back to article The world's leading privacy pros talk GDPR with El Reg

You know, we know, everyone knows… the EU's General Data Protection Regulation goes into effect May of next year for every member of the European Union, and that will include the United Kingdom. Of course, the UK will eventually leave the EU and what happens then will be a very interesting question according to Trevor Hughes, …

  1. Doctor Syntax Silver badge

    "the market will have already had to adapt to GDPR and will have made investments in doing so"

    More likely large swathes of the market will be hoping it just goes away with Brexit.

    "once Blighty departs from the EU's jurisdiction, we will need a piece of legislation that mirrors GDPR carefully"

    I thought the theory was that all those EU regulations that automatically became part of UK law would remain so on Brexit unless specifically repealed. If so the default solution here is to do nothing in which case UK law not only mirrors GDPR, it will continue to be GDPR.

    1. streaky

      The UK will have a law that pushes all EU laws into UK law. But experts, or something, lol. Yeah you're completely right such a law won't need to exist because it explicitly already will. I suspect parliament might chose to remove a lot of the GDPR stuff because it's mostly garbage written by the same idiots who with stunning naivety brought you such hits as 'Safe Harbour' and their follow-up smash hit 'Privacy Shield' - no saying how many years that will take though.

      There's no reason the UK needs this to exist in own laws, if companies want to deal with private data of EU citizens post leave they can chose to follow these rules for their data. Or chose not to deal with the private data of EU citizens (why would you want to anyway?).

      1. Doctor Syntax Silver badge

        GDPR stuff [is] mostly garbage written by the same idiots who with stunning naivety brought you such hits as 'Safe Harbour' and their follow-up smash hit 'Privacy Shield'

        I think it's largely written by the group who were severely critical of that garbage. In fact, ISTM that it's the response to those that's finally worked its way through the legislative process.

        1. streaky

          It's a commission regulation. It's arguably worse in many respects, when the European Parliament tried to get the fines (modestly) increased the commission did the normal EU thing and took them out to the woodshed and bashed them with a 2x4 until they complied - and it's still enforced by the Art 29 clowns under a new name. Same shit, different day. Also it's going to be all on Ireland once again and they're - again - mysteriously (nothing to do with tax collected, obviously) not going to have the resources to deal with the issues that arise. It exists purely to annoy US companies and promote the *appearance* the commission recognises the existence of the Charter rather than actually give EU citizens any protections.

          The day the UK manages to leverage itself out this shitshow...

  2. malle-herbert
    Big Brother

    Privacy died a long time ago...

    Even before 9/11 there were lot's of incentives (economic or otherwise) to spy on others and gather as much data as possible for purposes of law-inforcement.

    These days thanks to the internet it's just a lot easier to gather information since everyone and everyting is connected...

    I think data-monetization is just the next logical evolutionary step...

    1. Anonymous Coward
      Anonymous Coward

      Re: Privacy died a long time ago...

      No, privacy isn't dead yet, but to understand that you have to observe a curious hole in the IAPP's coverage - a hole that has existed for as long as it has been certifying people.

      Once you have found that, you may understand that all that shows at IAPP may not be the actual game.

  3. Anonymous Coward
    Anonymous Coward

    I fear more Facebook, Google & C...

    ... than NSA & C. Because they are more greed, and willingly to monetize data quickly. That's not to diminish the danger TLAs poses, but let's not look at it only, while commercial companies gather and use private data at will - and often against a large number of usersproducts, if that means large revenues for the few real users of this system.

    Anon, for obvious reasons <G>.

  4. SW10

    "Great Repeal Bill"

    once Blighty departs from the EU's jurisdiction, we will need “a piece of legislation that mirrors GDPR carefully, so as to leverage the fact that GDPR was already put in place...”

    No we won't.

    That's exactly the intention of the misleadingly-named "Great Repeal Bill", which will transpose EU law into domestic law on exit day. In other words, GDPR (and all other EU law) will stand until the UK Parliament decides it needs to be changed.

  5. Down not across Silver badge

    Data transfers

    “We're part of the information economy now, and the data transfers between Europe and the United States are so incredibly important we simply cannot abide by not allowing these data transfers to occur.”

    Oh yes we can.

  6. Spanker

    Not clear to me if a data subject can withdraw explicit consent for cross-border transfer and have that respected. In practical terms, can I say to Vodafone that I don't want to deal with your India call centre?

    1. Doctor Syntax Silver badge

      "In practical terms, can I say to Vodafone that I don't want to deal with your India call centre?"

      India would need to show itself to be GDPR compliant.

    2. Anonymous Coward
      Anonymous Coward

      "if a data subject can withdraw explicit consent for cross-border transfer"

      This very question became a matter of vital and very real concern for me today. I'm long-term unemployed and finding it very difficult to re-enter the workplace because of a gap in my employment history brought about through a nervous breakdown and my previous employer not wanting to give me a reference. As you may know, parts of the social welfare (notably, what is called "activation" for long-term unemployed) have become privatised in recent years both in the UK and in Ireland.

      I received a letter last week "inviting" me to sign up with a company called "Turas Nua", with the threat that if I did not, my jobseeker's allowance would be cut. I attended the meeting today and discovered three very disturbing points:

      • there is zero privacy, since all "one-on-one" sessions are conducted in an open plan office
      • this private company already had all my personal details, as supplied by the relevant government department, though I had never consented to this
      • they are using the Salesforce cloud platform, a US company

      At the end of the session, after I had pointed out these things, I was asked to sign a declaration and consent form. It asks me after the fact whether my details can be processed by them. These are three massive breaches of the privacy of people being sent on these schemes. If I sign, I am effectively surrendering my rights to privacy and probably subjecting myself to a year of hell, while if I refuse, I will either lose benefits or find myself in a different kind of hell: that of fighting against the civil service to assert my right to privacy, a right that they don't seem to hold in very high regard.

      Before anyone complains and calls me a malingerer or whatever, I do want to get back into the workplace and I am doing what I can to make it happen. Short of lying about the period I've been unemployed or being shoved into a miserable job that I'm not suited to (both of which I've been advised to do in the past, and will no doubt be "advised" to me again by Turas Nua), I despair of being able to get back to meaningful employment.

      To bring it back to the topic of "Standard Contract Clauses" (the current fig-leaf used to justify data sharing with the US), I have two things to say:

      • Data shared across non-EU/non-GDPR boundaries needs to be protected to the same high level as the data subject's home country; and
      • States have a massive vested interest (thanks, in my case, for example) in these protections being weakened or removed to keep the wheels of globalisation and privatisation working.

      Corporate privatisation of our personal data is shaping up to be the next thing that's "too big to fail". We need many more people like Schrems if there's to be any chance of stopping this.

  7. John Mangan

    Could we have a ruling . .

    ...that from now on "rogue US sysadmin Edward Snowden" is always written as "heroic US sysadmin Edward Snowden"?

    It seems the least a civilized people could do.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020