1
0
Fork 0
9x0rg.com/content/posts/infosec/europe-stronger-privacy-law...

28 lines
2.5 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

---
title: "Europe's stronger privacy laws"
date: 2016-10-03T22:47:00+06:00
draft: false
tags: ["data privacy","GDPR",""]
author: "9x0rg"
hidemeta: false
ShowReadingTime: true
ShowPostNavLinks: true
showtoc: false
cover:
image: "/images/"
alt: "<alt text>"
caption: "<text>"
---
Web firms face a strict new set of privacy rules in Europe — heres [what to expect](https://old.gigaom.com/2014/03/12/web-firms-face-a-strict-new-set-of-privacy-rules-in-europe-heres-what-to-expect/):
* EU privacy rules apply to the processing of EU citizens data, even if that data is processed in another country.
* A court or tribunal in a country outside the EU may not demand the transfer or disclosure of an EU citizens personal data (as with the previous point, enforcing this one would be fun).
* Fines for not following this regulation could be as high as €100 million or up to five percent of an enterprises annual turnover, whichever is larger. In other words, the likes of Google would face much higher fines for privacy breaches than the paltry sums they have to pay today, making EU law much harder to ignore.
* People must consent to having their personal data processed, and must be able to withdraw that consent as easily as they give it. This would create a culture of opting in, rather than todays norm of opting out.
* People have the right to get their personal data from someone who holds it, in a commonly used, interoperable electronic format. This would be a victory for campaigners such as Europe v Facebook.
* Because the regulation harmonizes EU data protection law, EU citizens who want to complain about the violation of their privacy rights in any EU member state can approach the local data protection regulator in a member state of their choice. This makes it a lot easier to bypass the fact that U.S. web firms base their European operations in Ireland, which has relatively light-touch privacy regulation. Again, a win for campaigners.
* Organizations processing peoples data must provide standardized information policies to explain what theyre doing with it and why.
* People have the right to have their personal data erased (with public interest exceptions, so journalists can probably rest easy). This includes data passed on to third parties.
* People can object to being visibly profiled in a way that could discriminate against them on the basis of race, political beliefs, sexual orientation and so on, and the organizations processing their data must make sure this discrimination doesnt occur.