European Commissioner Viviane Reding was in the UK on Monday to warn banks that they will be required to immediately notify customers about data security breaches. The Register visited the Brussels justice minister and vice president at the Commission's London office yesterday lunchtime to learn more about her seemingly personal …

COMMENTS

House rules Send corrections

This topic is closed for new posts.

Tuesday 21st June 2011 13:43 GMT The Cube

Thank you again Ms Reding

Please continue your one (wo)man crusade to put corporates and criminals disguised as politicians back in their box. Thank you so much for sticking it to the thieving mobile operators, please do take the bat and beat Phorm and BT out of existence.

Whilst you are at it perhaps you could stop DVLA selling all our data to car thieves and stalkers and prevent Experian selling lies about us without our permission. If I apply for credit I will give the company I am dealing with explicit permission to seek credit record data about me otherwise it is my data and nobody has any cause to look at it. Of course this is a double win because if my credit record is not available the eastern european crime gang trying to open bank accounts in my name can't so we close much of the identity fraud problem at the same time. It's a win for everybody except the criminals doing identity fraud and the marketing vermin.

19 0
1. Tuesday 21st June 2011 19:48 GMT Zippy the Pinhead
  
  @ The Cube
  
  Or you and just have a really crappy credit score and no will try to steal your credit! :-P
  
  0 0
Tuesday 21st June 2011 13:43 GMT Mike Flugennock

targeted advertising "an interesting business model"?

Wow, that's the most inventive way I've yet seen to say "big, fat pain in the ass".

3 0
Tuesday 21st June 2011 14:12 GMT Anonymous Coward

Grieves me

That we have to rely on an unelected Eruocrat to promote our interests, rather than our own elected representatives.

12 0
1. Wednesday 22nd June 2011 12:01 GMT The First Dave
  
  @Pete B
  
  Just for the record, that is exactly what the UK House of Lords is supposed to be there for. Shame that all of the 'modernisation' recently has made it into nothing but a shadow of the commons...
  
  2 0
Tuesday 21st June 2011 14:51 GMT Yet Another Anonymous coward

A real crack down

Against internet companies that steal or lose data.

Except American ones of course, and any Japanese companies with deep pockets, and Chinese or Russian owned ones because there isn't much point. And any that are too small to be worth bothering with.

And it wont apply to any government bodies that lose or sell data because that is upto the individual country.

But the rest had better watch out !

5 0
1. Wednesday 22nd June 2011 10:41 GMT ZweiBlumen
  
  Not true
  
  eg: Facebook.de takes you to the German facebook. That means they need to comply with EU rules.
  
  0 0
  1. Wednesday 22nd June 2011 15:49 GMT Ken Hagan
    
    Re: Not true
    
    facebook.de takes me to http://de-de.facebook.com/.
    
    I don't know where that's hosted, but I can't think of any reason to presume that it is within the EU. Even if it is, it doesn't affect the general principle that web sites don't have to be hosted in the country implied by their domain name.
    
    0 0
Tuesday 21st June 2011 15:44 GMT Painless

But I was sure that.......

"our World Wide Web [which was invented by Sir Tim Berners Lee at Cern in Geneva]"

.....Al Gore invented the internet.......

1 3
Tuesday 21st June 2011 16:05 GMT Anonymous Coward

Am I correct in thinking that, to her, this is a positive statement?

"So depending on the different mentality the law was applied in a different way… in future there will be one rule to apply to the whole territory of the European law,"

"depending on the different mentality the law was applied in a different way" Good, that seems very sensible.

"in future there will be one rule to apply to the whole territory of the European law" Wtf?

1 6
Tuesday 21st June 2011 18:43 GMT Chad H.

Damn Viv

You should run for something. We might then have a world leader that does things!

1 1
Tuesday 21st June 2011 19:48 GMT Zippy the Pinhead

make all companies responsible for protecting your data equally

"European Commissioner Viviane Reding was in the UK on Monday to warn banks that they will be required to immediately notify customers about data security breaches."

How about making all companies/governments/organizations and not just banks legally responsible for when they lose your data to a security breach? In addition they would have to assume all financial liabilities to repair the said damages that came as the result of that breach. If they try to hide the damage or the extent of it, then the people sitting in charge should be held criminally negligent and fines should be tripled and jail time applied.

My guess is with a real threat of jail time plus major fines companies, governments, and organizations would start taking security a heck of a lot more seriously. I also bet that a lot less data would be gathered and stored.

3 0
Tuesday 21st June 2011 19:57 GMT heyrick

"I always meet people who are astonished that Christmas is on the 25th of December"

Education isn't what it used to be, I guess. Or maybe you need to call it Noël or Joulu...

Seriously, though. There is the enevitable aspect that the data slurp affected people who never bothered to apply any form of encryption to their WiFi. The French probably didn't care as it is *your* *responsibility* to secure your WiFi (part of Hadopi) so if you don't, "tant pis". The Germans, on the other hand, have a noticably different attitude. Will one law for all the land actually stand a chance of working with such different approaches by neighbouring member states?

Maybe the money involved would be better spent making "This is what they do with your data" TV adverts? Get the people to see and understand what is going on in the background, and let the populace decide. If enough people bail, they might start to rethink their attitudes.

However, I feel that many wouldn't care. We "benefit", from instant social networking, from points/reductions on store loyalty cars, from easy cashless payments, from dirt-cheap internet access. The slime dripping down behind the scenes is of less relevance. But is this because nobody cares if a shop is able to profile you from your purchase history, and pass this info on to third parties... or is it because nobody really understands how easy it is to reliably profile and identify a specific individual with sufficient data. Like that little Facebook "Like" button. I have another window open with a "Like" button. The graphic comes from facebook.com, however Facebook cookies are session-wiped and the site is not permitted in NoScript, so the best they'll manage is "somebody from this IP address looked at this and this page". Now if you have a computer that lets more stuff in, or even a Facebook account that you stay signed into, it can track you all over the place. Remember, every time you see that damned Like button, you've just told Facebook you're there.

Indeed. Time for some TV adverts to point out this sort of thing.

0 0
1. Wednesday 22nd June 2011 12:01 GMT Anonymous Coward
  
  It's the lizard men from Rigel 7, that are in charge!
  
  Sadly the paranoid, X-Files watcher in me says it's not that they don't care, it's that once these places have harvested all this useful info, the world's Govs come along, regulate them to death and demand they hand over copies of the collected data.
  
  ( "Paranoid? I KNOW they're out to get me!" )
  
  0 0
Tuesday 21st June 2011 19:58 GMT Anonymous Coward

reciprocal?

So, will United States law now apply to European servers too?

Just asking?

Paris, because I haven't a clue either.

1 0
Tuesday 21st June 2011 19:59 GMT Ken Hagan

Nowhere to hide?

"The law is for everyone who does business on the territory of Europe, whatever the origin of the business might be. So you cannot hide anymore by saying ‘I do not have my headquarters in Europe’."

Does Facebook do business in the EU? That is, does it have a subsidiary through which it sells its products, or does it conduct all its business through its (US-based) website.

Companies that operate exclusively through the internet have no need to duplicate their points of presence in every country, as long as uncensored web access is available. Perhaps the commissioner hasn't caught up with this new reality. Or perhaps she wants to follow the Chinese model.

1 0
1. Wednesday 22nd June 2011 01:34 GMT mego
  
  Yes, it even has offices in Ireland
  
  At least at the moment...
  
  0 0
2. Wednesday 22nd June 2011 11:06 GMT moonoi
  
  Engage brain before posting
  
  Does Facebook do business in the EU? That is, does it have a subsidiary through which it sells its products, or does it conduct all its business through its (US-based) website.
  
  What has having a subsidiary based in the EU got to do with doing business in the EU?
  
  Regardless of where their corporate presence is, they provide a service (ie do business) in the EU via the internet. As the commissioner rightly points out, hiding your servers or your headquarters elsewhere is not an excuse to avoid EU laws.
  
  Perhaps it is you that has not caught up with this new reality?
  
  0 0
  1. Wednesday 22nd June 2011 12:04 GMT CD001
    
    Yup
    
    ----
    
    Regardless of where their corporate presence is, they provide a service (ie do business) in the EU via the internet. As the commissioner rightly points out, hiding your servers or your headquarters elsewhere is not an excuse to avoid EU laws.
    
    ----
    
    Yup - especially since that's already the case the other way around; for instance allowing residents of some US states access to your online gambling outfit (with servers based outside the US) can land you in serious hot water over there... though with our somewhat one-sided extradition treaty you could (theoretically) be shipped off to be screwed over despite having done nothing illegal outside Arkansas.
    
    0 0
  2. Wednesday 22nd June 2011 12:15 GMT Ken Hagan
    
    Re: Engage brain
    
    I did. You didn't.
    
    EU citizens are able to use the internet to communicate with foreign companies and can use various financial services to pay those companies money. This means that EU citizens can conduct business with those companies without those companies having any presence in the EU whatsoever, either legal or physical. (It's no different from buying stuff when you are on holiday. You are subject to the laws of the country where you bought it.)
    
    If a company has no legal presence in the EU then you can sue them all you like but courts will be unable to extract fines or sentence directors simply because EU law doesn't apply in other parts of the world. Nor should it.
    
    Still confused? Consider a North Korean buying something off your website? Are you now subject to North Korean law? Of course not, and if the Kims decided that you were and prosecuted you then you'd just laugh at them.
    
    1 0
    1. Thursday 23rd June 2011 14:45 GMT E_Nigma
      
      Re: Re: Engage brain
      
      ... (It's no different from buying stuff when you are on holiday. You are subject to the laws of the country where you bought it.)...
      
      And when you try to import them you're very much subject to the laws of the country you're bringing it into, even those in which you're re just switching planes and won't be leaving the airport, so the stuff may well get confiscated. Also, notice one small thing. When you buy something on a holiday, the transaction is "coincidentally" subject to the laws of the country where you physically are at the moment you're making the transaction.
      
      The matter is complex. A country can't fine a manufacturer that has a product that's clearly labeled to be up to specs that don't conform to the local standards, but it can ban importation of such a product. It makes sense to apply the same principle to importation of services.
      
      Room for abuse? As with anything else. Yet which one would you rather have, a service that is obliged to work and take care of your data according to the laws and standards of your own country, or the one which makes your data subject to the laws and whims of some god forsaken place where they might have physical boxes because it has cheap electricity and "relaxed" standards on how user data is to be treated?
      
      0 0
      1. Thursday 23rd June 2011 21:49 GMT Ken Hagan
        
        @E_Nigma
        
        "And when you try to import them you're very much subject to the laws of the country you're bringing it into, even those in which you're re just switching planes and won't be leaving the airport, so the stuff may well get confiscated."
        
        With a physical object, that's true even today if the purchase was made over the internet, since we've had mail order companies since forever. But if the Dear Commissioner would have that apply to Facebook, then she is presumably applying it to a service that is performed abroad (giving you a presence on a foreign web site) and in connection with which no physical object is ever imported. You don't bring services back. The analogy doesn't work.
        
        And if you *really* want to carry your airport analogy further, that would imply that the service is subject to the laws of every country that packets hop through. Quite apart from being impractical to determine, if the packets are carried via multiple routes then who is to say which countries the *service* is carried through?
        
        The only *practical* solution is the one that says business transactions take place in the country that hosts the server and any physical deliverables are subsequently imported *by the purchaser*. The commissioner's approach would mean that websites would have to determine the legal jurisdiction of their customers before they know if it is safe to do sell to them. Last I heard, IP-address geolocation wasn't something I'd want to rely on in a court of law.
        
        0 0
Tuesday 21st June 2011 20:00 GMT Anonymous Coward

sums up politicians

"[and told them] that Christmas is on the 25th"

Except of course when it's on the 7th of January if you follow certain forms of Christianity.

The privacy law only helps one group of people, bureaucrats, it keeps them in business and will do very little for anyone else. If someone doesn't know how to set their browser to delete cookies at shut down then they wont care/understand about cookies and will just accept because it's easy.

As for me, I don't care about cookies.

0 1
Wednesday 22nd June 2011 01:34 GMT Anonymous Coward

Oh you gotta love governments

Haha. Hillarious, old biddy yelling about "getting them and their little dog too". It won't change anything: big, wealthy business will STILL be just the same. Little, one-man bands that have no money for fancy lawyers: watch out. This old biddy is coming for you!

1 1
Wednesday 22nd June 2011 15:18 GMT Anonymous Coward

International policing of the internet is just a matter of time.

Just as the lawless wild west ended so to will the internet equivalent.

It is in the interest of all nations and society that the internet function and that the rule of law prevail. The mechanism of enforcement is simple. Block the traffic of those who seek to hide behind international borders. This obviously has many practical difficulties but can be done, especially to large companies with a well known addresses.

If, for example Facebook tried to avoid submitting to a German privacy Law and the German courts had the power to force all ISPs in Germany to block all Facebook traffic then thats a pretty big enforcement tool. Facebook would have a pretty stark choice. Submit or for Germany accept that the only users you have will be those who can be bothered to use a VPN to access your site. It would be amusing to watch lawyers try to argue against such sanctions in a jurisdiction where they claim they are not subject to the local courts in the first place. Of course Facebook would go crying to Uncle Sam for help against the big bad Europeans.

Ultimately a set of International laws will be developed and adopted so that the scenario I've outlined above can be avoided. It won't be easy but it is necessary. The current situation is not sustainable.

1 0
1. Thursday 23rd June 2011 13:35 GMT Ken Hagan
  
  Re: The method of enforcement is simple.
  
  "Block the traffic of those who seek to hide behind international borders. This obviously has many practical difficulties but can be done, especially to large companies with a well known addresses."
  
  Umm, no. The *specification* of enforcement is simple, as you describe. However, the *method* is considerably harder, for several reasons. For one, the "well-known addresses" you speak of would have to be blocked at every border router in the legal jurisdiction trying to block. For another, they don't include the addresses of people mirroring or providing tunnels to the restricted content, and whilst *that* may be illegal in your country is certainly won't be in your neighbours, so you'd have to add "every foreign mirror and proxy" to that list of addresses you are blocking on every route in. For a third thing, the address you are trying to block might be a dynamically allocated one, so you'd have to snoop DNS servers to keep your huge list up to date.
  
  So it *can* be done, but it is rather expensive. The Chinese seem to spend quite a lot of effort on it and after all that effort they still rely on "disincentives" for people who uncover errors and omissions in the block list.
  
  Of course, if the IP address space were more cleanly aligned with legal jurisdiction, it would at least be possible for people to *know* whether the site they are doing business with is in the same jurisdiction, and therefore sue-able in the event of disappointment. However, that's solving a slightly different problem. Specifically, that's "giving users the tools to protect themselves from stuff they don't want" rather than "giving government the tools to protect people from stuff they do want". In a free society, the latter is impossible whereas the former is relatively simple once you've figured out that this is what you should be trying to do.
  
  But you are right. The present situation is legally intolerable, so ultimately they will figure all this out and we will get an internet that is as safe as the street where you live. (Hmm...)
  
  0 0
  1. Friday 24th June 2011 14:13 GMT Anonymous Coward
    
    Missed the point somewhat.
    
    "Block the traffic of those who seek to hide behind international borders. This obviously has many practical difficulties but can be done, especially to large companies with a well known addresses."
    
    You did rather miss the point of the "large companies with well known addresses" part of the statement. Of course lots of traffic can't be blocked but if you're Facebook then even a partially effective block is a big problem. The existence of the block generates all sorts of publicity and perhaps closer scrutiny of what you are up to at home. I also don't see Facebook permitting mirroring of their website by enthusiastic supporters even it it were possible.
    
    My point always was that the internet need rules to protect its users just as international waters have international laws to protect the users.
    
    0 0
Wednesday 22nd June 2011 23:11 GMT Anonymous Coward

Help make the world a better place

Stay the hell away from facebook. it is poison and has proven it many times

2 0
1. Thursday 23rd June 2011 06:28 GMT Anonymous Coward
  
  Oh but it's cheap and convenient,
  
  and slips down very nicely. A small sip here and there is quite pleasant, it's only the aftertaste that's a bit funny. What could possibly be wrong with that?
  
  0 0