdj
Re:Most People Don't Care (Score:2)
//rdj
Re:Privacy constraint hampers EU eCommerce (Score:2)
//rdj
Re:Which is better? (Score:2)
So we're just damned if we don't.
//rdj
Re:Privacy constraint hampers EU eCommerce (Score:2)
There. simple, isn't it.
//rdj
Re:Hmm.... (Score:1)
Hmm... off to Africa I go!
Yes! There is some very 'out of the box' thinking [techweb.com] going on in Africa these days!
======
"Rex unto my cleeb, and thou shalt have everlasting blort." - Zorp 3:16
Privacy Crumbles (Score:4)
The U.S. Commerce Department favors this type of industry self-regulation, and President Clinton, together with EU officials, lauds the accord as a milestone in international e-commerce that will encourage economic growth.
The words e-commerce and economic growth should be emblazoned in red. Note that the word privacy does not appear in this paragraph. Privacy isn't important in the world of e-commerce, unless it is a product unto itself. Companies will sell you software to help violate someone else's privacy, and software to protect your privacy, which means that privacy itself is for sale.
The only interest of a commercial company is self-interest. Self-interest equals profit. Unless protecting my privacy becomes profitable, companies will sell my details to the highest bidder.
This leads to the question: is there a way to guarantee that it is in Company X's best interest to protect my privacy? Can public pressure and the threat of diminishing sales make all companies champions of privacy, hypocritically or otherwise?
If not, I see privacy crumbling before our eyes.
Lobby the EP!!!! (Score:1)
So Euros, call your MEP!!!!!!!!
ostiguy
In related news... (Score:1)
FTC Calls for Privacy Legislation to Protect Internet Users. On May 22, the Federal Trade Commission (FTC) released a report (PDF) on the results of its latest survey of website privacy policies. The survey documented that only 20% of a random sample of websites addressed basic elements of Fair Information Practices. Based on the findings of the survey, a majority of the FTC Commissioners have recommended [ftc.gov] that legislation is needed. On Thursday, the FTC will formally present its findings and recommendations in front of the Senate Commerce Committee [senate.gov]. EPIC's latest survey, "Surfer Beware 3: Privacy Policies without Privacy Protection" [epic.org], also found that self-regulation provided an inadequate level of online privacy protection.
I just hope the EU doesn't fall for the same bait as did TrustE. Self-regulation isn't.
Sreeram.
----------------------------------
Observation is the essence of art.
How do you feel (Score:2)
Without this agreement, companies in the EU would have some difficulties in doing ebusiness with the US. This agreement just allows US companies in the EU to export data from the EU, even tho they are recognised not to meet EU standards.
In effect, they are saying 'what you are doing does not meet our minimum requirements, and normally we would prosecute you, but since you're a US company, we'll let you off if you promise to be good'
It was noted in another article that other countries, like Japan and Australia, would not get safe harbour status so easily. I'm not sure if their standards meet the EU laws anyway, but it would be interesting how their gov'ts react if they don't get a similar exemption quickly.
---
Re:Most People Don't Care (Score:2)
Can you? Whenever you shop with the card, they have the list of items you bought. From the number of condoms, they can figure out how often you get laid. And if you buy hemorrhoid medication, they can draw their conclusion as well. And don't forget what kind of information they can infer from your book purchases.
no name, age, sex, whatever.
Well, as soon as you use your rebate card together with your credit card, they have your name too. It's a lot like cookies actually. Cookies are also just a number. But as soon as you fill in your personal data into an online form on the Web which leads to a page with a doubleclick ad, then doubleclick has the data too, and can now put a name on the number.
Re:Privacy Crumbles (Score:1)
This leads to the question: is there a way to guarantee that it is in Company X's best interest to protect my privacy? Can public pressure and the threat of diminishing sales make all companies champions of privacy, hypocritically or otherwise?
Sure. Only give your information to entities that promise to protect the privacy of the information.
Or not... I sometimes give out information to entities because I expect them to share it and it could lead to contacts for mutually beneficial commerce.
-Jordan Henderson
Re:Communications Privacy (Score:4)
To extend the idea a little further, maybe there are other ways to flood DoubleClick and collectors of private information with fake data. Maybe some kind of distributed system where people set up little daemons that run in the background, pretend to be surfing, but are really just sending cookies designed to destory the integrity of their data. Would this be legal? hmmm...
numb
No more than 20% (Score:1)
Privacy second to Money (Score:1)
Maybe it's time to fight this privacy thing with bad data. Both my wife and I give out a wrong phone number without even thinking about it. I don't use my real e-mail address on any commerce related sites (unless I order something), and feel more and more like using cash for all my transactions.
Of course, the day may come where giving out false information may be illegal in nearly every case.
Re:General Questions I have (Score:1)
Can I take the European Union to court for failing to protect my right to privacy
IANAL
No. We (in the UK) have no right to privacy, as we have no defined "rights" to anything, in the way that these are clearly defined in the USA. What we have instead is a set of laws on data privacy (and they're not a bad set). If a company breaks them, then we may have a case against that company. -- Although if they're a US company, then we may not have a case anyway, as they can dodge on the basis of the EU jurisdiction not being applicable to them. What we don't have is a case against our governing bodies. This is in the same way that if we were mugged, we'd have a case against the mugger, but not the government for preventing it.
Privacy constraint hampers EU eCommerce (Score:1)
I'd hope that the European users, having a clear choice between privacy in Europe and blatant abuse in the US, would avoid American sites,
I'm a UK-based eCommerce developer. How should I develop my site ("Orinoco.com") when my main US-based competitor can do sophisticated CRM to up-sell related products and offer recommendations, but I can't ?
I don't think there's any hope of a boycott. We don't (most of us) boycott Outlook, despite Melissa, and we don't boycott Amazon over patent issues. Very few users will support a boycott when the most obvious effect is to reduce their apparent functionality
I'm in favour of privacy, but I also like good CRM systems that recommend useful books to me. The UK DPA (Data Protection Act) is far too blunt to distinguish between "helpful" CRM and intrusive "snooping" (mainly because those subjective terms are just that, subjective). We don't just need another legal framework for controlling personalised data and its security, we need some mechanism that allows the identified person to specify, at time of collection, how much data may be collected and what may be done with it in the future. This is an issue as complex as inherited rights management....
Have you seen the complexity of P3P and APPEL ? Now those are privacy issue implementations by smart geeks, not by lawyers. If we ever produce a workable legal framework that can distinguish between "good" and "bad" data, then it will be hugely complex.
Re:Privacy constraint hampers EU eCommerce (Score:1)
ask the one whose data you want to use. It's clear, it's simple, and it's fair
It's fair, but it's far from simple. Current state of the art can barely pose the question (This is what APPEL [w3.org] addresses) and it certainly can't offer P3P [w3.org]-enabled products to people building sites today.
If I browse to a site that claims to request data for one purpose (that I accept) and then does something unacceptable with it, then I have little redress under the current DPA. The DPA simply doesn't account for the situation where I might make a per-visit choice about how much information I want to offer, and the purposes for which I understood it would be used. The DPA just sees "data" and doesn't distinguish much between purposes. Claiming that I'd only offered my data on the basis of a particular offer (we'll use it for X, but not sell it on for Y) gets into per-issue contract law and outside the DPA remit.
Re:Most People Don't Care (Score:1)
Nothing wrong with demographics....I'm happy for people to collect general info from my shopping (for one thing it makes sure they don't run out of what I want) but it's when they tie it to me personally I would be worried. And as someone here said, in the UK the Data Protection Act stops them doing that without explicit permission from me. And I haven't given it...so I feel fairly safe.
Re:Most People Don't Care (Score:1)
------------------------------------------
If God Droppd Acid, Would he see People???
Fox: 1, Hens: Zero (Score:2)
Re:Privacy Crumbles (Score:1)
See this is where I start to have some problems with legislation and regulation.
I think it is hypocritical to support free speech, even so-called 'freedom of information' stuff that many
I argue that it is not any government's responsibility to 'protect' your privacy. The same way its not their responsibility to to tell you what you can and can't say, do drugs, or where to get your medical coverage.
Many
And as a consumer you absolutely have the ability to sway, or making privacy in the best interests of corporations. I think that privacy agreements are already adding a lot of value to b2c web sites, etc. So its an excellent point, and if you value your privacy it is important to vote with your dollars, and let the merchants know why you bought from them.
-k
Re:data mining effectiveness (Score:1)
Okay, I realise that using doubleclick type methods results in accurate data, but what are they doing with this data? Nobody is being particularly choosy about who to send spam to, and nobody is making their web pages dynamically adjust to target me. The only useful purpose is to draw correlations so that they know who to target. For this they don't actually need to know who I am.
Re:Most People Don't Care (Score:1)
The data protection laws prevent them from doing this without your permission. European laws on this are really quite strict.
Re:Most People Don't Care (Score:1)
Re:Stoppable? (Score:2)
To summarize, the European parliament is too corrupted to be corrupted.
Who's At Fault? (Score:2)
Stoppable? (Score:2)
One would presume that the European Parliament is in some fasion amenable to public pressure, especially when an issue like this is likely to to generate a considerable outcry. But then again, a quick check gives me the suspicion that the Parliament is mostly controlled by (admittedly, European) business concerns. After all, in the last couple of months, we've had major decisions that relieve agribusinesses of liability related to genetically modified foods, and another ordering EU member nations to lower their trade barriers (to British chocolate products, in this case).
Now, this could go either way, in my view. (Mind you, I'm hardly an expert in European politics.) On the one side, you've got the big companies with American counterparts, arguing for this policy. On the other side, there are European companies who don't want to be at a disadvantage relative to the partnered companies. So, who knows which way this could go ... though I'd tend to suspect inertia and American pressure will probably push this one through.
Too bad, I was kinda looking forward to the Europeans cracking down on American companies with European partners and lax privacy policies.
Similar thing going on with software patents (Score:1)
In both cases it seems like the slightly more well thought out European standards are trying to be dragged down to US level, most probably by corporate interests.
Fortunately it seems like there is some resistance building both in Europe and in America. One can only hope that common sense will prevail.
data mining effectiveness (Score:1)
Which is better? (Score:1)
Self or Government Regulation?
Self regulation equates to: if it's going to cost me (the business owner) money, then it's going to be cheap as hell; Customers will have to pay for increased privacy.
Government regulation: add 5 parts red tape with 1 heaping tablespoon of buearocratic non-sense and beat until e-commerce is dead.
We're damned if we do...damned if we don't!
dc!
--
Re:Which is better? (Score:1)
No, but rather a business will not be looking out for your best interests unless it's free or they can make money off of it.
dc
--
Re:General Questions I have (Score:1)
IANAL
There are actually two European courts: the European Court of Justice, which is the EU's court and enforces EU law. If a privacy agreement between the EU and the US was in conflict with EU law, you could arguably take them to court there.
The other court is the European Court of Human Rights. This is totally separate from the EU, and is based on the European Declaration of Human Rights promulgated just after WW2. (I believe that it pre-dates the EU). Any citizen of a signatory nation can either bring a case to this court (after exhausting due process in their own country) or plead that an action conflicts with the Declaration (towards the end of this yaer the declaration will be incorporated into UK law, thus allowing this to happen)
Paradoxically, although all the EU's members are signatories, the EU itself is not, and thus EU action cannot be challenged here, though if any nation attempted to enforce such an EU action, it could be held in breach.
There is a privacy clause in this Declaration, which could conceivably be used here, and the whole declaration is in admirably simply and non-lawerly language.>/p>
Mark Austin
Now and ever illegal (Score:1)
...
For the time being, the EU is letting U.S. companies continue to export personal data from Europe. But in an effort to avert a potential trade war, the two sides began negotiating the issue two years ago.
...
The accord offers privacy protection deemed adequate but not equivalent to current EU law.
Okay, so the EU has certain standards that they have been ignoring until better guidelines came along. Now they are passing guidelines which are admittedly not up to standards, but they are lauding them as the panacea. Moreover, they will be trusting corporations like we do here in the U.S. And of course the article goes on to list companies who are already trying to exploit the situation...
IMHO, privacy in the hands of corporate America is a sad joke. If it were not, people would not have to put NO SPAM obfuscations in their email addresses. Every online transaction I personally do, I elect against all spam (you know the ubiquitous "don't spam me" checkboxes). Despite that, I am spammed mercilessly, probably like other
I see no way in which this action by the EU is not a sellout. Just my two coppers.
-L
Re:How about class action suits (Score:1)
"Unsolicited spam mail causes my client extreme frustration and hyper-acidity. Here are his medical bills for ulcer treatments."
"Unsolicited spam mail makes my client feel powerless, and this feeds back on his libido. Here are his bills for Viagra."
And finally...
"Unsolicited mail led my client to believe that he could become part of a class-action lawsuit bonanza in which he would own a portion of your company valued like a Powerball lottery payout. Here are the bills for his heart medication."
-L
And why not EU becoming an US colony ? (Score:1)
- The US gov, the one-which-cannot-finish-the-Microsoft-antitrust-c
- The EU gov, the one-willing-to-be-"protected"-by-the-overhelming-
Do EU representatives really need so much money as they are talking about such silly thoughts ?
Now privacy, perhaps tomorrow military affairs and ASAP selling childrens to The States ?
An angry EU citizen.
----------------
Communications Privacy (Score:4)
Re:Who's At Fault? (Score:1)
If a US company does not become a member of this 'Safe Harbor' then it is vulnerable to litigation in Europe by almost anyone - the govenrment, consumer unions, even simple citizens. And since the US company would most certainly loose on court that could mean anything - from steep fines to prohibiting the US company's business in Europe. Certainly I expect all medium to large companies that do business with the EU (or with possible future EU members - remember the EU is scheduled to grow to Easter Europe, Cyprus etc) to at least try to comply with this 'Safe Harbor'. Smaller companies may choose not to deal with Europe at all.
Remember this does not change the standing of European companies at all. European companies still have to comply to strict European privacy laws. This, if played correctly, could actually became a bonus for European .coms (if and whenever they appear), especially if privacy concerns become important for more American consumers.
Regarding the FCC I do believe that the US shoud have a 'watchdog' agency for privacy however I doubt that a communications or trade committee would be enough. Privacy is different than communications and trade because it involves legal and even human rights aspects. But that is something you Americans should decide on.
Personally I believe that this 'Safe Harbor' will not last long (there is a possibility that it will be voted down on the European Parliament). But for that to happen, American citizens (citizens, not consumers) should push for more privacy
Does it bother anyone else... (Score:1)
Re:More information (Score:1)
Re:who clicked on wow.cgi (Score:1)
Re:bunch of bunk (Score:1)
DO NOT CLICK THAT LINK (Score:1)
Most People Don't Care (Score:2)
Joe Sixpack isn't generally thinking about this sort of thing enough to figure out why this might be bad. Sure, if he reads something like Database Nation [databasenation.com] it'll be crystal clear, but that's not going to happen.
The only way to get this message out is if the mass media breaks it in a big way (yeah, the same ones who get paid by big marketing firms), or via some really embarrassing guerrilla action.
For example, a website screaming: "Congressman Albertson has hemmrhoids, and gets laid about 1 time a month at home, but 3 times a week when on the road (who's the woman? come clean!)" Of course, the data miners would never do this, and would probably try damned hard to make sure that it never got out like this.
Still, anyone with enough money can poison the well, by "accidentally" leaking selected data they've purchased from these data whores.
Re:This sucks. (Score:1)
Not quite the terminology I would have used but a point well put across
May all spammers be infected with the Ebola virus so they will crack and bleed out.
Security is the bigger risk if anything (Score:1)
The only interest of a commercial company is self-interest. Self-interest equals profit. Unless protecting my privacy becomes profitable, companies will sell my details to the highest bidder.
Protecting people's privacy is profitible for a lot of companies. If it doesn't declare that it will protect your personal details, simply don't give them away.
I think the biggest danger with self regulation is motivation for security - not honesty. Companies might promise not to give away details, but often there's no real way to guarantee that they're actually taking reasonable steps to protect it.
As the general population gets more net-experience and starts to realise that one of the main sources of unwanted spam is themselves giving away their details so easily (especially email addresses), they'll become more conscious of actually checking the privacy policy.
Voluntary privacy declarations will probably turn into a major marketing strategy over time.
Re:The entire issue is a mere "Tempest in a Teapot (Score:1)
Given the new laws the scumfuck government in the UK are planning (the RIP Act), any data held by any company in the UK can be requested for the purposes of anyone the Home Secretary decides can have it.
The real reason for RIP is tax collection. Since the big stores here told the Inland Revnue to go fuck itself when it asked for the "lifestyle" details from their loyalty cards, it has been itching to get at those data.
And now it will have a free hand.
If that doesn't scare the shit out of you, then I don't know what will.
The next step in dealing with privacy (Score:1)
What annoys me, though, is that now PRIVACY itself is being packed like a need, like a new product. The next step in dealing with privacy is selling it to its respective owners. I don't want to BUY something I already own. I don't want to be forced to copyright or TM my private life.
Re: Retrogradatio cruciata (or: reverse read) (Score:1)
First come people. People serve to existing business.
The betterment of business makes laws for the betterment of society. The sad truth.
Recourse for colmplaints? (Score:1)
It seems that the drafters of this agreement do not view privacy as a "legal right" as they should, but rather as another service that companies may offer, through the signing of the agreement.
However the main problem I have with the proposed agreement is not this, but the apparent lack of recourse for consumers who have complaints against copmanies who are signatories of the agreement. There seems to be no independent watch-dog proposed to ensure that signatories are complying with the regulations (I suppose, because of the self-regulatory nature of the agreement), and moreover, the regulatory groups are funded by the industry (conflict of interest, anyone?).
On top of this, "no self-regulatory group has ever referred a member company for investigation and the FTC has never provided remedies for any of the companies with which they have reached settlements" (from article cited below).
Does it really sound like the EU is looking after its citizens' interests or bowing down to pressure by the US?
For more arguments against the proposal, see TACD Statement on U.S. Department of Commerce Draft International Safe Harbor Privacy Principles and FAQs [tacd.org].
More information (Score:1)
Haiku (Score:2)
Commerce cannot be trusted
Eschelon? Hush, you!
Re:Stoppable? (Score:1)