Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
White House Reportedly Interested in Developing 'Counter-Weight' to Europe's GDPR Privacy Laws
- Thread starter MacRumors
- Start date
- Sort by reaction score
As far as I am concerned it doesn't go far enough, imo all sites serving the EU should all have opt-in settings, not opt-out, and then there are cookies, while needed they should be easily accessible and readable by everybody so people know what they actually do.
GDPR opt-ins are the new EULA: hardly anybody reads them, few of those that do understand them, just about everyone clicks “agree,” and they just become a hassle we blindly deal with.
They’re great for lawyers, though.
Most likely true.
But that's not what I meant, all sites serving the EU should all -by default- have all trackers and all that crap disabled without (a popup/over) asking for permission, if you want to be tracked there should be an unobtrusive button or link to a page where you opt-in.
I think you nailed it here. The U.S. government is almost totally corrupted by corporate interests at this point (lobbyists write the laws for the most part)...and Google, Amazon, Microsoft and Facebook aren't going to be paying their government stooges, er um, representatives to make sure their citizens privacy is respected and taken care of. Anything coming out of this will be to fight the little bit of protection the European laws provide.
Here in the U.S., corporate lobbying of the Federal government didn't really start until the 1970's, but has totally taken control of the U.S. government at the law writing level for the most part (unless there is a very high visibility issue or a social issue required by one party or the other). One of the interesting details in all this is that Paul Manafort (the guy who helped the Russians get a patsy government into Ukraine before the invasion), worked for Trump's campaign and is in jail in the U.S. for witness tampering, actually directly created (with college friends) the corporate lobbying world as we know it in the U.S.. Not sure we'll get out of it either, the money and power are rather self reinforcing. JMHO...
Good thing, or I might think you were insulting me.
I might be using "playground logic" in my reasoning, but sometimes broad/simple solutions to complex problems are just as rational/fair as the web of uncertainties and exceptions created by complex solutions.
Counter-weight? Or complement? Those two words imply very different ideas.
Vocabulary is important, kids.
Seriously, when I saw the headline my thought was that they wanted to pass something counter to GDPR. Trump has the best words doesn't he?
Of course maybe they really do mean something counter to GDPR, while they try to sell it as a bill that purportedly puts new privacy laws in place.
I have no idea what counter-weight means here. If they do anything, please let it not be at all like the GDPR. Kinda scared of most US Internet laws anyway. The questions they asked Zuckerburg shows that they're ignorant or just trying to impress voters.
[doublepost=1529524384][/doublepost]
Edit: There might be a subtle difference. Question is whether or not the copyright law they cite when blocking sites is international.
[doublepost=1529524494][/doublepost]
[doublepost=1529524848][/doublepost]
If I wanted to disable cookies, I'd have disabled them in my browser. If I wanted to hide my identity, I'd not post my real name and face on Facebook and agree to their privacy rules.
[doublepost=1529524384][/doublepost]
The US does it too with copyright laws. You either conform or don't get to serve people in that country. I hate the GDPR rules, but the enforcement makes sense.
Edit: There might be a subtle difference. Question is whether or not the copyright law they cite when blocking sites is international.
[doublepost=1529524494][/doublepost]
I agree, the US govt is also held to the Constitution protecting privacy and free speech, whereas your usage of a private site is subject to whatever rules they choose. Ofc the worst thing that can happen for violating Facebook's rules is you get banned, so I think it's fair; much worse things can happen if you violate US law.
[doublepost=1529524848][/doublepost]
Yeah, it's retarded. "Yes please use cookies" on every site. Just more clicks. Beyond that, more pointless stuff to hinder small companies, and it also seems protectionist, both like Europe has always been in tech. Great job.
If I wanted to disable cookies, I'd have disabled them in my browser. If I wanted to hide my identity, I'd not post my real name and face on Facebook and agree to their privacy rules.
Last edited:
There might be a lot of things one can complain about the EU, although, the GDPR isn't one of them.
I've been sceptical at the beginning until I've read through it twice. In fact, the GDPR itself is rather short (read it here). What really takes time is to read the recitals and look up lawyers opinions on whatever is relevant to you.
Under the bottom line I'm quite certain the GDPR will become some basic standard.
I get that the US administration isn't really concerned about privacy of US-citizens (post Snowden that'd be hard believe) but are mostly worried now that a EU law could become a defacto standard around the world and even within the US (as Apple and other big players won't limit GDPR benefits to EU citizens, which will raise awareness among US citizens). While the GDPR isn't perfect, it imho is something like the human rights on the internet. The best thing the US administration could do now is to admit that it's a good thing and pass it into US law. Much like the EU should have adopted HIPAA long ago.
By not re-inventing good standards, but rather copy&pasting them it would be a lot easier to maintain compliance for businesses. Although, that would require to be actually able to admit the other side doesn't always suck... seems to be a big deal these days between US/EU.
On the other hand some lobbyists (obviously) managed to convince enough MEPs to vote for upload filters and other stupid stuff (that practically will be useless as it technically is easy to bypass, but will cripple a lot of websites). If that passes the final vote on 4th July we can continue on the EU bashing...
I've been sceptical at the beginning until I've read through it twice. In fact, the GDPR itself is rather short (read it here). What really takes time is to read the recitals and look up lawyers opinions on whatever is relevant to you.
Under the bottom line I'm quite certain the GDPR will become some basic standard.
I get that the US administration isn't really concerned about privacy of US-citizens (post Snowden that'd be hard believe) but are mostly worried now that a EU law could become a defacto standard around the world and even within the US (as Apple and other big players won't limit GDPR benefits to EU citizens, which will raise awareness among US citizens). While the GDPR isn't perfect, it imho is something like the human rights on the internet. The best thing the US administration could do now is to admit that it's a good thing and pass it into US law. Much like the EU should have adopted HIPAA long ago.
By not re-inventing good standards, but rather copy&pasting them it would be a lot easier to maintain compliance for businesses. Although, that would require to be actually able to admit the other side doesn't always suck... seems to be a big deal these days between US/EU.
On the other hand some lobbyists (obviously) managed to convince enough MEPs to vote for upload filters and other stupid stuff (that practically will be useless as it technically is easy to bypass, but will cripple a lot of websites). If that passes the final vote on 4th July we can continue on the EU bashing...
Last edited:
Note that GDPR doesn't only apply to EU citizens, but also residents, and also to more complicated edge cases. If on vacation in the US, and buy something there, but use a credit card issued in the EU, GDPR applies because a EU processor (the credit card company) was involved in the transaction.
They already are. I am traveling in Europe at the moment and find that U.S. websites are mainly complying by throwing up the data privacy disclosures required by EU law. Click through it and you are done. The sites that don’t comply are blocked. In their usual convoluted fashion MR has failed to explore let alone explain how a separate U.S standard will address compliance with the EU law. Obviously it won’t, so what is this story about, exactly?
I would remind you that extremism in the defense of liberty is no virtue! And let me remind you also that moderation in the pursuit of justice is no vice!
Fair enough, but if any services operated or hosted outside the EU allow themselves to be available inside the EU then they must expect to be subject to EU law.
While I haven't thought through what something like this should look like, it would be nice to see other countries get involved. I'm of two minds in regards to GDPR...
On the one hand, I want to support it, as at a base level it is good for users and the right kind of thing in spirit.
On the other hand, I want to oppose it because it comes from a bunch of non-tech-saavy bureaucrats with the audacity to try and enforce their mess world-wide.
The more deeply I look at GDPR, the more I think it's impossible for existing technology to fully comply, creating a situation where anyone who gets deemed a target can get taken out. I suppose I fear a situation where you have to be careful to stay 'under the radar' or face huge consequences.
[doublepost=1529536468][/doublepost]
Except, it is costing. Every client of mine has contacted me to help them with aspects of GDPR, and I've had to invest time in learning about it and the tools in my particular area, etc. Not everyone is a mega-national corporation with $billions in the bank. Most people are kind of implementing 'band-aid' solutions and hoping for the best.
And... the time and money they are putting into semi-complying, they could be putting into other technology or improvements. So, maybe this is a good thing that they are putting time/money into... but it's far from no or low-cost!
It's not quite so simple with the Internet... they aren't 'going' to the USA or Canada, etc. and my website isn't 'going' to the EU. Heck, I'm not even necessarily selling them anything, and yet I'm supposed to comply. (This isn't just about commerce!)
You can't just comply with GDPR with an opt-in/out. You have to be able to give a user, upon request, any data you have on them (or where it might have gone and be being used for), and be able to wipe it, upon request (which essentially becomes impossible if it was shared with a 3rd party.... like Google, MailChimp, etc.... so basically most every website and blog in existence).
OK, so lets say I decide I don't want to comply and exclude the EU... how might I do that?
This is the Internet we're talking about here, not a brick and mortar store.
On the one hand, I want to support it, as at a base level it is good for users and the right kind of thing in spirit.
On the other hand, I want to oppose it because it comes from a bunch of non-tech-saavy bureaucrats with the audacity to try and enforce their mess world-wide.
The more deeply I look at GDPR, the more I think it's impossible for existing technology to fully comply, creating a situation where anyone who gets deemed a target can get taken out. I suppose I fear a situation where you have to be careful to stay 'under the radar' or face huge consequences.
[doublepost=1529536468][/doublepost]
Except, it is costing. Every client of mine has contacted me to help them with aspects of GDPR, and I've had to invest time in learning about it and the tools in my particular area, etc. Not everyone is a mega-national corporation with $billions in the bank. Most people are kind of implementing 'band-aid' solutions and hoping for the best.
And... the time and money they are putting into semi-complying, they could be putting into other technology or improvements. So, maybe this is a good thing that they are putting time/money into... but it's far from no or low-cost!
It's not quite so simple with the Internet... they aren't 'going' to the USA or Canada, etc. and my website isn't 'going' to the EU. Heck, I'm not even necessarily selling them anything, and yet I'm supposed to comply. (This isn't just about commerce!)
You can't just comply with GDPR with an opt-in/out. You have to be able to give a user, upon request, any data you have on them (or where it might have gone and be being used for), and be able to wipe it, upon request (which essentially becomes impossible if it was shared with a 3rd party.... like Google, MailChimp, etc.... so basically most every website and blog in existence).
OK, so lets say I decide I don't want to comply and exclude the EU... how might I do that?
This is the Internet we're talking about here, not a brick and mortar store.
Honestly, we don't need the US Government to get involved, most companies are providing the same protections in the U.S. that Europe's new laws provide, so why waste tax payer dollars with this?
[doublepost=1529536912][/doublepost]
[doublepost=1529536912][/doublepost]
That was indeed my first thought, which is why my knee jerk reaction is to keep the government out of it.Counter-weight? Or complement? Those two words imply very different ideas.
Vocabulary is important, kids.
GDPR isn't just about acknowledgement, in fact, that's been around even before GDPR. What's new is that EU citizens have the power to request what data is being collected and request a full deletion of that data.
What's ironic about this whole thing is that Facebook, Cambridge Analytica, and Trump caused this whole mess and it's taking a foreign country to fix it. Now the Trump administration wants to "fix" the privacy laws that they themselves violated.
They say what they mean and mean what they say. Remember, this is the same Government that wants Apple and Google put backdoor access into iOS and Android.Seriously, when I saw the headline my thought was that they wanted to pass something counter to GDPR. Trump has the best words doesn't he?
It's a move in the right direction (in terms of user privacy and control), but if you believe it will actually accomplish that, I have this bridge for sale...
Huh? This problem had been around since before Trump even considered running for president. How did they create the whole mess?
And, in fact, the Democrats actually bragged about being able to do what Trump did because of how social-media savvy Obama's team was (and that they had gotten the data out of FB before the rules were changed... haha Republicans, ya snooze, ya lose!). The only difference is that Cambridge Analytica did it after FB changed the rules about what could be done with data they already gave out.
If you don't think this is being done by broadly, political-related or otherwise, see above about that bridge.
Believe? I'm a web developer building a tool I just described for a large international company.
It's clear that the Cambridge Analytica, Facebook, and Trump scandal started/influenced GDPR.
Well, then either I'm not reading it correctly or you're overconfident.
I'm not sure it's possible to comply to the letter of the law, but I can assure you that many smaller companies (and likely larger ones) aren't in compliance and/or have no plans to be.
And, my confidence that sites like Facebook, Google, credit reporting agencies, etc. will effectively comply are next to zero. It's a good move, the the problem isn't going away.
It was started in 2012 and passed before Trump was even president. So, I'm having a bit of trouble understanding how Cambridge Analytica influenced it.
I go further than that, and never trust anyone formulating privacy laws but myself.. The moment someone has it, they can say whatever they like to make you give it up, and end to end encryption/VPN/TOR is a good example. Perhaps not give it to *them*, but your more likely to pass personal info through a encrypted tunnel..
The government has that ability all the time, but just chooses to say we need our consent to make it "seem" better.. See how that works? The more power they have, the more they can cover stuff up and fly under the raider.
My parents were shocked when the Taxation office said "I can pull details concerning how much you need to pay" when it was mentioned she left a form vital form at home at how much tax she's earned.
Slater and the Trump administration have reportedly referred to the U.S. proposal as a "counter-weight to GDPR," aimed at ensuring that the European law doesn't become the global standard of online privacy, sources said. Still, Slater also stated that there is no desire to create a "U.S. clone" of the European rules.
This sounds a lot more like the US government doesn't like the fact that someone else has came up with a great set of rules without their input and it may become the standard, rather than actually having issue with the implementation of the rules.
