European Commission vice-president Viviane Reding was forced into a defensive corner today, after putting forward her proposed rewrite of the EU's 17-year-old data protection law. She claimed nothing had been "watered down" in the draft bill she tabled. Earlier reports had suggested that Reding was expected to propose that …
A right to be forgotten
The directive also needs to include 'a right to be heard' namely a right to insist that all data be taken into account and to be shown to be taken into account.
In particular I'm thinking of credit reference agencise where you have a right to add a note to your record but this is then routinely ignored by the agency's customers who only look at the 'bad' flag.
Conflict of interest
EU rules apply apply to companies trading in the EU no matter where the data is held
Foreign subsidiaries of US firms are subject to the US PATRIOT act.
So if you are a foreign subsidiary of a US company and your parent company is ordered to hand over all personal data of your customers with out notifying them, what do you do?
That is supposed to be one of the changes...
It is worse than that, if you are an EU company, using a cloud service, which has a subsidiary or head office in the USA, they have to give your data to Feds as well, leaving you holding the can for all the personal data you have being handed to a non-EU body, without gaining the relevant releases.
That was supposed to be one of the major things that was going to be addressed by this new legislation. The Reg report doesn't even mention if it is included or implied.
Maybe handing data over to the Feds under the Patriot Act will be considered a breach and have to be reported within 24 hours... The company then has to decide, whether to pay 2% of income or accept an all expenses paid vacation in Gitmo.
You have 2 options:
You hand over the data and pay 2% of your annual turnover to the EU!
You protect the data and end up gagged and tortured in a prison somewhere as a terrorist!
"You protect the data and end up gagged and tortured in a prison somewhere as a terrorist!"
No, not quite. After, all, you are a **capitalist**! Capitalists in the Good ol' USofA don't have to follow the same rules as the rest of us plebs. So you (the Imperial You, of course), have nothing to worry about.
Therefore, go tell Uncle Sam politely to pound sand.
You forgot to add:
The extra point that got missed:
All these rules are null and void if the CIA or Homeland Security order us to hand over everything we've got on you.
"penalties of up to €1 million or up to 2% of the global annual turnover of a company"
Is this whichever is lower or whichever is higher?
I would assume the first, but it is not made clear in the article (and I don't have time to look it up myself).
In addition, I agree with the comment about "a right to be heard". Credit referrence agencies can be terrible, as can the people processing that data (when you apply for a loan, it is the bank etc. who decide whether to approve you, not the agency who suppilies the data). If you have withheld payment for a legitimate reason, you can end up with a mark on your credit history, and there's nothing you can really do to get it removed (quickly) unless the company agrees, and banks are less than sympathetic to such issues.
In a generation or so, all this data protection will be a moot point anyway.
Just look at the facebook generation and how much data they freely and willingly give away for the next free shiney shiney on their farmville or whatever.
The majority rule,and sadly that looks like it's going to be the facebook kids.
TANSTAAFL. And in this case, the cost of the internet is BigCorp knowing where you are, what you are doing and who with. All of the time.
And that, of course, is fine. After all, if you have nothing to hide ...
Right, no possible problem there ...
Next, the bank will come seize your house because you "lost" it the the night before playing poker with friends. What do you mean the 10 000$ chips never had any real value?