The General Data Protection Regulation kicks in on Friday. - Politics Forum.org | PoFo

Wandering the information superhighway, he came upon the last refuge of civilization, PoFo, the only forum on the internet ...

Political issues and parties in Europe's nation states, the E.U. & Russia.

Moderator: PoFo Europe Mods

Forum rules: No one line posts please. This is an international political discussion forum, so please post in English only.
#14917630
On 25 May 2018 a massive change in the way companies must handle data, and the rights that consumers have, comes into force.

This new regulation is called the General Data Protection Regulation (GDPR) and it will be applicable across the EU.

In the UK, those regulations will be incorporated into the Data Protection Act 2018 – the Bill is currently going through Parliament.

It builds on the current Data Protection Act 1998 (DPA) and will strengthen the legislation, giving you more rights and protections.

Here, we explain all the main changes that give you more control over your data, and how they are likely to affect you.

Collecting your personal data

When you buy goods and services, or sometimes even just visit a website, the organisations you deal with may collect information and data about you.

This might include your name, address, and date of birth. This type of data, which is capable of identifying a living individual, is called 'personal data'.

Organisations may even include things like the school you went to, the job you do, details about your partner or family or the sorts of things you view or buy online.

Like it or not, many organisations, including councils, hospitals, travel companies, banks and supermarkets hold data about you.

The GDPR update to the DPA adds in a new range of personal identifiers, reflecting changes in technology and the way companies gather data today.

Online identifiers, such as your IP address, will be included within the definition of personal data.

Your consent will need to be positive

Soon, you will be seeing a lot fewer of those pesky pre-ticked boxes signing you up to stuff that you may not want unless you take the time to untick them.

Under GDPR rules it will be down to you to make a positive choice to agree to further direct marketing communications, such as ticking a box or agreeing over the phone.

All companies will also have to provide you with the option to opt out in all future communications.

If you want companies to stop using your data, make a request to an organisation to stop processing your data for the purposes of direct marketing.

It must be clear what you’re signing up to

Companies have to tell you specifically what you’re signing up for or opting in to – vague or blanket consent is no longer good enough.

When you’re presented with the option of ticking a box for further communications, it should be written in plain language that’s easy to understand.

The purpose of collecting your personal data and who it will be shared with must also be made clear to you at the point you make the choice.

Importantly, your positive opt-in shouldn’t later be misused to contact you for anything you didn’t sign up to.

You can ask for data in a format that will help you

One brand new right introduced by GDPR is the right to data portability. This means you can ask for your data from a company in a machine-readable format that enables you to reuse it, for instance in helping you get a better energy deal.

In theory, this will allow you to move, copy or transfer personal data more easily from one IT environment to another in a safer and more secure way.
You can opt out of profiling

You now have the right to opt out of activity from online retailers and companies, including profiling used for direct marketing purposes.

Companies must inform you of your right to object at the point of first communication and in their privacy notice, and must stop processing your personal data as soon as they receive an objection.

For many purposes, you would want companies to continue handling personal information to perform the tasks you need them to.......

Subject access requests

You have always been able to make a subject access request, which allows you to act on your right to obtain access to your personal data held by a company. But now it will be free.

You might make a subject access request if you think that a company is not processing your data lawfully.

Companies have to provide you with the information without delay and at the latest within one month of receiving your request.

This is shorter than the previous 40-day timeframe. However, companies are allowed to extend the period by a further two months if the request is complex or numerous.

If this is the case, the company must inform you within a month from the date you made the request and explain why the extension is necessary.

A word of warning, if your request is unfounded or excessive, the controller of the data may still charge a fee or refuse to act on the request.


https://www.which.co.uk/consumer-rights ... y0QAvD_BwE
#14917732
Microsoft to apply the GDPR to customers worldwide:

Microsoft has said it will extend new privacy rights that become law in Europe this week to all its users worldwide.

The promise was outlined in a blog post on Tuesday written by the Windows giant's new deputy general counsel, Julie Brill, who was until recently a commissioner at the Federal Trade Commission (FTC).

"We've been enthusiastic supporters of GDPR since it was first proposed in 2012," Brill argued. "It sets a strong standard for privacy and data protection by empowering people to control their personal information."

Somewhat unusually, it goes on: "We appreciate the strong leadership by the European Union on these important issues" and espouses a view that until recently would have seemed positively anti-American.

"We believe privacy is a fundamental human right. As people live more of their lives online and depend more on technology to operate their businesses, engage with friends and family, pursue opportunities, and manage their health and finances, the protection of this right is becoming more important than ever."

It seems as though Microsoft has gone the Apple route and realized that privacy rights can be a key differentiator in a market where Google and Facebook have increasing control but possess a distinctly looser view of what can be done with private user information.

Not so, says Microsoft: "We've been advocating for national privacy legislation in the United States since 2005," it argues, linking to a push by Microsoft general counsel Brad Smith to introduce new data legislation.

Different times

It should be noted though that that push was in the context of cyber criminals and identity theft and is a very different situation to the one we find ourselves in in 2018, when vast sums of money are made from gathering and selling personal information to advertisers.

Regardless, Microsoft seems to be serious in its goal to extend European privacy legislation, aka GDPR, worldwide – it has an updated privacy page and lists the not-insignificant ways it has changed its policies.

Some predicted that this would happen and Europe would act like California frequently does in the US when it comes to changes in corporate behavior: new rules in a big enough market that make it easier to simply change the rules wholesale rather than run two different sets.

The online world continues, largely, to ignore national boundaries so Europe's privacy legislation has had a significant impact on US corporations (with some notable begrudging examples.)

Perhaps unsurprisingly, this has not pleased some who could be loosely termed free marketeers but are probably more accurately described as American exceptionalists.

"Four ways the US can leapfrog the EU on online privacy," a strikingly discordant headline from the American Enterprise Institute (AEI) blog reads. It's written by anti-net neutrality campaigner Roslyn Layton.

Ah, yes, of course

But don't fear, the world hasn't flipped. Despite the headline, the post has nothing to do with giving US citizens more privacy rights and comprises little more than an attack on GDPR and Europe's dastardly plan to try to tell freedom-loving Americans what to do.

How does America "leapfrog" European privacy standards? By not imposing any controls, of course. Instead, the free market will come up with all sorts of innovative ways to give consumers the power to decide, rather than rely on "heavy-handed government supervision." Users, for example, can take "privacy training." And, you know, other things too.

Except it's difficult not to notice that despite years of complaints about companies like Facebook abusing their position and selling personal data, the only thing that has finally caused a real shift in their policies is the imposition of legislation giving citizens new rights over their own data.

While Microsoft is to be applauded for taking its users' privacy more seriously, it is worth noting that there was nothing to stop it from making such changes itself many years ago before GDPR was passed, or in the two years since the law was formally approved. Still, every little helps.
#14917901
anarchist23 wrote:Microsoft has to abide by the GDPR. Otherwise it would lose all its business in Europe. lol


Microsoft has to abide by GDPR in the EU, not outside the EU. In fact, Facebook has announced that it wouldn't apply GDPR to its US users.

The fact that Microsoft so readily accepts to apply it worldwide shows that the biggest market sets the market standard. Facebook will follow in due time.

GDPR and Blockchain: How the US’ Lack of Preparation Could Swing the Balance of Power to Europe

This op-ed on GDPR and blockchain was written by Robert Chu — CEO of Embleema, the patient-driven healthcare blockchain, and Former SVP at IMS Health (Now IQVIA) — and Alexis Normand, former Head of B2B of Nokia Digital Health

Internet privacy advocates are surely disappointed by Mark Zuckerberg’s mid-April performance in front of the US Senate. After Cambridge Analytica misused 87 Million Facebook users’ accounts for political purposes, the young billionaire demonstrated that Internet platforms do not know how to regulate themselves. Asked by a senator about the nature of his business, Zuckerberg responded simply, “We run ads”.

It seems of little concern to Facebook whether our data defines us as consumers, patients or citizens. Asked about which rules would seem more desirable, Zuck barely conceded that the General Regulation on Data Protection (GDPR) which comes into force in Europe at the end of May, offered “many good things”. However, It’s not clear what there is to “like” for Facebook.

2018, thus far, really has been the year where data privacy and how our data is being utilized by technology companies has come to the forefront of media and the public’s consciousness. As European companies ready themselves for GDPR May 25th kickoff, the world has been made well aware of the Cambridge Analytica/Facebook scandal and the Russian meddling in the US Presidential election, with data-driven advertising being their weapon of choice. But this is not just an issue for 2018 — 15.5 million Electronic Medical Records were breached in the US in 2016 according to the US Department of Health and Human Services.

GDPR imposes costly and significant obligations on platforms to avoid abusive data harvesting: there is “clear and explicit” consent to Terms & Conditions. These will limit the collection of information to only that which is necessary for the service to run. This feels like the sword of Damocles is hanging over the heads of Facebook and Google because nobody uses their services to be profiled, but the old adage “you are not the customer, you are the product” has never rang truer.

GDPR also establishes a “right to be forgotten”, to have embarrassing or damaging material taken down and erased from the public domain. Companies will need to provide a record of data processing, which generates significant overhead. The ability to hold on to one’s data history will become a right in Europe, the same way one can keep hold of the same mobile phone number when changing service providers. In health, the portability of patient records will facilitate the coordination of care, including treatment for complex diseases.

Facebook has since admitted that it would not implement these rules for its US users and has gone to great lengths to reduce its exposure to GDPR. It is also possible regulators are increasingly reluctant to weaken US tech giants as the pressure from China increases. The Red State is now on par with the United States in terms of number of patents in artificial intelligence (AI). Its president Xi Jingping made AI a centerpiece of his Made in China Plan for 2025, aiming to take world leadership. AI has become a security issue whose importance goes beyond our private lives.

Europe has lost the AI battle, but is serious about Blockchain & Privacy.

Like Don Quixote, Europe wants to be the moral flag bearer for consumer rights, holding firm the belief that the GDPR and defense of privacy will in time garner a competitive edge. If the argument was only audible in Mountain View or Shenzen, perhaps the Masters of AI & the Universe would shine a smile. But for how long?

What if Europe, like the “knight with the sad face”, was actually visionary? Blockchain, as a breakthrough technology is already reshuffling cards. “History has more imagination than men”, said Lenin who knew a thing or two about revolutions. The hype should not make us blind to the profound transformation operated by Blockchain, the technology behind Bitcoin.

The First Age of the Internet was that of information. The constitution of databases, search engines, and the combined knowledge of users, together brought down transaction costs and freed many segments of the economy from imperfect information and geographic distance. By monopolizing these technologies, US tech giants captured the benefits of all these efficiency gains.

We are entering a Second Age, that of the “Internet of Currency” or its equivalent, the exchange of certified information. Blockchain is a peer-to-peer IT infrastructure that records a transaction between two parties in real time for all participants in a network so that it becomes tamper-proof and immutable. It offers the means to certify, without any third party, an exchange of information, which can also be an economic transaction. Vitalik Buterin, the founder of Ethereum, a development platform for Blockchain apps summarizes: “While most technologies aim to automate workers on the periphery performing repetitive tasks, Blockchain automates the center. Instead of putting the taxi driver out of work, it puts Uber out of work and lets the driver work directly for the client.“

The disruption goes further, because the very business model of the company which operates the network switches from maximizing profit to maximizing exchanges between nodes in the network. Indeed, blockchain companies act like Central Banks within the economy they generate, paying themselves by issuing tokens, like Disneyland gives you vouchers to use on different rides.

Taking a familiar example in healthcare, Blockchain offers the patient a rare opportunity to share their data seamlessly with a doctor or laboratory, being compensated automatically for each exchange. This is a paradigm change for the data exchange industry, which currently lets large data brokers take the bigger slice of a $15billion cake, leaving the patient with zero compensation. In short, Blockchain would give patients back ownership over their health data.

In all sectors where traceability is critical, blockchain essentially removes the need for a trusted or not so trusted third party, and any “rent” that he might perceive from his privileged position as owner of the marketplace. Blockchain reduces the cost of coordination between stakeholders of a network. This could be the demise of Silicon Valley’s centralization of data and power, and perhaps even of modern capitalism as we know it. Had Karl Marx lived in the time of blockchain, he would finally have found a way to free workers from companies becoming monopolies and capturing all the “added-value”.

A new divide is emerging between AI-powered platforms, which are hostile by design to privacy protection, and blockchain-powered decentralized network: a conflict between monopolies and libertarians, Big Brother and Crypto, the United States and Europe. This is good news for individuals and end users who can no longer simply trust institutions to protect property over data. This is good news for Europe, which can reset the meter by combining GDPR and Blockchain. This is very bad news for Silicon Valley. It invented the sharing economy of your physical assets that AirBnB and Amazon have captured the better share of. Now, old Europa is writing the rules for the sharing economy of your digital assets. Tomorrow, we will all be the CEOs of our data.
Last edited by Atlantis on 25 May 2018 07:44, edited 2 times in total.
#14917906
Atlantis wrote:Microsoft has to abide by GDPR in the EU, not outside the EU. The fact that it so readily accepts to apply it worldwide shows that the biggest market sets the market standard.


Actually it is a bit more complicated. Microsoft has been slapped by the EU Commission many times so Microsoft is trying its best not to get in a conflict with it. Eu Commission is heavy handed in these kind of situation and does issue very painful verdicts. VW scandal in the US is the only case i remember in the US where the company suffered heavily for violations. In the EU it is a common situation. Microsoft, Google, Intel and many others know this first hand. It is a downhill fight for them if they will try to circumvent the regulations.

@anarchist23

It won't loose the business but it will have a significant fine in the billions. Considering how much Microsoft is worth and how much money goes through it. The fine would be in between 1.5 to 5 billion depending on how heavily they will violate it. :excited:

I wish apple violates it, so we can set a new record. A violation for apple would cost around 10 billion :D
#14918014
JohnRawls wrote:
It won't loose the business but it will have a significant fine in the billions. Considering how much Microsoft is worth and how much money goes through it. The fine would be in between 1.5 to 5 billion depending on how heavily they will violate it. :excited:

I wish apple violates it, so we can set a new record. A violation for apple would cost around 10 billion :D

This is very true.



Image

Some American news publishers are struggling with Europe's new stringent privacy rules.
The Los Angeles Times and Chicago Tribune websites were taken down in most European countries on Friday after new European Union data protection regulations came into force overnight.
The LA Times website, run by parent company Tronc, featured the following statement on a plain white screen:
"Unfortunately, our website is currently unavailable in most European countries. We are engaged on the issue and committed to looking at options that support our full range of digital offerings to the EU market. We continue to identify technical compliance solutions that will provide all readers with our award-winning journalism."
The same statement appeared on other Tronc-owned sites including the Chicago Tribune, Baltimore Sun and Orlando Sentinel.
The General Data Protection Regulation (GDPR) changes the way companies around the world collect and handle personal data. The strict rules were designed to give European individuals more control over their privacy and online data.
The new law affects any organization that holds or uses data on people inside the European Union, regardless of where is it based. That means a US website tracking browsing histories of Europeans is affected.
Other publishers have taken a different approach to Tronc.
European readers of USA Today's homepage are now being offered a stripped down version, devoid of any advertisements. A disclaimer at the top welcomes readers to the publication's "European Union Experience.
Readers are invited to learn more by clicking through to a statement that reads: "It appears that you're visiting us from a location in the European Union. We are directing you to our EU Experience."
USA Today says its site does not collect "personally identifiable information or persistent identifiers from, deliver a personalized experience to, or otherwise track or monitor persons reasonably identified as visiting our site from the European Union."

http://money.cnn.com/2018/05/25/media/g ... index.html
#14918015
JohnRawls wrote:I wish apple violates it, so we can set a new record. A violation for apple would cost around 10 billion :D


It's already happening:

As New Privacy Rules Hit Europe, Google and Facebook Hit With $8.8 Billion in Lawsuits

"They totally know that it's going to be a violation, they don't even try to hide it," argued the Austrian privacy activist who filed the complaints

Accusing Facebook, Google, WhatsApp, and Instagram of "intentionally" violating Europe's strict new privacy rules that officially went into effect on Friday, Austrian lawyer and privacy activist Max Schrems filed four lawsuits against the tech companies arguing they are still "coercing users into sharing personal data" despite rolling out new policies ostensibly aimed at complying with the new regulations.

Titled the General Data Protection Regulation (GDPR), the new rules require companies to explicitly and clearly request consent from users before mining their data, and Schrems argues in his complaints—which seek fines totaling $8.8 billion—that Google, Facebook, and the Facebook-owned Instagram and WhatsApp are still utilizing "forced consent" strategies to extract users' data when "the law requires that users be given a free choice unless a consent is strictly necessary for provision of the service," TechCrunch explains.

"It's simple: Anything strictly necessary for a service does not need consent boxes anymore. For everything else users must have a real choice to say 'yes' or 'no,'" Schrems wrote in a statement. "Facebook has even blocked accounts of users who have not given consent. In the end users only had the choice to delete the account or hit the 'agree'-button—that's not a free choice."

While Facebook—which is currently embroiled in international controversy following the Cambridge Analytica scandal—insists that its new policies are in compliance with Europe's new regulatory framework, Schrems argues that Facebook and Google aren't even attempting to follow the new law.

"They totally know that it's going to be a violation, they don't even try to hide it," Schrems told the Financial Times.
#14918241
Politico wrote:
GDPR ‘hysteria’ ends access to websites across Europe

Experts say the suspensions are largely an overreaction to the General Data Protection Regulation.


On Day One, GDPR is causing its own little Y2K-like scare.

Services across the web were down for European users on Friday morning, — everything from the Los Angeles Times’ news website to online shoes retailer Shoes.com and the online clipping service Instapaper.

The suspension of services comes on the very day the European Union’s General Data Protection Regulation takes effect. The new privacy rules hold companies liable for using European citizens’ data without the proper consent or legal basis to do so, and it can trigger fines up to 4 percent of global turnover.

But experts say the suspensions are — in large part — an overreaction to the rules.

It’s “the GDPR hysteria,” said Lukasz Olejnik, a data protection researcher. “In many of these limited cases these decisions do not make sense — as with the advisory that led to the recent inbox flooding. This is often simply the result of bad GDPR advice.”

Websites including history.com and others have taken down their services for European visitors. Two U.S. news publishers, Tronc and Lee Enterprises, decided to suspend their websites for European users, too: News websites including the Los Angeles Times, Chicago Tribune and Daily News displayed a notice for European users saying they were figuring out the GDPR impact.

“There sometimes appears to be a bit of confusion on whether companies need to get the consent of individuals to use their personal data,” said Peter Van Dyck, privacy lawyer at Allen & Overy in Brussels. “Under the GDPR, this is certainly not always the case – consent is only one of the legal bases on which companies can rely.”

The European Commission wouldn’t comment on whether individual companies or services were right to cease their services in Europe. “We have seen the press reports, but it is not for the Commission to comment on individual companies’ policies … The EU is and will remain an enormous market of high value,” Commission spokesperson Christian Wigand said.

Over the last few weeks, European Justice Commissioner Vêra Jourová called on companies not to panic, saying that data protection authorities would be reasonable in their assessment of potential violations.

Other tech companies already had announced they were either pulling out of Europe entirely or ceasing their services.

Klout, a once-promising social media analysis firm that wanted to rank anyone with an online presence on a huge, global ladder of prestige, said it “made the decision to sunset the Klout service, effective May 25, 2018.”

Drawbridge, a company that does “people-based marketing,” announced it was pulling out of Europe entirely. Brent Ozar, which does data analytics, decided to do the same. Mobile marketing firm Verve also pulled out of Europe, pointing to the new privacy rules, the Drum earlier reported. Unroll.me, a tool to manage subscriptions, also took down its service for Europeans.

Companies fear challenges from privacy activists, who Friday filed their first complaints based on GDPR privacy rights.

None of Your Business, an NGO launched by Europe’s flagship privacy activist Max Schrems, filed challenges against Facebook, Google, Instagram and WhatsApp for violations of GDPR rules. The NGO estimates the violations could amount to a €7 billion fine.

The French NGO La Quadrature du Net is holding off on filing 12 collective complaints until Monday as it hopes to gather more people to sign on.


There seems to be quite a lot of confusion.
#14918246
It's not as if the companies weren't given enough warnings.
The EU's data protection laws have long been regarded as a gold standard all over the world. Over the last 25 years, technology has transformed our lives in ways nobody could have imagined so a review of the rules was needed.

In 2016, the EU adopted the General Data Protection Regulation (GDPR), one of its greatest achievements in recent years. It replaces the1995 Data Protection Directive which was adopted at a time when the internet was in its infancy.

The GDPR is now recognised as law across the EU. Member States have two years to ensure that it is fully implementable in their countries by May 2018.


https://edps.europa.eu/data-protection/ ... ulation_en
#14918252
Nobody's complaining about not having been given enough time. It's quite a comprehensive bit of legislation and different companies have clearly been given different legal advice as to its implications. I've seen even researchers being confused about its effects on conducting trials.

Note also the attempt by the EU to calm everybody down and assuring companies that they will be "reasonable". On the other hand, privacy activists probably want a strict interpretation.

Warnings for civilians to evacuate, including drop[…]

You have mentionned "rape" in about a q[…]

What interests are those? He is an honorary US […]

The tail has been wagging the dog.. Israel is a[…]