Separate names with a comma.
Discussion in 'Politics, Religion, Social Issues' started by samcraig, May 25, 2018.
(It's also Towel Day)
i have to admit, that's funny but cynically true. You don't know how many of these I had to agree to, let alone publish because of my job dealing with PII and PCI data..
But let's look at this on the bright side.. at least they didn't implement this on Talk Like A Pirate Day.
It's a bit over the top IMO.
I looked it up and I still don’t know what GDPR day is. Do I get a free donut or ice cream somewhere?
You get to be sent a massive number of emails from everyone who has your email address. Unfortunately none of them seem to have free donuts.
GDPR is a European law that basically affects every website and service worldwide (since a site is on the Internet, by nature it is worldwide; any person from anywhere can visit it). The EU law basically states that for wherever an EU citizen visits, the website owners have to get consent from the visitor to use any data that they collect from that visitor (e.g., username/password, email address, etc.), and must comply with whatever consent they get from the visitor, up to and including removing their data.
to that extent, May 25th 2018 is the day that that law goes into effect, so that is why you've seen a huge influx of policy and data use changes come from every site you visit, let alone flood your inbox.
I wasn’t aware of this. Thank you for that summary, it certainly explains a lot of traffic in my inbox this morning.
Do you know what happens if a company doesn’t comply? Is the site just banned in the EU?
They can be fined. And I believe Facebook (among 1 -2 others) are already being called out.
--- Post Merged, May 25, 2018 ---
BTW - the interesting thing is - this law is about individuals. Meaning - that even if you are in the US (living/visiting) you are protected by this law and US companies must adhere on an individual basis. Some ad platforms have pulled out of servicing the EU because they have decided there's no way they can provide the appropriate targeting for brands. It's definitely an industry disruptor.
--- Post Merged, May 25, 2018 ---
That would be the tricky question. Let's bring in the sanctions as listed from Wikipedia:
Obviously, this all depends on how much data is compromised, how long, and impact to the people. For most small sites, you could just get a warning, have you fix the problem, and off you go. For bigger sites, as you can see, fines and sanctions can be hefty. Already, both Facebook and Google were slapped with almost $9 billion in lawsuits for GDPR violations.
The tricky part here, is that if a site physically has no EU presence, whose laws are they subject to? For example, let's say Los Pumas is based in Argentina (which it is, but let's roll with it; they are Argentina's national Rugby team) and does not comply with the GDPR (being an EU law). Let's say that they take the data that they have for you (say you signed up for email alerts for team updates), and sells your data to Aerolineas Argentinas, their national airline, and you get bombarded with email about deals from that airline, or worse: the airline suffers a data breach.
Both the Airline and the Argentine rugby site don't follow EU law (they aren't based in the EU), so they are free to do whatever they want with your data. Which legal system has jurisdiction of the case?
I haven't seen anything in the provisions of the law showing that. In fact, there's an issue right now, where trying to comply eith EU law conflicts with rulings handed down by SCOTUS. So I'd expect to see a lot of conflicts showing up real soon.
One more thing: the law also includes that provision the EU was fighting over - the right to be forgotten.
Wow that’s a pretty big deal. I have no idea how I hadn’t run across this before today.
It will definitely be interesting to see what happens with free content on the internet because I can definitely see this causing issues for advertisers.
--- Post Merged, May 25, 2018 ---
That’s exactly what I’m wondering. It’s all fine and dandy for the EU to impose a fine but who is going to compel a company to pay it if they don’t do business or have a presence in the EU?
This will definitely be interesting to watch as it moves forward.
Sweeping government regulatory actions being put in place over companies in the name of "protection," against many, many companies who I do not agree with the practices of.
This is one of those "I wouldn't tell you that you can't, but I would say you shouldn't" situations. I still don't support broad government regulation, and would rather business practices be in place on good faith rather than because the state is ordering it.
I'm not a lawyer so I may be wrong, but I would imagine that the EU laws could be used to award damages, but there would be no way to enforce it unless that entity has something of value physically in an EU country. In your hypothetical example Aerolineas Argentinas flies to the EU, so I would imagine if they got fined and tried to ignore it then they could have one of their planes impounded when it arrives int he EU. For an organization that never has any physical presence in the EU, it would seem to be impossible to enforce.
--- Post Merged, May 25, 2018 ---
I wouldn't be surprised to see at least some sites starting to charge European users for access since it has to be paid for somehow, and this makes it difficult to do that through selling advertising.
Exactly. So if a mom-and-pop shop starts up a website and has no intention of selling anything or doing business with anyone in the EU, has one person from the EU submit their data to them, and subsequently that site has a breach, the EU could fine them into oblivion because of that single person. And unless the person in question has an email address or data that looks to obviously be in the UK (.de, .it, .se, .no, etc. for their top-level domain - meaning nothing .com, .net, etc.) that further obfuscates the problem, as said mom and pop shop wouldn't even know that they had data from someone living in the EU.
Ah, sense of humor?
I believe that would be the case, but since the mom-and-pop shop isn't doing business in the EU while they could get fined into oblivion there won't be any way for the EU to actually collect that money from them.
The emails have been endless. I did, however, take advantage and ask Alexa what the strange initials meant. She was quite helpful in getting me, too!
I think I've gone through a hundred-ish emails not counting pop-ups on sites. Two weeks ago I had a bit too much scotch and wondered whether I was dreaming and was in an alternate reality inside the GDR. I'm not sure if alcohol induced dyslexia is a medical phenomena, but it should be.
Honestly it’s been kind of annoying. I don’t put anything online that I’m not fine with being public knowledge so I don’t care what companies do with that information.
Facebook and the other big players have acted like absolute wankers. They deserve this.
Yeah this is a real problem, it’s far too heavy on small players.
quoted from the SC article.:
"With the GDPR coming into full force on May 25th, and bringing with it steep new monetary penalties for violations, and with the EU’s highest court having already weighed in, determining that EU law does not recognize the US legal regime as upholding Europe’s “fundamental right to privacy,” US companies with data stored overseas and/or European operations, should be following this case closely.".
So according to the EU's highest court "the EU law does not recognize the US legal regime as upholding Europe's fundamental right to privacy" ..
But I suppose the EU feels it has the right to impose their regulatory laws and fines in any non EU participating country in the world, without any non-EU country (including the USA) having any say in their regulatory practices and law..
I suppose, US based companies that have data servers in EU states, should consider moving their data servers to non EU countries, since now that the EU feels it has jurisdiction over our own constitutional laws. We can deal with privacy law issues ourselves with our own laws.
The gdpr law somehow seems to hint at a regulatory power grab by the "highest court" of the EU.
Uhm, the EU has the right to protect EU citizens, and the law applies to companies (be it American, Chinese or Guatemalan) that are active in the EU. I'm sure the US doesn't recognize EU law at all if it concerns US citizens and European companies active in the US citizens have to to comply to US law, it's all okay, but as soon as it's EU law concerning EU citizens, but it affects American companies active in the EU, it's not okay? The EU has jurisdiction over data servers based in the EU, I really don't see why you are objecting to this. Unless you think US companies only have to comply to US law, regardless of where in the world they're active.
I guess we have different opinions on what a government should be, and how large its power can be.
I agree that the EU's highest court of self appointed judges ( judges are appointed by judges in the EU court) has the jurisdiction within the EU for matters concerning the EU union, which was what the court was designed for- EU union laws.
The internet crosses international boundaries outside the realm of the EU union , and independent businesses or emails may have no physical presence in the EU, but may have data from an EU individual. That data used in the USA would then possibly not be used in accordance with the GDPR.. that can and will present problems - EU law vs national non EU laws.
Since a line has been drawn by the EU effectively negating previous agreements such as the data transfer safe harbor law, I believe that such actions will lead to more international isolation with the EU internet and the rest of the world.
Another problem I can imagine is how will this law affect transparency of government, or censorship?.
"you have violated gdpr law. by using our data illegally on your website !".
Food for thought.
Perhaps - and I'm sorry if I'm being disrespectful, but I'm unclear as to what other route can be taken here .
Juuust small enough to not be able to hold corporations to account I presume?