Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

EU Data Protection Could Clamp Data Flows

timothy posted more than 13 years ago | from the verklampt dept.

News 174

Pointing to this Financial Times article, an unnamed reader excerpts: "'The wide-ranging directive aims to protect data about EU citizens against misuse worldwide. It is backed by the power to cut off data flows to countries that the EU judges not to have adequate data protection rules and enforcement.'"

cancel ×

174 comments

Sorry! There are no comments related to the filter you selected.

Re:What about Global Economy? (1)

Anonymous Coward | more than 13 years ago | (#238884)

They'll fine the company in a big way. Yes, they will forbid the corporation to share the data with itself. EU data protection laws forbid companies from holding uneccesary data, and give the individual the right to have data on themselves removed. If they want to do business in the EU then they have to play by our rules.

Re:US a developing nation? (1)

Anonymous Coward | more than 13 years ago | (#238885)

No, the US is a stagnating nation.

Directed POINTEDLY at the US (2)

Jeremiah Cornelius (137) | more than 13 years ago | (#238887)

What the Financial Times article makes very clear in its opening statement, is that this is directed principally at the US, in the face of deliberate foot-dragging over regulation.

How would you enable this kind of sanction?

"O.K., All ARIN numbers are filtered at the perimeter!"

Jeremiah

What would you agree on? (1)

Chainsaw (2302) | more than 13 years ago | (#238888)

So, tell me this - what kind of pollution lowering agreement would you vote for? Or is it true that you don't give a fuck about the environment?

Voluntary dissemination (1)

Adrian Lopez (2615) | more than 13 years ago | (#238889)

I hope the EU won't impose restrictions over the voluntary sharing of personal information. People should have the choice to allow worldwide distribution of their personal data. Websites should have the right to collect and distribute data submitted for such purposes, regardless of where the website resides or how many countries can see it.

Consider a directory of people from around the world. The nature of the service implies that the data you submit shall be made available to anybody who requests it. There should be no restrictions on people's ability to submit their data under such terms.

I am very much in favor of rules forbidding the distribution of personal data without consent, but I hope the EU's rules will not make voluntary sharing illegal.

The USA is already doing this (5)

Tor (2685) | more than 13 years ago | (#238891)

USA already has extraterritorial laws of this nature. For instance, one law enacted circa 1997 says that any US citizen has the right to sue anyone from anywhere that does business with a Cuban entity (specifically, a Cuban entity which uses native Cuban resources that the US citizen considers his or hers). Not only that, but the lawsuit would take place in a US court.

Another one is the US law which prohibits trade with nations that the US considers to have "inadequate" copyright protections.

This legislation by the EU has been mentioned in Slashdot earlier, before it was temporarily shelved due to US pressure. The status quo is that US organizations like Microsoft can easily build up a vast array of information on citizens in, say, Germany, whereas German companies are prohibited from doing the same due to privacy protection laws. Hence, this law which applies the same standard to everyone who does "business" with Germans.

Not Very Good News for Sealand (2)

dew (3680) | more than 13 years ago | (#238892)

This could unfortunately be pretty bad news globally for countries like Sealand that are attempting to establish themselves as autonomous free information states. If a sufficient number of countries are banded together to snip access to "rogue states" the Internet could end up less than the free utopia that we've been hoping for. Economic sanctions could be imposed upon nations that permitted access to non-compliant states. Oh well. We didn't need freedom anyhow.

David E. Weekly [weekly.org]

** LIBERTARIAN BS ALERT ** (1)

Nicolas MONNET (4727) | more than 13 years ago | (#238894)

Fuck your libertarian bullshit; what is restricted here is nobody's freedom. No citizen NEEDS to get that kind of information. No citizen CAN get as much information as to fall under those regulations. Ultra big corps, however, do. Big corps have money, power, exercise coercion when they need to, just like gov'ts. Therefore they are as dangerous as gov'ts as far as freedoms are concerned -- with one difference: you can't vote them off, unless you own a significant stake in them.

--

Re:'bout time the EU do this... (2)

general_re (8883) | more than 13 years ago | (#238895)

What's the first amendment got to do with the EU?

I think the point being made is that the EU directive would require the U.S. to pass laws violating its own constitution - I've never really considered it this way, but it's not a bad argument, IMO.

Suppose, for the sake of argument, that the U.S. passes laws to bring it in accord with EU requirements, and those laws are subsequently declared unconstitutional. What then? Data embargoes all around?

Re:EU has it right. (2)

general_re (8883) | more than 13 years ago | (#238896)

Just to play devil's advocate for a moment, why should it be this way?

Suppose I call you and your neighbors and, very politely, explain that I am collecting information, and I ask each and every one of you a host of questions - how tall you are, how much you weigh, your age, how much income you received last year, and what you had for dinner last night. And just to sweeten the pot, I offer everyone a free trinket if they cooperate (along the lines of t-shirts for college students when applying for a credit card). After the requisite hangups, obscenities, etc., I collect what I deem to be a sufficient number of responses to my questions (enough to serve my purposes, whatever they may be).

Now, nobody that answered me was in any way coerced - they were all free to refuse to cooperate. And those who did answer got something in return. Why should I not be free to take this information that I have collected, categorized, and analyzed, and do what I want with it? And if these people were so awfully concerned with their privacy, why were they answering me in the first place?

I think that if you are truly concerned with keeping your personal information private, don't give it out...

Re:EU has it right. (2)

general_re (8883) | more than 13 years ago | (#238897)

But they _did_ have a say in what happens to it - they could have chosen not to give it to me in the first place, particularly as I carefully avoided discussing WHY I might want such information. And if the people I might potentially sell it to are somehow less reliable than they might like, shouldn't they have taken that into account when choosing to respond to my questions?

I guess my point is that you always have a choice regarding how much information about yourself you make available to others - if your bank, insurance company, whatever, asks too many impertinent questions (from your point of view), you are free to take your business elsewhere. But once you've chosen to reveal it to someone/anyone else, then all bets are off. Data protection laws are an attempt, IMO, to bolt the barn door after the horse has fled.

To reiterate - if you insist on keeping some things secret, the only reliable way is to keep them to yourself in the first place. Your personal data is not a secret if you go around telling it to anyone who asks - and then act surprised when they do things you might not approve of with that information.

Re:EU has it right. (2)

general_re (8883) | more than 13 years ago | (#238898)

Most of the people you ask know nothing about the ways their data can be analyzed. Thus, they are protected from their own stupidity.

Perhaps. Or possibly they know, and don't care. Shouldn't (presumably) educated people in (we assume) advanced nations have SOME responsibility for their own interests at the *front-end* of the whole data collection process? If you ask The Man why he asks so many questions, and what he's going to do with the answers, and you aren't satisfied with what his response is, perhaps you ought not to continue to answer questions. In any case, I suspect that completely idiot-proofing the world is a rather large task - most likely, A) impossible, and, B) not worth the cost.

I don't claim that business is more important to people, only that if your information is really that important to you, don't let it go, or at least get something worthwhile in exchange for it...

Re:Get a Clue! (1)

Bo (13219) | more than 13 years ago | (#238913)

It is quite clear from the graphs in the map link that you provided, that US and Canadian citizens are emiting more than their fair share of CO2.
The idea of including the growth of forrests in the target is plainly unfair. Here in Sweden about 70% of the land is covered in forrests and we got a low population density so we could go about polluting like mad, but as I said it wouldn't be fair.

The US administration doesn't seem to be intrested in the environment at all. And most americans seem to be unintrested in doing anything that might hurt their wallets.
Without US commitments its going to be impossible to have countries like China and India agree to not reaching the same levels of emissions.

Please wake up and do something before the entire current eccosystem collapses. Change has to start now.The Kyoto treaty might be flawed but we can't wait around forever for an agreement. If a house is burning you don't stand around argueing about who's bucket to be used. Start acting on your own if you don't like the treaty but don't use it as an excuse for doing nothing.

Re:As usual, Gobmint doesn't understand Practicali (1)

Amanset (18568) | more than 13 years ago | (#238919)

Minor point, Sweden is a member of the EU (which is nice, as it made getting my Resident's Permit a mere formality). They are not a member of the single European currency, maybe you were getting confused with that.

Re:Get a Clue! (2)

Amanset (18568) | more than 13 years ago | (#238920)

"We have historically kept to ourselves"

Iran, Guatemala, Zaire, Vietnam, Dominican Republic, Indonesia, Greece, Chile, Laos, Cambodia, Angola, Grenada, El Salvador, Nicaragua, Afghansitan, Panama, Iraq, Haiti and Yugoslavia all in the second half of Twentieth Century.

"but have been asked repeatedly to come across the big pond to help Europe defend itself against invasion (think WW 1 and WW 2)"

Blah, blah, blah, usual excuses for turning up late for a war which included one of the biggest acts of genocide in the past few hundred years. Ignores the fact that aid was given to Britain in return for using British bases in the West Indies to defend themselves against Japan. Ignores the fact that of the first four countries to declare war on Germany (Britain, Australia, New Zealand, France) only one of them actually did get invaded. Heard it all before, it is getting boring and tiresome.

Please remember that Hollywood isn't exactly the number one choice for historical accuracy. Perhaps you aught to look elsewhere.

Re:'bout time the EU do this... (2)

Amanset (18568) | more than 13 years ago | (#238921)

The EU accord basically makes it illegal for me to sell somebody else a mailing list I may have built.

No it doesn't. It means that if a country wants to do things like this which would violate our privacy laws if it was done in the EU, then we can decide not to let data flow to that country.

To make it illegal in your country we would somehow have to change the laws in your country.

This is a traditional approach (2)

Chuck Chunder (21021) | more than 13 years ago | (#238923)

Trade sanctions of one sort or another are traditionally used [iie.com] to bring human rights abuses (and other political goals). It doesn't seem much of a stretch to apply that idea to the trade of information.

Re:EU has it right. (1)

Gorgonzola (24839) | more than 13 years ago | (#238924)

The point is that you may be a nice guy who is trusted by your neighbours. However, the guy you are selling the data to may not be trusted by your neighbours at all. Since this data regards their lives, they would probably like a say in what happens to it. It is a bit like having a friend, but not expecting to become a friend with all her or his friends and retaining the ability to choose your own friends and the level of trust you put in them.

Re:EU has it right. (2)

choco (36913) | more than 13 years ago | (#238926)

>But they _did_ have a say in what happens to it -

Yes. The important thing here would be whether they had an INFORMED say in what happens to it. Did you tell them what you were going to do with it ?

The basic principle behind EU law is "informed consent". You can collect data for (eg) marketing purposes but the people you collect it off must be aware that you are collecting it for that purpose and you must tell them everything you intend to do with that data. If you later decide you want to use the Data for another purpose then you cannot use the data you have collected unless you go back and ask permission.

>particularly as I carefully avoided discussing WHY I might want such information

Then that would make what you did unlawful - In the UK deliberately concealing the reason for collecting data is a criminal offence punishable by huge fines and/or time in Jail.

The thinking behind UK/EU law is that it is inevitable that Personal Data will have to be collected by companies. There is no realistic possibility of consumers having a real choice to withold it. So it attempts to strike a balance - to allow consumers to release vital information in the knowledge that :

1) They know and control who has the information

2) They know and can control what it is going to be used for

3) They can check information held on them.

4) They can have errors corrected

5) That they cannot be required to give more data than can be reasonably justified for the intended purpose.

6) That personal information will be held securely.

>shouldn't they have taken that into account when choosing to respond to my questions?

We have decided that attempting to trick people into revealing personal data is dishonest. The UK and the EU have decided that the law should prevent companies working in that devious way, prevent them from trying to trick people or catch them out. - And prevent them for using (eg) their size or market share from coercing people into releasing information with no safeguards.

This is nothing new in the UK - the laws were first created over ten years ago and passed through our legislatures with great ease and with the backing of almost all politicians of nearly every party.

>you are free to take your business elsewhere

Not if there is no "elsewhere" which doesn't also try the scam. A choice is only a real choice if people have a real alternative.

In reality people need things like insurance, so they have no real choice to withold information - the price would be too high for almost everyone.

If people are effectively forced to reveal personal information to companies it seems reasonable that companies are legally oblidged to treat people's information with respect.

A year or two ago I (and several other people) reported a company which had been directly flouting the UK data protection laws to the Data Protection registrar. They were abusing my Fax number. Recently I had the pleasure of being informed that the company I complained about had been Liquidated (bankrupted), closed down and the directors of the company were fined tens of thousands of pounds each.

The UK Data protection regime works. The rules are tough and enforced firmly. So companies working in the UK take them very, very seriously.

The UK/EU stance is about one thing only - preventing companies operating in the EU from exporting the data they collect in the EU to other countries in an attempt to force a loophole into our Data protection rules.

If you don't actually operate in the EU then the rules do not affect you.

If you only collect data outside the EU then the rules do not affect you.

The rules only affect data collected in the EU about EU citizens.

But if you collect Data under EU rules then the EU is making those rules watertight to prevent them being abused.

A good idea but... (1)

xixax (44677) | more than 13 years ago | (#238936)

These treaties work because there aren't many people in antarctica or on the moon. The basic problem is that the internet circumvents many of the things that make it worthwhile to be a nation. To approve that is to approve the dilution of their powers (for example taxation). While I wouldn't discount the possibility of a selfless solution, I'm more inclined to think that there are many more nations with an interest in regulation than there are against.

As long as the police can confiscate your computer, they can jail you for breaking national laws. The kiddie pR0n issue alone is enough reason for most countries to want content control.

Xix.

Re:'bout time the EU do this... (1)

Betcour (50623) | more than 13 years ago | (#238937)

where do you think the electricity to run it came from

Over here it comes from a nuclear power plant. Oh yeah, I forgot Bush Jr was in the pocket of the oil industry ...

Re:No difference... (1)

Betcour (50623) | more than 13 years ago | (#238938)

Governments are self-perpetuating

Such is IBM, Microsoft, McDonalds, Sony, etc... they are even much more self-perpetuating and powerfull that many third-world governement.

if you will, deciding with their pocketbook

I'd rather decide with votes - as pocketbook size vary from citizen to citizen (and then, why should Bill Gates have a higher decision power into those things than you or me ?)

Governments, by and large, don't respond to such economic factors as rapidly

And this is good - governement should care about people, not their pocketbook. Your idea of "democracy" is really sick if you believe money is the thing that matter.

Re:it's about time... (1)

Betcour (50623) | more than 13 years ago | (#238939)

The US population is about 275 M - Europe as a whole is 727 M, with about 300 M in the European Union (and more to come with the coming arrival of Poland and other eastern Europe countries).

That's according to the Population Reference Bureau at http://www.prb.org/

Correction : (1)

Betcour (50623) | more than 13 years ago | (#238940)

European Union is not 300 M but 368.7 M people right now - so it's already well ahead of USA :)

Re:Correction : (1)

Betcour (50623) | more than 13 years ago | (#238941)

Except it's only a trade agreement (as the USA are only worried about economy), while EU is about a common governement, army and foreign policy too (in the making right now :)

Re:Get a Clue! (2)

Betcour (50623) | more than 13 years ago | (#238943)

We have less than 20 years worth of data. That is in no way conclusive.

20 years of data ? Are you sure you weren't sleeping during class ? Ever heard about digging ice in the antarctic and looking at air samples in it ? We have data over the air composition for several 1000's or years. There are very precise graphs showing the rise of carbon since the 19th century (industrial age).

The issue for Kyoto is being tied into something which is detrimental to our citizens.

No - it is detrimental to the businesses - not the citizens. What you say is a huge lie that trie to make business=citizens, and is widely used by corporations against any regulation. Saving the environement is about saving the life of those who live in it. I don't care if that means cutting by 2% the profits of Texaco.

What about Canada? (3)

Dwonis (52652) | more than 13 years ago | (#238945)

Let's say Canada gets satisfactory data protection laws. Since most of Canada's packets go through the US, will be be cut off too?

Also, aren't the links privately-owned?

I support legislation against various network DoS attacks (including spam), but this is rediculous.
------
I'm an assembly guru ... What's a stack?

Re:We need some international treaties (1)

Baki (72515) | more than 13 years ago | (#238949)

With Internet becoming more important in our daily lives, it is a utopia (or maybe a nightmare) thinking that you can just leave it without any regulation. I agree that most new laws, related to Internet and Information Technology in general, are bad and are the product of ignorant und bribed politicians. But declaring the Internet to a kind of law-free zone is another extreme that is no good either. We don't want a society without laws, since it would be an anarchy and disintegrate, or some monopoly/corporations would take over. With the Internet becoming more and more a part of normal society, it needs laws too.

In a utopia, the world can exist without laws, and everyone will keep sensible rules by themselves. The real world, alas, is different.

We can only hope that the current generation of politicians, who did not grow up with IT and therefore makes stupid decisions, is replaced by a younger generation soon, before stupid laws being implemented right now have done too much damage. In the meantime we must fight and lobby to contain the damage being done.

Fight all firewalls (2)

RGRistroph (86936) | more than 13 years ago | (#238950)

Did anyone else notice that this article from a European publication about how European governments would threaten to cut off connectivity to countries that didn't protect your data tried to set no less than 4 cookies from various domains ?

What follows is mostly a re-post of a caffeine and sleep deprevation induced manifesto I posted [slashdot.org] in the article on Cult of the Dead Cow's recent product announcement.

Distributed proxies and access to the web

There is a huge benefit in an easy way to access the web from controlled and possibly opressive environments, such as from behind company or school firewalls where administrators check on traffic, or from UN Human Rights Commission [yahoo.com] type countries.

If Chinese grandmothers and high school students could easily read anything on the web, then China would be less likely to end up in a war with us or Taiwan. The Chinese are not going to like America or agree with us because they can read the propaganda and claptrap our press spews out every day, but they will have a different sense of perspective (perhaps more cynical) and they will be less likely to get into a froth about the spy-boys being a little rough with the planes. Suffice that I think that the more the people of the world can see and hear of each other, the safer the world will be. The Truth Shall Set You Free.

Of course, if you give people in communist countries a safe, unblockable way to access a set of http proxies which can then get the web pages, then the same system can be used for someone in Europe to use paypal.com in spite of the best intentions of their paternal government. It can also be used to post to slashdot in spite of the fact that you've been modded down 5 times in the last 24 hours. If Saudis can access porn, then The WIPO Troll can post fecaljapan.

The dailynews.yahoo.com link is a good example: it is unlikely that you can easily visit it from China. Look at these stories:

  • Punching Holes in Internet Walls [nytimes.com] , a New York Times article on attempts to circumvent access restrictions from countries that "protect" their people from information. (Here are the obligatory partners [nytimes.com] and channel [nytimes.com] links.)
  • Beijing Declares Victory But Chat Rooms Are Skeptical [nytimes.com] , a New York Times article on censored web discussion boards in China. If Chinese could safely access web sites outside the country, they might use uncensored web boards. (Again, channel [nytimes.com] and partners [nytimes.com] links.)
  • www.realmapping.com [realmapping.com] , attempting to keep a database of IP addresses and geographic position. See some technical information here. [realmapping.com]
The links describe a tit-for-tat battle between the Communists ( and others, conservative Islamics, for example ) on one hand, versus the people of those nations and those who would offer them information on the other. China and others don't firewall based on the content of the data passing through; they just generally block connections to specific places, by DNS name and IP address. People found they could use a proxy service such as safeweb to get to the unfiltered Internet. Then the Communists blocked access to Safeweb. Safeweb started mailing out a new list of sites which were running the safeweb proxy, and the Communists would rush to block those and the safeweb folks would rush out a new list. Eventually the safeweb people came out with a way for individuals in the free part of the world to run a proxy that accepts connections and redirects them to safeweb, that is the Triangle Boy [safeweb.com] system.

This doesn't even touch on the persistent and heroic efforts of employees everywhere to read 2600.com, fuckedcompany.com, and other blocked sites while on the clock. And numerous attempts by *_sporks everywhere to . . . nevermind, no one sympathizes with *_sporks.

Something like realmapping system might be used by gateway machines in China to track where offending users are inside China. A Triangle Boy running both inside and outside the wall is needed to let everyone see the all the internet they want (violating EU directives by sharing personal information if that's their desire).

For a gnutella/freenet to fix the internet access problem, it has to be undetectable by the European/Communist firewalls (because the Communists will block all encrypted traffic, or find the student himself) and someone in the free part of the world must run a script to dump www.nytimes.com into the gnutella/freenet system. It would be much better to set up Triangle Boy without the single point to block, the central safeweb service, and doing something to hide and disguise the web page requests and content.

This hard to do. A system that doesn't hide and disguise the traffic risks the Communists blocking all encrypted traffic or harassing users, but maybe it can work if enough people use it. Maybe proxy and client combinations can hide their real traffic in the meta tags and comments of innocent looking web pages, or use other steganographic tactics, but you would have to be constantly upgrading those modules.

Without the central safeweb proxy, cooperation from publishers on the free side of the firewall is useless. This would have the effect of making it impossible for Yahoo to not display Nazi stuff to France, because they couldn't tell who was from France. Yahoo and the French, the Communists and their people, Rob Malda and the sporks will all have to realize that anything they put on the Internet is on the Internet for anyone who wants it.

We can force the world to choose the whole Internet or none at all.

Re:We need some international treaties (1)

pompomtom (90200) | more than 13 years ago | (#238956)

...and we've all seen how well those treaties work. A map of Antarctica reads like about five different pie charts overlapping with claims. The moon... well, who really cares right now? If that becomes a useful resource, you can expect the same.

Buckets,

pompomtom

Follow the money.... (1)

Observer (91365) | more than 13 years ago | (#238958)

From the article, it would seem that the dispute is now centering on the area of financial services, where confidentiality of personal data should be a matter of course.

Sounds as though the underlying problem is differences between the US and the EU on what is considered to be financial wrongdoing.

Consequences? (1)

Kreeblah (95092) | more than 13 years ago | (#238959)

Does this count IP tunnelling to Europe? I think some businesses would be more willing to comply with stringent regulations if it ment the survival of their overseas branches . . .

Data Protection Legislation (4)

The Trinidad Kid (96681) | more than 13 years ago | (#238960)

First up, I have registered a number of organisations under the UK data protection act, work for a major UK bank, and am a politician manque so I know what I'm talking about.

The data protection regulations affect:
(1) the storing of information about an individual in an electronic format which can be accessed via indexes.
(2) the storing of information about an individual in non-electronic format but with electronic indexes by which it can be searched and collated.

Data Protection regulations require an individual to give informed consent for any use of data that they provide. The customer relationship is protected (ie any organisation can legitimately keep data collected by them about thier clients).

This is a good thing, it protects the customers data - in databases. It does not affect data packets in transfer, or other non-indexed/databased information.

However if I take data from a customer and that customer indicates to me that I may make that information available to other bodies I can only pass that information over to those bodies under the condition that they respect the customer wishes. To this extent Data Protection legislation is viral like open source licenses. I, the customer, make my information available to you for you to do certain things with. If I permit you to distribute it, you may do so provided that my wishes are respected.

The US is not regarded by the EU as having appropriate Data Protection regulations (we think your money laundering regulations are weak as well).

Not necessarily harmless (1)

jaed (99912) | more than 13 years ago | (#238961)

Praise of the EU privacy laws usually focuses on the limitations it puts on corporations to share data collected about customers without their permission. So far this is all well and good, but the data protection laws affect other areas as well. Here's a discussion of problems found with the Swedish implementation of the EU data directive [dsv.su.se] for some examples of what the law can be used to suppress.

As far as I can tell, it's not really possible to be in compliance with the EU data directives without running into these suppressive effects on noncommercial speech and criticism.

Re:What about Canada? (2)

cperciva (102828) | more than 13 years ago | (#238962)

Let's say Canada gets satisfactory data protection laws. Since most of Canada's packets go through the US, will be be cut off too?

This raises a point worth making. At one point there were Canadian laws which stated that data traffic which originated and terminated within Canada could only be carried on Canadian networks. It was illegal to send data from Ontario to BC via the USA, because this would hurt Canada's telecommunications companies.

These laws were removed some time (IIRC, about 10 years?) ago, when Canada realized that by forcing Canadian companies to do business with Canadian telecoms they were causing companies to move down to the US to evade these laws.

I think the same is likely to happen with the internet as well: if countries start imposing heavy restrictions on what dot-coms can do, they'll just move to the next jurisdiction.

We need some international treaties (3)

cperciva (102828) | more than 13 years ago | (#238963)

We need some international treaties -- like those regarding Antarctica and the moon -- which tell nation-states to keep their hands off the internet. Legislators don't understand the internet, so the only way intelligent regulations are going to be put in place is when they come from the internet community (eg, IESG).

Re:EU has it right. (1)

yooden (115278) | more than 13 years ago | (#238966)

Why should I not be free to take this information that I have collected, categorized, and analyzed, and do what I want with it?
Most of the people you ask know nothing about the ways their data can be analyzed. Thus, they are protected from their own stupidity.
I think that good laws are better than bad laws, no matter which one is more popular. (Lots of good did the very popular death penalty did to the US crime statistics.) That's the reason for democracies to be representative.

Anyway, why do so many people think that business is more important than people?

Re:EU has it right. (1)

yooden (115278) | more than 13 years ago | (#238967)

Shouldn't (presumably) educated people in (we assume) advanced nations have SOME responsibility for their own interests at the *front-end* of the whole data collection process?
Yes, they should. No, they don't, because they have been down-entertained to morons. On purpose. Ever heard of the show 'Big Brother'?

I don't claim that business is more important to people, only that if your information is really that important to you, don't let it go, or at least get something worthwhile in exchange for it.
Again, yes, you shouldn't do that, but again, most don't realize the consequences. First of all that your data is not kept for one analysis, but for life.
With the European law (as I understand it) you could only rent out your data, and I would like that very much. I'm a quite happy customer at Amazon, and them knowing about my preferences helps a lot. But if I ever reconsider I want to have sovereignty over my data.
I'm not allowed to sell myself as a slave, only to rent me out.

Re:it's about time... (1)

airgee (118217) | more than 13 years ago | (#238972)

According to the CIA World Factbook [cia.gov] in millions, EU=350M, US=276M

Details : (I probably forgot a few members, but the list is just from memory)
.de: 83
.fr: 59
.uk: 59
.it: 58
.sp: 40
.nl: 16
.gr: 11
.be: 10
.se: 9
.dk: 5

What about Global Economy? (2)

AMuse (121806) | more than 13 years ago | (#238973)

Interesting. I wonder what they'll do when a corporation that has a precense both in EU and another country (For example, USA) has data on a citizen. Forbid the corporation to have the data? forbid the corp to share it with itself outside the country?

Sadly, in a world of Corporations larger than most Governments (cisco, McDonalds', Toyota, Sony), this type of border-reliant protection scheme is little more than lip service.

Show me a plan that actually protects me from having data about myself misused in the name of profit, or collected by corporations and sold to my government, and you'll have me drooling. Otherwise, I call shenanigans.
------------------------------------ --------------

"Cutting off" is incorrect (5)

Animats (122034) | more than 13 years ago | (#238974)

That's just alarmist. All the EU Data Protection Directive [privacy.org] affects is privacy of personal data, data that has somebody's name, address, etc. attached. If you collect such data within the EU, you can't use it in ways the owner of the data (by law, the person mentioned) didn't specifically approve. To make this enforceable, the EU prohibits getting around the EU rules by sending such data to areas with weaker rules, unless there's an enforceable agreement in place to protect the data while it's outside the EU. The EU has had rules in this area since 1981, and the current rules date from 1995. So this is old stuff in the EU. US complaints are mostly whining by the Direct Marketing Association. [the-dma.org] Even the DMA, though, points out that companies which actually comply with the DMA's own "principles" don't have real problems. What scares them is that the EU Directive has enforcement power behind it. If a company misuses your personal data, it might be denied the right to maintain files of personal data at all.

Basically, it put a lid on most slimy marketing practices that misuse personal data. Too many US companies are used to getting away with this, and much of the direct mail industry depends on it.

But it has zero effect on open source or anything like that.

Swedes safe, be at Australia may be at risk... ;-) (2)

ivi (126837) | more than 13 years ago | (#238975)

Australia's data privacy legislation is still dim.

Companies can do pretty much what they like.

Having said that... it -really- bugs me whenever I try to lookup a Swedish friend's telephone number online... it's just not there!

(Where are the Asian companies who use their low cost of labor to produce cheap phone CD-ROM's - i.e. to key (or - hopefully - scan, these days) in all the data, e.g. from the Swedish [telefonkatalog] - when you need one -PLUS- a web site to host access to one of the resulting CD-ROM's ;-)

It's apparently unlawful to publish any Swede's details online (read: on the Internet).

Now, if one happens to be -in- Sweden, there are lots of data available:

Name, address, number & names of any children (unless born out-of-wedlock), taxable incomes - for both State & Local tax jurisdictions, et al.

Just visit any Swedish Tax Office [lokalaskattekontor] and ask - even in English! - to use the Public Data Terminal... and all that data can be accessed, as well as a summary of the individuals' most recently processed tax records!

You'll be able to use the Tax Office's gear & network (protected from modifications by downgrading of access rights to "Public User") costfree (unless you want a printout).

Thus, we have come the full spectrum from restrictive Sweden (which protects the rights of its residents)...

...to Australia (whose government seems to treat its people like the graziers treat their sheep) - fair game for any outsiders, who would exploit the data unduely.

Go figure!

Actually, this story is a bit dated... can anyone in Sweden (or recently returned from there) confirm that it is still as it once was (not so long ago)? TIA

An amazing idea!!! (1)

evilviper (135110) | more than 13 years ago | (#238978)

It's long past time for a revolution!

What's it say in the bible again? "The GEEK shall inherit the earth"? Well I'm tired of waiting. I say it's time that we unite and make our demands felt by world governments.

No matter what country you live in, the government's only power against you is the power you give them. If people said they will not stand for censorship, and were willing to stand up for that, a shockwave would be felt across the world like has never happened before.

Everywhere, people's answers have been to sneak around their opressor's system, leaking information through the cracks, but does small scale civil disobedience accomplish anything? On the internet, your right to protest does not exist. If you protest on-line, you are no longer allowed on-line. While several segegrated one-man protests may be happening independently, they will do no good segegrated, especially by individuals who are scared away at the first threats of prosecution.

Right about now, most people would say it was a rant, or something similar, but I won't. I stick by my words, and by my convictions. If you think it's stupid or what-not, move along, and remember the famous revolutionary quote: "Those that are willing to trade freedom for temporary security, deserve neither security or freedom."

Re:An amazing idea!!! (1)

evilviper (135110) | more than 13 years ago | (#238979)

No

This could be a dangerous precedent... (2)

ca1v1n (135902) | more than 13 years ago | (#238981)

It's a little scary that anyone, especially a power the size of the EU, is considering this. Granted, privacy is an important issue, but simply cutting off whole nations doesn't seem like a very appealing approach. This is about as friendly to a wired nation as cutting off diplomatic relations or placing 100% tarriffs. If another country has regulations that its culture deems appropriate, and well-enforced, it could still find disfavor with the EU, requiring either protracted disconnection or invalidating of the policy. The result is you're either overbearing or ineffective, but never hitting it right. Perfect enforcement isn't possible, but a more traditional approach might better serve the citizens of the EU and maintain diplomatic relations.

Re:What does this mean for... (1)

Bodnar42 (138383) | more than 13 years ago | (#238982)

No. I saw a photograph of Sealand once, thus some of the data went directly to the USA without going through the EU Internet infrastructure.

Wouldn't that be implying that some of Sealand's data went directly to the USA because you saw a photograph of Sealand?

Sorry, I couldn't help but leap on a grammar error by the infamous grammar nazi...

-Bodnar42

Re:Anytime a government... (1)

TomV (138637) | more than 13 years ago | (#238983)

Governments can't run health care, the mail, or ...

The UK one does a pretty good job of both. OK, it's not perfect, but what is? You'll get the operation eventually. Your first class letter will almost certainly arrive at its destination for 9am the next day.

And if there's a popular will for the government to do something, even if it seems unlikely to succeed then that government ought to make a sincere effort. Democracy, it's called.

The right to Privacy is enshrined in the European Declaration on Human Rights. It's a bit like the US Constitution insofar as it provides a set of principles which national laws within the EU can't breach. And rather a good thing, too.

TomV

Re:What about Global Economy? (2)

TomV (138637) | more than 13 years ago | (#238985)

Interesting. I wonder what they'll do when a corporation that has a precense both in EU and another country (For example, USA) has data on a citizen. Forbid the corporation to have the data? forbid the corp to share it with itself outside the country?

We're one such company. Our UK presence has data-sharing agreements with a sister company in the US (they do our web-hosting, amongst other things, so need some subscriber-related data).

I'm not sure of the details, but basically we had to draw up a data-handling contract between the UK and US companies, defining very specifically how transfers of personal data would be dealt with, and protected in the US. This then went to the Data Protection Registrar for approval, and once approved we could just get on with it.

The regualtions don't prevent all EU-outside transfers of personal data, they simply state that if the 'default' protection in the other territory isn't up to scratch, further binding conditions must be applied before data is transferred.

TomV

Re:Implementation Issues (2)

TomV (138637) | more than 13 years ago | (#238986)

There are two ways I can think of:

Physically interrupting network connections to various countries. ...

The EU would attempt to block traffic to and from a certain set of IP addresss....

Much simpler than that, actually. In the great Tony Blair tradition, here'sthe Third Way:

The European party to the data exchange gets charged, tried and convicted, has to pay a gargantuan amount in fines and punitive damages, loses it's credit rating dueto the judgements against it, and potentially its directors spend a bit of time behind bars.

That would tend to work quite well

TomV

Re:Those Bastards!! (1)

NoMaster (142776) | more than 13 years ago | (#238988)

Sen. Hon. Richard K R Alston
Australian Federal Minister for Communications, Information Technology & the Arts

I think you may have mis-spelled that last word...

Re:Voluntary dissemination (1)

Inez{R} (144441) | more than 13 years ago | (#238989)

I think voluntary sharing of your data is still accepted. The scheme someone mentioned, in which you answer questions and receive goodies in return, happens here in the EU too. It's just that people are protected against being forced to give all kind of very personal data to companies. Still, most people I know here have some trust (more than US-citizens, why should that be?) in the ability of governments and consumers to blow the wistle and do something about misuse, in case that should happen.

I for one am glad that the EU cares enough about my privacy to make regulations about it. If we left this to international companies, the only right we would have was to give more of our data to them.

Inez.

Re:EU has it right. (1)

blirp (147278) | more than 13 years ago | (#238990)

Now, nobody that answered me was in any way coerced - they were all free to refuse to cooperate. And those who did answer got something in return.

Think of it this way: I allow you to use some information of me anyway you like as long as you don't give it to anybody else. That has one price. A t-shirt might be enough. Or maybe I jus like you.
If you want to share my information with others, you need to pay me more. Since I cannot limit the number of copies you make of the information. The only possibility is to make laws that enforce that limit.
As such, it is very similar to other copy-limitation-agreements for other easy-to-copy items.

M.

Re:Not Very Good News for Sealand (2)

General_Corto (152906) | more than 13 years ago | (#238992)

Surely the whole point of these regulations is that they are attempting to maintain people's privacy. Now, so long as HavenCo decides to have a proactive stance on data protection (it would be ironic if they didn't, seeing as data protection is the whole point of HavenCo in the first place), then they should be spared any problems.

Regardless, with things like FreeNet and other 'clouds of data' springing up, there's going to be no way for the EU to effectively police something like this. Kudos to them for wanting to try though - one of the things I was most impressed about with Germany when I lived there was their bordering-on-paranoia feelings towards privacy. Not even the banks can legally hold complete records after a not-too-long period of time.

Can't wait. (1)

DaRkJaGuaR (161464) | more than 13 years ago | (#238993)

To see the EU block all data too-from the US coz its passed yet another law undermining people. It ousnds good and it'd owrk against lets say..sudan whcih has 1 ISp and about 200 users, but hte biggest abusers, corperatins reside in the good 'ol US of A and i cna't se ethe EU ever blocking that off. Pity really, world would be a better palce if all the good stuff moved to EU hosting and the US wa left to rot. COz its rotten itself.

Re: Voluntary dissemination (1)

3247 (161794) | more than 13 years ago | (#238994)

I hope the EU won't impose restrictions over the voluntary sharing of personal information. People should have the choice to allow worldwide distribution of their personal data.

If you had actually read the EU directive, you would know that it only relates to EU companies giving personal data to non-EU companies where the data is less "safe".
The idea is that the EU regulations on privacy may not be circumvened by just sending the data abroad to abuse it.

Of course, if a user gives data directly to an US company, this is basically the user's own decision and only his/her problem.

Get a Clue! (1)

Beowulfto (169354) | more than 13 years ago | (#238995)

Please know what you are talking about before you post. I am just finishing up an Environmental Law and Policy course in which we spent many hours reviewing and discussing the Kyoto Protocol. If the US were to sign on to this, they would be put at a huge disadvantage. While the US would be forced to spend millions or even billions on upgrades to its manufacturing infrastructure, (much of which would be a burden on private industry), other developing nations would not be held to strict guidelines. China in particular would be able to continue to build coal and oil fired power plants without regard to pollution controls. It is the uneven playing field that holds up US compliance with the Kyoto Protocol, not an uncaring attitude. My class was filled with environmental supporters, but through discussion it became apparent that very few would support signing onto something that put us at a large disadvantage.

As to the spy-plane episode. Wake up and smell the coffee! The Chinese were the ones who were breaking every applicable international law. The US plane was in international airspace when the collision occurred. The Chinese fighter jet, which is far more maneuverable than a DC-10 jumbo jet and was piloted by an established hot-dogging pilot, collided with the US plane which was flying flat and level. (Anyone who has driven trucks will understand this. When a car and a truck are in an accident, 99% of the time it is the cars fault since they are faster and more maneuverable than the trucks.) The remaining jet led the US plane to it's base, at which the US plane had every right to land since it was in danger. At this point, the crew was illegally detained, and were not even allowed to be visited for many days. This illegal Chinese action appeared to occur because the Chinese government didn't/doesn't have control of it's military.

I would say that we are involved in more international even than we should, but you know what? The world asked for it. We have historically kept to ourselves, (unlike the Empirical British), but have been asked repeatedly to come across the big pond to help Europe defend itself against invasion (think WW 1 and WW 2). Now we are unwanted. Gratitude isn't what it used to be.
----

Re:Get a Clue! (1)

Beowulfto (169354) | more than 13 years ago | (#238996)

raising CO2 levels by over 30 percent in the past century
We have less than 20 years worth of data. That is in no way conclusive.

Global warming may hit the third world harder than the US, but the US will be affected too. It does not look to be worthwhile to take Draconian measures to reduce emissions, but a middle road looks economically feasible.
Unfortunately, Kyoto is not the middle of the road.

Did anyone in your class have any suggestions other than simply allowing atmospheric CO2 to grow without limit? It's easy to criticize the Kyoto treaty. It's another to try to come up with a constructive and realistic alternative.
The issue for Kyoto is being tied into something which is detrimental to our citizens. While there is wide support for reducing CO2 emissions themselves, being forced into it is not a viable option. To force businesses to comply would be an undue burden on many of them. So the solution is to find the middle ground. Kyoto will never be signed by the US. However, another agreement might be, so long as it is equitable.

Another issue when dealing with Global warming or CO2 emissions is the fact that there is no immediate return to the enormous investment. We can spend billions to reduce CO2 emissions, but we will not see any result in our lifetime. These measures are an investment in our future, and that is difficult to convey to many people. Realize that it is not all-or-nothing issue. We can take steps to reduce emissions without being tied to Kyoto.

Here is a map [grida.no] of CO2 emissions in relation to Kyoto.

The following is a recently published book on Kyoto: The Collapse of the Kyoto Protocol and the Struggle to Slow Global Warming [cfr.org]

If anyone wants more info regarding Kyoto, just e-mail me or reply to this post, and I will get you more links.
----

Protecting my rights! (3)

lga (172042) | more than 13 years ago | (#238997)

I think some people here are misunderstanding the Data Protection laws. No one said anything about cutting off all net access to other countries. The law prevents the transfer of Personal Details and customer specific data, eg databases containing details of what I bought. No other data is affected, so there won't be any severing of internet connections. If a company does transfer customer data to a country with less protection then it will be liable for prosecution.

I think this is a good thing. The EU Data Protection laws are there to prevent misuse of personal data. An example: If I were to buy a book from a multinational company in the UK then I would have to give them my address for delivery. At the same time, I would check the box marked "Please tick this box if you do not want to receive special offers carefully selected companies" which would prevent my address and phone number being sold to another company that wants to sell me bookshelves to go with my new book. And who wants to recieve that phone call?

In order to get around the EU law requiring that they honour my request and don't sell my data, the company could send my data to it's US arm and from there sell the data back to a telemarketing company, which could then plague me with phone calls about bookshelves. By making the export illegal the company cannot do this.

I hope that all makes sense.

Steve.

Re:Get a Clue! (1)

Phronesis (175966) | more than 13 years ago | (#238998)

There's good reason for the uneven playing field with the Kyoto treaty. China and India simply cannot afford high-technology solutions, such as the U.S. and western Europe can. The US and Europe have done most of the damage so far (raising CO2 levels by over 30 percent in the past century, and we have the wealth to begin doing something about it. There is no way that China will sign onto a treaty that leaves all its people in the dark.

Global warming may hit the third world harder than the US, but the US will be affected too. It does not look to be worthwhile to take Draconian measures to reduce emissions, but a middle road looks economically feasible.

If you take the history of the treaty on the ozone layer as an example of how this thing might work, you can see that as China and India begin to industrialize to a significant extent, the rest of the world will be in a better position to apply pressure on them. At that point, the US may well have a competitive advantage in selling clean power technology that US industry has developed in the interim, under pressure from the Kyoto treaty.

The historical record shows that compliance with environmental laws and regulations in the US has cost less than half what industry estimated when the laws/regulations were enacted and that the cost to clean up pollution has tended to cost many times the initial estimates. Thus, regulating to reduce emissions of pollution turns out to be many times cheaper than polluting and hoping that we can postpone the cleanup, even when you factor in the opportunity costs.

Did anyone in your class have any suggestions other than simply allowing atmospheric CO2 to grow without limit? It's easy to criticize the Kyoto treaty. It's another to try to come up with a constructive and realistic alternative.

Re:Stupid Threats (1)

xelah (176252) | more than 13 years ago | (#238999)

If they had any at all they'd know that even if they removed all the direct connections with a sanctioned country connects could be made through any other country. The internet cant be policed at borders and service that claims it can do that is just lying to itself, avoid things like that is trivial.

Err....could I just ask; what are you talking about?

The data protection rules have nothing to do with the internet as such. They don't restrict 'data' in the general techy sense. The rules restrict what an organisation in the EU can do with information it has collected about individuals - names, addresses, buying history, etc. For example you aren't allowed to arbitrarily pass it on to anyone you choose.

IIRC, the EU wants to restrict EU organisations so that they can't pass data covered by these laws on to organisations outside the EU which are not subject to 'adequate' constraints on what they can do with the data.

Re:No difference... (1)

Scareduck (177470) | more than 13 years ago | (#239000)

I cannot see the difference between governments regulating data flow and, say, an ISP subscribing and actively employing some form of RBL type blacklist against spam.
Then you're not trying hard enough.

ISPs generally don't have policemen and armies at their disposal; governments do.

Re:Data embargo? (2)

Alien54 (180860) | more than 13 years ago | (#239002)

Well, This reminds me of the case of France vs Yahoo last year.

This is where the Value of the Internet is wiped out because everyone gets offended by what is going on in the next country, then the next province, the next city, town, or county.

A case where people prefer to be safe in their ignorance.

on the other hand, jerking the other guys chain with a high voltage cattle prod doesn't help either. You know, there are guys who will act as insulting as possible just because the other person gets upset about something, instead of acting with compassion.

Sort of cutting off the nose to spite the face. Cutting themselves off might do more harm than good.

Check out the Vinny the Vampire [eplugz.com] comic strip

Re:What about Canada? (1)

YKnot (181580) | more than 13 years ago | (#239003)

It's not about packets or internet links. It's about information being exported to circumvent EU laws. Person related information may not be exported to non-EU companies which do not meet certain privacy standards. It is irrelevant whether that data is transported by an internet packet, through a phone line, in a letter or on horseback. As long as the link is sufficiently safe and the non-EU company handles all person-related data from the EU according to EU standards, no one is going to complain.

Re:We need some international treaties (1)

YKnot (181580) | more than 13 years ago | (#239004)

Violations of the DMCA are actively pursued even if they happened outside of US legislation. Providers outside of the US are scared into pulling non-compliant websites, for example.

The other problem is the nature of the law: The DMCA prohibits making something available to the American public. Thus I can break the DMCA even if I have never set foot on US territory. The EU data protection directive on the other hand prohibits exporting data out of the EU. That law can only be broken by a EU citizen.

Re:We need some international treaties (4)

YKnot (181580) | more than 13 years ago | (#239005)

The directive isn't primarily aimed at the internet. It's about what companies are allowed to do with information on the net as well as outside of it. The main aspect is data gathered by financial institutions. That's mostly a non-internet thing.
Europe has a different, more restrictive view on protection of person-related information. Companies are trying to evade the restrictions by moving data across the border and having it processed by non-european companies. The regulation tries to stop this malpractice.
The EU has been accused of trying to impose laws beyond its frontiers. The regulation does not tell non-EU companies how they may handle data. It tells EU companies how they must not use data and forbids exporting that data to circumvent the law. This is not even close to the US pushing the DMCA beyond US territory.

Just a little late (2)

AaronStJ (182845) | more than 13 years ago | (#239006)

According to the article, these laws have been around a while now: "The directive, enacted in late 1998, has repeatedly caused frictions with the US, which has accused the EU of trying to impose laws beyond its own frontiers."

From what I can tell, the article is actually about the EU pushing through a "model contract" for companies that want to work through these data regulations... a contract that the US wanted to delay.

No difference... (1)

nz_mincemeat (192600) | more than 13 years ago | (#239008)

I cannot see the difference between governments regulating data flow and, say, an ISP subscribing and actively employing some form of RBL type blacklist against spam.

All forms of filtering/censorship/whatever are ultimately done by a human (or a committee thereof). Could be from as simple as writing a killfile on your newsreader, applying a RBL for your mailservers, or writing access rules for that router, etc., to something complex (at least socially) like this EU legislation.

The point is, every person (or group) has their own agenda, some will not agree with it while others will, all in the name of self-interest.

What makes the self-serving agenda of a governmental body more or less acceptable than some sysadmin or some corporation, etc.?

Re:No difference... (1)

nz_mincemeat (192600) | more than 13 years ago | (#239009)

ISPs generally don't have policemen and armies at their disposal; governments do.
In the physical realm, perhaps.

Enforcement methods of cyberspace "kingdoms" do exist - anything from "utility programs" to ACLs to Social Engineering (e.g. FUD) are just as effective.

e.g. Ever tried to connect to IRC using, say, an insecure WinGate or other insecure proxy? Or run a port scanner while doing so? You'll get k-lined, or worse...

Re:This has China written all over it (1)

nz_mincemeat (192600) | more than 13 years ago | (#239010)

Interesting, and the US is already doing it - but it hasn't and won't go too far.

Unlike Cuba, ostracizing China presents a much higher opportunity cost that will eventually have a measurable impact in cold, hard US currency (or the lack thereof).

'bout time the EU do this... (4)

nz_mincemeat (192600) | more than 13 years ago | (#239011)

Draconian from first glance, but it is indeed the best way to safeguard EU citizens' privacy (at least against entities outside the EU nations). Similar to the "ultimate form of security" - disconnecting the computer and bury it under meters of concrete (in terms of concept, effectiveness and amount of inconvenience caused.)

As for the U.S. diplomatic feathers being ruffled - it's about time somebody/something stood up to their schoolyard-bully style of foreign policy.

First the Kyoto accords, then the Spy Plane "accident"... all within three months!

Not a good idea (1)

metafoobar (195077) | more than 13 years ago | (#239012)

the only way intelligent regulations are going to be put in place is when they come from the internet community
Didn't we try that with businesses, leading to growth of monopolies (real monopolies, not like Microsoft which comes close, but not quite), and eventually a really bad hangover around 1929 or so?
We need some international treaties ... legislators don't understand the internet
Well, since the international treaties will be drafted by lagislators, that doesn't quite work. Let the IESG take care of the technical details, yes, but local policies have been working ok so far (yes, there are always exceptions), so I say until there is overwhelming evidence that local policies failed miserably, might as well keep them in place for now

Notes from someone affected (3)

glassware (195317) | more than 13 years ago | (#239013)

My legal department representative walked into my room the other day and announced, "I need you to work on the EU Data Directive." There's a surprisingly little amount of information to use.

So far, the explanations I have received from our vendors and our partners are unsatisfactory. People aren't really aware of the data directive; and those who are aware, refer to a clause called "Safe Harbor" that protects businesses that work on non-EU data but whose websites operate in the EU.

The most cogent explanation I have received so far is that the EU Data Directive acts as a "poison pill," attaching itself to any data that comes from the EU. If a website collects data on users from the EU, that data can never leave the EU - the exception being "safe harbor" companies who do not really have a presence in the EU. I haven't yet received a satisfactory explanation about how a website that operates in the EU and collects data about American users is affected.

Perhaps I should pose a business question: How can a website effectively mix US and EU data in a database? It sounds like we are in the land of do-as-you-please for US data, but anything from the EU cannot be shared, sold, or transferred to partners.

EU has it right. (3)

7-Vodka (195504) | more than 13 years ago | (#239014)

I really admire the EU informational privacy laws. They have finally got something right.

For those of you unfamiliar with the laws there, they basically state that to do ANYTHING with someone's personal information you have to have a valid reason and the person's permission.

This applies to information already collected before the passing of the laws.
It affects everything. Eg. a teacher can no longer just post student's grades.
Also, if you're collecting data, you have to have a valid reason and are under no circumstances allowed to share personal information gathered with other companies without the express permission of the individual.

This puts the advantage right back into the individual's side of the deal. And so it should.

"just connect this to..."
BZZT.

Re:What does this mean for... (1)

grammar nazi (197303) | more than 13 years ago | (#239015)

No. I saw a photograph of Sealand once, thus some of the data went directly to the USA without going through the EU Internet infrastructure.

Re:it's about time... (1)

Ollierose (202763) | more than 13 years ago | (#239016)

Well according to http://europa.eu.int/comm/eurostat/Public/datashop /print-catalogue/EN?catalogue=Eurostat&theme=3-Pop ulation%20and%20Social%20Conditions [eu.int] for the EU and http://tier2.census.gov/cgi-win/PL94-171/pl94data. exe [census.gov] for the US, The population counts are (for all 15 EU member states)
EU: 375346459
US: 268396514
I don't know about the relative area, but they look to be about equal on an atlas too.
As for Data sources, well... those two sites are the appropriate bodies for such things (US Census Bureau and Eurostat)

Re:What about Global Economy? (1)

jackb_guppy (204733) | more than 13 years ago | (#239017)

Actually, McDonald Corporation, USA like all corporations are a legal entity only in the country they were founded in. Try to do business in France -- a forgien company can not own more than 49% of a company -- See Disney and Euro Disney.

Each of these other companies have to obay all local laws... see: Compuserve Execs being fined and jailed.

Yes "leakage" occurs -- but whisle blowing can be BIG money in Europe.

Re:'bout time the EU do this... (1)

nickco3 (220146) | more than 13 years ago | (#239018)

The EU accord basically makes it illegal for me to sell somebody else a mailing list I may have built.


Yup. Just like it's illegal to sell that MP3 collection you may have built.


There's a pretty strong case that such a law would violate the First Amendment, kids.


Just think of it as being like copyright - personal data is owned by the person it describes, you can't distribute it without the owner's permission, and copyright is a clearly defined exception to the First Amendment.

Re:'bout time the EU do this... (2)

nickco3 (220146) | more than 13 years ago | (#239019)

I think the point being made is that the EU directive would require the U.S. to pass laws violating its own constitution - I've never really considered it this way, but it's not a bad argument, IMO.

The First Amendment is not absolute and has lots of exceptions, this would just be another one. For example, you could just think of it as copyright - personal data is owned by the person it describes. Copyright is a well established exception.

Because lord knows... (3)

HongPong (226840) | more than 13 years ago | (#239020)

...If people have different laws than us, they must be embargoed!

Oh yeah, that's what the US [did|does|tried to do] to Cuba.

--

Countries with heavy data flow problems... (1)

GeneralEmergency (240687) | more than 13 years ago | (#239021)

...should try overnights.

Sometimes the siren call of the troll cannot be resisted.


"A microprocessor... is a terrible thing to waste." --

Re:What does this mean for... (1)

Aztech (240868) | more than 13 years ago | (#239022)

Sealand is primarily supplied by GB I believe. This would put them OUTSIDE the EU. Not that they would be above the pressure the EU could bring to the table, political and economic
Wrong I'm afraid, the United Kingdom [bbc.co.uk] is a fully qualified EU member state, the only part they don't subscribe to is the monetary union (Euro). Obviously the UK is not on the European mainland, this doesn't mean they're not part of the EU though.

Re:We need some international treaties (3)

Aztech (240868) | more than 13 years ago | (#239023)

I can't see how it over-reaches territory, if you deal with a foreign country then you must abide by their domestic laws, this has always been the case. As a US company, if you try and sell a product into the UK and it doesn't meet their safety requirements or whatever, it will be deemed illegal, despite the fact it may be legal under US law. This isn't imposing law on another country since you can still sell the (potentially) unsafe product to your US citizens legally.

Remember this only affects data concerning EU citizens, if you're an EU company then you cannot sell data on EU citizens to countries that have questionable data practices, if you're a US company dealing with EU people they you must do the same, obviously a US company can do whatever it likes with data on US citizens.

This does in fact does make some sense, if they didn't put restrictions on foreign countries then EU companies would just move their customer databases abroad and then do whatever they like with it, and because the country is outside EU law, citizens would have no legal control of their data, this would just undermine the whole purpose of the law.

If you've ever seen the "UK-Info" CD, which lets you find out in depth data about households by aggregates data from the British land registry, ordiance survery, electoral roll, company house records, acorn demographics, phone listings etc, they move this data to the Cayman Isles [cia.gov] then process and cross reference it and sell it on a CD to the UK. If the CD was cross referenced in the UK it would break a number of data protection [dataprotection.gov.uk] laws. Because the information can flow abroad then be sold back to the UK in an aggregated form, it's not illegal, which makes a mockery of the law, so they're trying to ensure citizens have rights on their data if its passed abroad (and choose if it even goes abroad).

The requirements are for companies dealing with EU citizens not just companies within the EU.

I can't see any law solving this issue easily, there are too many loopholes to deal with. As with the UK Info disc, lots of disparate forms of innocuous information are obtained which in themselves aren't a problem, it's when they're cross-referenced and interlinked it becomes an issue, I can't see how the EU can stop foreign countries processing this information.

Enshrining privacy in the law is an honourable pursuit, but ultimately frivolous, if they don't get industry backing it will never work since companies will just hire lawyers to exploit any tiny loophole in the law. Therefore how do we get companies to respect our data? What is commercial incentive for a company to do so?

A few facts about EU privacy regulations (3)

mvdwege (243851) | more than 13 years ago | (#239025)

Ok,

I see a lot of posts which completely misconstrue the point of the EU Personal Data regulations. Whether this is simple ignorance, or fostered by US corporate propaganda I don't know, but I will try to set things straight a little, from my own experience with the Dutch version of these regulations, the Wet Bescherming Persoonsgegevens, or Personal Data Protection Act (I work for a bank, so I am supposed to know this).

First of all, it is perfectly legal for a corporation to build up a customer database and use it for marketing purposes. How long it is allowed to keep this database seems to be open to local regulations, but it is legal.

However, the sting is in what a corp is allowed to do with the gathered data. In effect, the data can only be used inside the corporation itself. It is strictly forbidden to share this with any third parties without the explicit written permission of the customer. In the Netherlands this is enforced pretty strongly, at my work we're not even allowed to give out info to colleagues from another subsidiary.

This is where the EU and the US differ: in the US it is accepted practice to sell customer data to third parties, and we've all seen the horror stories on Slashdot about the consequences of this (spam, among others). The EU is merely hardening its stance (and we've been negotiating for the last few years) vs the US and saying, unless you guarantee the integrity of our citizens' data by law, we will allow noone to export this data to you unless this integrity is protected by contract.

So for the record, this whole discussion is old news (but still interesting), and has nothing to do with the routing of internet packets, as I've seen some people suggest.

Mart

Stupid Threats (1)

xxxtac2 (248028) | more than 13 years ago | (#239026)

As usual a stupid threat made by lawmakers with any technical background. If they had any at all they'd know that even if they removed all the direct connections with a sanctioned country connects could be made through any other country. The internet cant be policed at borders and service that claims it can do that is just lying to itself, avoid things like that is trivial. A bit of encryption and some tunneling and voila! your past any software blocking available.
This threat is an ignorant response to a technology that is totally misunderstood, these goddamn politicians should get some real technical consultants to explain them why there ideas are stupid before they go around making outrageous claims and generally making themselves look stupid.

Re:Anytime a government... (1)

AndrewLankford (265011) | more than 13 years ago | (#239028)

Bump this guy up. He hit the nail on the head.

Re:This could be a dangerous precedent... (1)

AndrewLankford (265011) | more than 13 years ago | (#239029)

Ironic that the EU made this threat before the Chinese did.

Good for them (1)

Sarcasmooo! (267601) | more than 13 years ago | (#239032)

The EU is setting an example [ft.com] that the US should've been setting long ago. Personally I think the whole issue is only being demonized by a media and a government that both have a vested interest [junkbusters.com] in the globalization of businesses that routinely ignore privacy guidelines, and profit from it.

Re:Not Very Good News for Sealand (1)

Sarcasmooo! (267601) | more than 13 years ago | (#239033)

I think the ideal result (hopefully) will survive, because cutting off e-commerce that doesn't meet privacy standards will pro-actively force a lot of other countries to enact strong privacy laws, or deal with the implications of being 'left out' of the EU market.

Some facts on EU (2)

Caid Raspa (304283) | more than 13 years ago | (#239034)

The parent post in excellent example of Amerocentric ignorance.

they just need to route their packets through Sweden, who by dint of not being an EU member is freely exchanging packets with Russia, and has set up a service to do so.

Sweden is an EU member, but I suppose you could replace that with any non-EU member that has cable connection to Russia.

No, Sweden is just strongly suggested to stop routing to Russia. No problem they say, and then route their Russia-bound packets to Estonia, who quite happily sends packets through Byelorussia to Russia.

Most of the East European countries (e.g. Estonia) are negotiating about EU membership, and have trade agreements etc. with EU. Applicants have to harmonize their legislation with EU, so if they do not enforce this, their negotiations could be stopped. Perhaps a threat of discontinuing the trade agreements could do it, if the country gets stubborn. So, the strong suggestion would be propably listened to. Any goverment not listening to EU will be an ex-goverment, as EU membership has very strong support among leading politicians in almost all East European countries.

In EU-East Europe-relations, you should apply the Golden Rule:
The one with the gold writes the rules

Re:As usual, Gobmint doesn't understand Practicali (2)

vidarh (309115) | more than 13 years ago | (#239036)

This is completely bullshit. This has nothing to do with data in general, but with EU companies exporting privacy protected personal data (like your address, social security numbers or equivalent, bank information, e-mail address, telephone number etc.) without your expressed consent.

Re:EU has it right. (2)

vidarh (309115) | more than 13 years ago | (#239037)

If they know and don't care, it wouldn't hurt you to tell them how you would use the information, and obtain their express approval, in which case you could use the data the way you wanted.

The EU privacy laws doesn't stop you from doing nasty things with private citizens personal data, it prevents you from doing it without their knowing consent.

Re:Notes from someone affected (2)

vidarh (309115) | more than 13 years ago | (#239038)

Note: This is not legal advice.

Any non-EU based website can collect information from EU citizens without being affected.

Also, any non-EU data can be transported into the EU without problems.

The issue arrives when an EU based business collects and processes personal information in the EU, in which case that data can't be exported to a country without adequate privacy protection without the recipient adhering to the safe harbor principles.

Safe harbor in effect requires the recipient to abide by the same restrictions outside the EU as an EU based company would have to inside the EU, including not transferring the personal data received from the EU to any recipient in a country without adequate protection unless the recipient complies with the safe harbor provisions.

In other words: If personal data has been collected and processed in the EU, it will have to continue to be treated according to EU law, or laws that are practically equivalent, no matter where the data is actually moved.

Re:Voluntary dissemination (3)

vidarh (309115) | more than 13 years ago | (#239040)

I'm not a lawyer, but my company has been looking extensively into this, and I believe the following should reflect current EU law reasonably well:

Sites not situated in the EU, or that have a substantial presence outside the EU and process and perhaps also collects, the data outside the EU (a EU citizen accessing thei EU based companys website run and operated in the US, for instance), will not be directly affected.

Further, private citizens sending their information out of the EU can continue doing so.

Companies sending private EU citizens information out of the EU to a company voluntarily complying with EU's "safe harbor" rules (applies for the US and other countries with crappy privacy protections), or that have adequate privacy laws (applies for instance to Norway, which has always had strict privacy laws, and have harmonized their laws with EUs as a member of the European Economic Area) are still allowed to do so without any more restrictions than what they are bound with for use within the EU.

I also believe that companies that do give customers a real choice to opt in or out of transmission of their data abroad to a non-safe harbor complying company, and inform their customers of the consequences of letting their data be transmitted can do so. I haven't verified that, however, so if you plan on doing so and you're in the EU, check with your lawyer, and don't blame me.

The whole point of the law is to require the companies to get consent and force them to provide information on where they got the personal information about someone, if that can be reasonably achieved (and it can if they have bought the data), and what they plan to do with it.

And to ensure that the consumer can require the data to be corrected in the case of mistakes, or deleted provided it is legal for the company to do so and there's no contractual obligation on the person the data is about to let them maintain it.

ObDisclaimer: Don't do this at home. Check with your lawyer if you're a company that plan on exporting personal data from the EU. Not doing so can jeopardize the companys financial health, and possibly result in a prison sentence for you.

Re:EU has it right. (3)

vidarh (309115) | more than 13 years ago | (#239041)

Yes you may have a choice in the first step. But without the privacy laws that EU, and most of non-EU member European states have you have no control over what happens to that information once you've given it away.

What if you give your data to your bank because you're applying for a loan? Should the bank be free to sell that data without letting you know, or asking for your approval?

That is what the EU privacy laws prevents. A company can't collect personal data, whether they are giving a good, trustworthy, valid reason or not, and give or sell or do anythign with it, unless they've received your consent for that specific use.

There's so many valid recipients of personal data out there, that keeping your data to yourself isn't an option for most people.

Data embargo? (3)

Spy Hunter (317220) | more than 13 years ago | (#239044)

It is backed by the power to cut off data flows to countries that the EU judges not to have adequate data protection rules and enforcement.

If that's a threat, we truly have a global information economy. Think how silly that would have sounded ten years ago.

it's about time... (3)

janpod66 (323734) | more than 13 years ago | (#239047)

The US has been trying to dictate US-style business practices for a long time. In many areas that is actually good, but when it comes to privacy, US laws and practices are unacceptably poor. Rampant identity theft and theft of large numbers of credit card numbers and other customer information (kept around by web sites long after an order has been fulfilled) in the US are examples of that. It is good that Europe is putting their foot down on this matter.

And Europe certainly has the clout and experience to do so. B2C E-commerce has existed in Europe about a decade longer than in the US, and Europe itself is a multicultural economy comparable in size to the US and with a significantly larger population.

Re:'bout time the EU do this... (1)

TeraCo (410407) | more than 13 years ago | (#239048)

What's the first amendment got to do with the EU? PS: At the speeds being flown at, the prop aircraft was much more maneuverable.

Re:it's about time... (1)

roskakori (447739) | more than 13 years ago | (#239053)

The US has been trying to dictate US-style business practices for a long time. In many areas that is actually good [...]

For example?

Those Bastards!! (2)

Richard_Alston (447886) | more than 13 years ago | (#239054)

How dare they. We, in the "civilised" world, have come to accept that our constituants simply cannot be trusted to manage their own security. So we locked them out of the entire equation and have enacted laws that enable anyone with a big enough purse to help themselves to the public's private information. (What good is a secret if you can't tell anyone?) This is the only way we could appease the powers that be.
Now the f*cking European Union think they can tell me what I can do with my publics private information. It is mine and I will continue to do with it whatever I like.
Sen. Hon. Richard K R Alston

Re:Voluntary dissemination (1)

xanadu-xtroot.com (450073) | more than 13 years ago | (#239056)

Comment

--
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?