Forgot your password?
typodupeerror
News

EU Data Protection Could Clamp Data Flows 174

Posted by timothy
from the verklampt dept.
Pointing to this Financial Times article, an unnamed reader excerpts: "'The wide-ranging directive aims to protect data about EU citizens against misuse worldwide. It is backed by the power to cut off data flows to countries that the EU judges not to have adequate data protection rules and enforcement.'"
This discussion has been archived. No new comments can be posted.

EU Data Protection Could Clamp Data Flows

Comments Filter:
  • by Anonymous Coward
    They'll fine the company in a big way. Yes, they will forbid the corporation to share the data with itself. EU data protection laws forbid companies from holding uneccesary data, and give the individual the right to have data on themselves removed. If they want to do business in the EU then they have to play by our rules.
  • by Anonymous Coward
    No, the US is a stagnating nation.
  • Oh, I agree with you.

    I wasn't playing Paul Revere to wake up the sleeping Americans, while foreign governments moved to coerce them from abroad!

    It's clear that multinational corporations do things in one country that they are forbidden to in another - even with the same customer base. In the US, they call this "having their cake and eating it too."

    Under the Bush régime , this is not only good business, it is an ideological imperitive.

    "Let 'em eat Arsenic!"

    Jeremiah Cornelius

  • What the Financial Times article makes very clear in its opening statement, is that this is directed principally at the US, in the face of deliberate foot-dragging over regulation.

    How would you enable this kind of sanction?

    "O.K., All ARIN numbers are filtered at the perimeter!"

    Jeremiah

  • So, tell me this - what kind of pollution lowering agreement would you vote for? Or is it true that you don't give a fuck about the environment?
  • I hope the EU won't impose restrictions over the voluntary sharing of personal information. People should have the choice to allow worldwide distribution of their personal data. Websites should have the right to collect and distribute data submitted for such purposes, regardless of where the website resides or how many countries can see it.

    Consider a directory of people from around the world. The nature of the service implies that the data you submit shall be made available to anybody who requests it. There should be no restrictions on people's ability to submit their data under such terms.

    I am very much in favor of rules forbidding the distribution of personal data without consent, but I hope the EU's rules will not make voluntary sharing illegal.

  • I didn't read the EU directive, but I did read the article, which is quite vague.

    Your comment does not address my concerns. I was taking about users giving their data to a website, which might reside in an EU country, that explicitly allows access to this data to anybody who requests it, including countries where the data is "less safe". This kind of voluntary sharing should not be restricted.

  • by Tor (2685) on Monday May 07, 2001 @07:17PM (#238891) Homepage

    USA already has extraterritorial laws of this nature. For instance, one law enacted circa 1997 says that any US citizen has the right to sue anyone from anywhere that does business with a Cuban entity (specifically, a Cuban entity which uses native Cuban resources that the US citizen considers his or hers). Not only that, but the lawsuit would take place in a US court.

    Another one is the US law which prohibits trade with nations that the US considers to have "inadequate" copyright protections.

    This legislation by the EU has been mentioned in Slashdot earlier, before it was temporarily shelved due to US pressure. The status quo is that US organizations like Microsoft can easily build up a vast array of information on citizens in, say, Germany, whereas German companies are prohibited from doing the same due to privacy protection laws. Hence, this law which applies the same standard to everyone who does "business" with Germans.

  • This could unfortunately be pretty bad news globally for countries like Sealand that are attempting to establish themselves as autonomous free information states. If a sufficient number of countries are banded together to snip access to "rogue states" the Internet could end up less than the free utopia that we've been hoping for. Economic sanctions could be imposed upon nations that permitted access to non-compliant states. Oh well. We didn't need freedom anyhow.

    David E. Weekly [weekly.org]

  • The meanings are the same in the US. It was just a case of bad spelling.
  • Fuck your libertarian bullshit; what is restricted here is nobody's freedom. No citizen NEEDS to get that kind of information. No citizen CAN get as much information as to fall under those regulations. Ultra big corps, however, do. Big corps have money, power, exercise coercion when they need to, just like gov'ts. Therefore they are as dangerous as gov'ts as far as freedoms are concerned -- with one difference: you can't vote them off, unless you own a significant stake in them.

    --

  • What's the first amendment got to do with the EU?

    I think the point being made is that the EU directive would require the U.S. to pass laws violating its own constitution - I've never really considered it this way, but it's not a bad argument, IMO.

    Suppose, for the sake of argument, that the U.S. passes laws to bring it in accord with EU requirements, and those laws are subsequently declared unconstitutional. What then? Data embargoes all around?
  • Just to play devil's advocate for a moment, why should it be this way?

    Suppose I call you and your neighbors and, very politely, explain that I am collecting information, and I ask each and every one of you a host of questions - how tall you are, how much you weigh, your age, how much income you received last year, and what you had for dinner last night. And just to sweeten the pot, I offer everyone a free trinket if they cooperate (along the lines of t-shirts for college students when applying for a credit card). After the requisite hangups, obscenities, etc., I collect what I deem to be a sufficient number of responses to my questions (enough to serve my purposes, whatever they may be).

    Now, nobody that answered me was in any way coerced - they were all free to refuse to cooperate. And those who did answer got something in return. Why should I not be free to take this information that I have collected, categorized, and analyzed, and do what I want with it? And if these people were so awfully concerned with their privacy, why were they answering me in the first place?

    I think that if you are truly concerned with keeping your personal information private, don't give it out...
  • But they _did_ have a say in what happens to it - they could have chosen not to give it to me in the first place, particularly as I carefully avoided discussing WHY I might want such information. And if the people I might potentially sell it to are somehow less reliable than they might like, shouldn't they have taken that into account when choosing to respond to my questions?

    I guess my point is that you always have a choice regarding how much information about yourself you make available to others - if your bank, insurance company, whatever, asks too many impertinent questions (from your point of view), you are free to take your business elsewhere. But once you've chosen to reveal it to someone/anyone else, then all bets are off. Data protection laws are an attempt, IMO, to bolt the barn door after the horse has fled.

    To reiterate - if you insist on keeping some things secret, the only reliable way is to keep them to yourself in the first place. Your personal data is not a secret if you go around telling it to anyone who asks - and then act surprised when they do things you might not approve of with that information.
  • Most of the people you ask know nothing about the ways their data can be analyzed. Thus, they are protected from their own stupidity.

    Perhaps. Or possibly they know, and don't care. Shouldn't (presumably) educated people in (we assume) advanced nations have SOME responsibility for their own interests at the *front-end* of the whole data collection process? If you ask The Man why he asks so many questions, and what he's going to do with the answers, and you aren't satisfied with what his response is, perhaps you ought not to continue to answer questions. In any case, I suspect that completely idiot-proofing the world is a rather large task - most likely, A) impossible, and, B) not worth the cost.

    I don't claim that business is more important to people, only that if your information is really that important to you, don't let it go, or at least get something worthwhile in exchange for it...
  • Did you tell them what you were going to do with it ?

    I don't know - did they ASK me what I was going to do with it?

    Fine, I am collecting it for "research purposes" - a sterling non-answer that seems to fit the letter of the law here.

    We have decided that attempting to trick people into revealing personal data is dishonest.

    I chellenge you to show me where, in my hypothetical situation, I attempted to gain information under false pretenses.

    Not if there is no "elsewhere" which doesn't also try the scam. A choice is only a real choice if people have a real alternative.

    No, the choice you have is the one you always had - if you can't find someone to offer you the service on terms you can accept, you either compromise or do without.

    In reality people need things like insurance, so they have no real choice to withold information - the price would be too high for almost everyone.

    You may have decided that you need insurance, but I fail to see how, for example, life insurance is a basic human right which must be extended to all, regardless of what conditions they put on it. Really, you do have a choice:
    1) do business with a company on the terms they offer you;
    2) shop around to find a better offer from someone else;
    3) attempt to negotiate a better deal with someone;
    4) do without whatever good/service it is we're talking about.

    If people are effectively forced to reveal personal information to companies it seems reasonable that companies are legally oblidged to treat people's information with respect.

    Now this is just a cop-out - there is no "effectively forced". Either you are ACTUALLY forced to reveal personal things about yourself, or you are not. I repeat - just because you demand particular conditions attach to a transaction involving you does not mean that someone should be obligated to step up, do business with you, AND satisfy all your conditions. But that's what this is all about - you've decided you're entitled to privacy, but rather than take responsibility for it yourself, you've chosen to push it off on someone else by coercing them. So, your "right" has now become someone else's obligation.

    Come now - isn't this a rather naked attempt to use the power of the state to coerce individuals or businesses into giving you something for nothing? You get all the benefits of giving out your personal info, but the people you give it to are saddled with all the costs and obligations and left with no way to recover those costs with one of the few things of value you have given them.
  • But without the privacy laws that EU, and most of non-EU member European states have you have no control over what happens to that information once you've given it away.

    That's right - you gave it away. Think about it. If I give away my car, should I really be able to restrict how the person I give it to uses it? If it's important to me to restrict how that person uses my car, shouldn't I make that an up-front condition of getting the car from me in the first place?

    What if you give your data to your bank because you're applying for a loan? Should the bank be free to sell that data without letting you know, or asking for your approval?

    What if you considered that BEFORE you filled out the loan application? You've given it away, and you got a loan in exchange - if you wanted more than that, shouldn't YOU be responsible for speaking up on your own behalf?

    There's so many valid recipients of personal data out there, that keeping your data to yourself isn't an option for most people.

    It's always an option. Paying cash eliminates the need for most of your financial information to be disclosed to most anyone. Fee-for-service medicine avoids prying personal health questions from insurers. But if you want modern services like insurance, mortgages, and credit cards, you should be prepared to accept the terms of some provider, negotiate better terms, or do without.

    That wasn't so hard, was it? ;)
  • Well, I don't know about "on purpose", but I won't deny that a populace composed of individuals who are unwilling to think rationally for themselves has benefits for both big business AND big government...
  • If they know and don't care, it wouldn't hurt you to tell them how you would use the information, and obtain their express approval, in which case you could use the data the way you wanted.

    Or, to take the opposite tack, if they don't know but DO care, it would certainly help them to address those concerns at the outset, rather than trying to change the terms of the exchange after it has already taken place.
  • Think of it this way: I allow you to use some information of me anyway you like as long as you don't give it to anybody else. That has one price. A t-shirt might be enough. Or maybe I jus like you. If you want to share my information with others, you need to pay me more.

    And if you make those conditions clear *at the outset* ("and could we please put all this in writing" etc.) so that I can fairly evaluate your conditions and judge whether I still want to do business with you, then I have no problem with this at all. What I object to is people who are, for whatever reason, unwilling to expend the time and effort required to protect their own privacy, so they turn to the state to make someone else do it for them.
  • Err, missed the back half of your comment - sorry. If you and I have an agreement at the beginning that I will only make "X" copies of your data, and it will only be shared with specific third-parties under specific circumstances, and I then violate that by sending your information far and wide, I'm in trouble anyway. Criminal penalties for fraud and civil penalties for breach of contract already exist, both in the US and Europe.

    No, I don't think new laws are a necessary part of the solution.
  • Hmmm, maybe not Life assurance, but isn't 3rd party car insurance mandatory in all the western countries? Therefore, If you didn't deal with the insurance company you couldn't drive legally, and that is not an option for most people.

    Interestingly enough, this is not true in most states here. The law generally requires that you demonstrate financial security. Most people do this by carrying insurance, but many states will accept a bond as proof of security in lieu of insurance. I dunno - see if Irish law is similar.

    I don't make any civil liberties arguments - merely the philosophical argument that people ought to be willing to take steps to protect their own information, if it is truly important to them. I'm big on personal responsibility. It's nice that the Irish government is concerned about your well-being. But my point is this - no matter how thoughtful and wise your representatives are (and I'm sure they're all fine and decent people), none of them can possibly know what's good for you better than YOU can.

    Oh come on! You try living without a bank account, with your cash under the bed. No car, insurance, job (yes your employers have all your personal information. And your medical, if you had to undergo a medical). What the hell would you do? You are "effectively forced" because if you don't do it, you are excluded from the current global, digital economy, and the benifits thereof.

    So because you don't LIKE your current choices, it is government's obligation to expand the menu for you, or worse, require someone else to do it? You know, I think I've eaten at all the fast food chains at one point or another, and their choices all suck. I think government must either open its own restaurant chain giving me what I want (drive-through surf'n'turf, mmmm), or require McDonald's to cater to me in the fashion I think I deserve.

    You donkey! Think for a minute! I sincerely hope that you are just trolling for the hell of it, or to play devils advocate! Your personal information should NOT have any value to those companies that you give it to!

    Tut, tut. I think diamonds shouldn't have any value to DeBeers - government should require them to give me one for free (that'll make my wife happy, anyway). Just because you insist that your data shouldn't have any value doesn't change the fact that it DOES have value, and that markets exist for it. I reiterate - if you give your information away, get the terms up front, or accept that it may be used in ways you don't approve of.
  • So to restate your basic thesis, since you don't like your current choices, it is then the proper function of government to require some third party to cater to you in the fashion in which you think you deserve?

    Where I live I have the choice of :

    * One supplier for water and Sewage
    * Two suppliers for Telephone Service
    * About a dozen electricity companies
    * About a dozen gas companies


    But if your information was really valuable to you and your neighbors, wouldn't the market reward companies who voluntarily protected it? Think about it - if I'm one of the dozen gas companies (which is 11 more than I have to choose from, BTW), and I make it clear to potential customers that I'm not like those other grotty bastards - all I want from you is a name and an address to send a bill to - shouldn't I receive a reward in the form of hordes of privacy concerned customers such as yourself descending on me to receive service? And then, seeing that, won't my competitors have to somehow respond in kind? I merely wish to suggest that in the absence of government coercion, these problems occasionally do resolve themselves.

    At a minimum, I think we can agree that this discussion is perhaps symptomatic of a deep philosophical divide between the US and Europe. And perhaps we can also agree that these disagreements are best settled through diplomacy and negotiation, rather that through one party or the other attempting to impose its will on the other...
  • What if those eleven gas companies make up an oligarchy? You'd have a very difficult time breaking into that market.

    Well, if you'll look back, I was actually positing that I was already a player in the market (one of the dozen or so existing gas suppliers). So you're correct - I am overlooking entry barriers for new players, and concentrating on the existing players.

    If you start up a business that is based on not doing $BAD_THING, but all your competitors do $BAD_THING, you're inflicting a handicap on yourself which you may or may not be able to afford.

    Well, it may be a handicap - it really depends on how much people value their privacy, doesn't it? Or, in other words :

    Why is it that you don't see (many) companies out there that offer privacy as a marketing point, given all the exposure that the issue has received?

    Why don't you see this? Because people don't really value their privacy as much as they claim to. Or, at least not enough to clamor for an alternative, or to vote with their feet where alternatives exist. To be more specific, people who, in the abstract, support a general notion of privacy very often have no qualms about also signing up for the discount card at the local supermarket so they can get that nickel off a can of creamed corn.

    There is at least one reason that a businessperson would prefer regulation over market dynamics: it would be unilaterally applicable. Sure, he/she would take a profit hit, but then, so would all of his/her competitors.

    Oh, absolutely. Businesses are indeed rather quick to scream for relief, or at least an artificial leveling of the playing field, so that even if they are disadvantaged, all competitors are as well. This is clearly true, but obviously, given my position thus far, it would be logically inconsistent if I didn't find that disturbing and unnecessary as well, which I do ;)
  • They don't actually care whether or not they loose me as a customer - but I might really need the service they have on offer.

    And of course, since you "really need" that service, they are naturally required to provide it to you, no matter what the terms, good or bad, are for them, hmm? Why does this sound familiar? "From each according to his means, to each according to his needs." Is that where we're going?

    I happen to think that the little guys matter.

    As do I - I simply don't believe that they are as completely powerless as you apparently do.

    That's because a sensible Gas supplier does actually need more than just Name and Address when deciding what terms to offer to a potential customer.

    Really? Mine just asked for a name, address, and Social Security number. What sort of hoops did you have to jump through? Why did you have to give away any more than I did, especially in light of the wonderfully extensive protections your information is given?

    The EU/UK approach to giving consumers privacy seems to work - we get real, meaningful privacy and corporations get the information they need to run they core business.

    Perhaps. We could compare unemployment rates for the UK and US since 1985 to see if one economy tends to generate more jobs than the other, hence indicating the relative health of job-providers. Among other things.

    If a US company wants to trade in the UK or the EU then they should be limited to these two choices :

    A) Do it according to the same laws and rules as apply to all other companies trading in the UK/EU

    B) Fuck Right Off.


    Fortunately for both of our economies, the leaders of both sides have a great deal of incentive to find the middle ground that you so cleverly excluded.
  • My goodness, a post here, a post there, and suddenly I'm debating the entire EU :)

    That's all very well, unless you want to open a bank account, sign up for an ISP, take out a mortgage, get a job, subscribe to a magazine, make a mail-order/on-line purchase, etc., etc.

    And all of these are certainly things you might want, but none of them, I think, are things you are particularly entitled to have. So how badly do you want them? Badly enough to give over some personal information?
  • Well, if it's okay, I'll respond to both your posts in one. But first I'd like to say that this discussion has been most interesting for me - I don't think either of us has made much headway in persuading the other, but an airing of the issues and philosophies might at least be useful to others ;) Anyway, this is definitely the most in-depth discussion I have seen on /. for some time.

    I don't know that I have misjudged how seriously Europeans regard this issue - you are clearly very passionate in your defense of the privacy rights of EU citizens, and I expected as much. I think, though, it is equally important to understand that many Americans regard the more free-wheeling, open market approach we tend to take just as passionately. As you said, we draw the line one place, you draw it somewhere else. Each has its own benefits and costs.

    There is no government issued number in the UK which can be reliably used by companies to uniquely and reliably identify an individual.

    So then each company just rolls its own. Isn't the end result the same? And the purpose of giving the SSN is the same as for you giving previous addresses, etc. - tying a customer to a credit record.

    So you think that preventing companies from ramming piles of useless junk mail down our throats and buiding up unregulated databases of personal information has measurably damaged our corporations and our economy?

    Not specifically, no. But I think a cogent case can be made that over-regulation is a major contributor to the phenomenon so charmingly phrased as "Eurosclerosis".

    It is very simple - If US companies want to trade within the EU then they will be forced to trade according to EU law. Period.

    This is not a principle capable of compromise - either the rules are the same for everyone - or they are not.


    I agree, to a point, that the rules will be the same for everyone. But whether you agree with it or not, a compromise will be reached, if for no other reasons than that both sides have things the other wants, and that the costs of failing to reach some agreement would be punishingly heavy for both. Undoubtedly, the US will compromise by finding some way to tighten its domestic privacy requirements, and the EU will compromise by finding some way to loosen its requirements. It may offend your purist ideals, but this is the essence of negotiation. The devil, as they say, will be in the details, but the costs of hammering out a compromise are far less than the costs of failure. You say the law exists for the benefits of individual citizens - surely citizens receive more benefits by reaching a negotiated settlement and maintaining some semblance of normal trade than by the morass of sanctions, punitive tariffs, and trade wars that would inevitably ensue.

    My quote of Marx was not intended to suggest that Europe is somehow sliding into communism, but instead that that principle is a logical conclusion to the path laid out before you. It's really quite simple, from my point of view. For every entitlement you and I create for ourselves, we create an obligation for someone else to provide that entitlement to us. Just because protecting your privacy is free to you doesn't mean it's free for everyone.

    With respect to contracts and what-have-you, again, you draw the line one place, we draw it another. It's really a matter of comfort level. Europeans seem more comfortable turning some responsibilities over to government, whereas in the US, within limits, the general rule is CYOA ("cover your *own* ass", in case that lovely acronym hasn't made it across the pond) when making arrangements with others. Europeans, by way of a rather broad generalization on my part, seem more alarmed by potential or perceived abuses by Big Business. Americans, in a similarly broad generalization, are more concerned with potential abuses by Big Government. It works for us, and yours works for you. But as societies, both of us, to some degree, have crosses to bear as a result of the choices we have made and the institutions we have created.
  • Well, in any case, we shall see what happens, but I'll let it go for now, except to ask one more question. If junk phone calls simply don't happen in Europe as a result of stringent privacy protection, why does your slashdot info say that you work on junk call blocking systems? After all, if they don't occur in the first place, why would you need to block them?

    Just curious ;)
  • I used to have two phone lines - one where I took sensible steps to prevent the number getting onto the wrong lists...

    Well, now, isn't that what I've been arguing all along? That individuals should take sensible steps on their own to protect their privacy? ;)

    My customer (they bought me out) also exports stuff overseas to countries where different rules apply.

    So other countries are going for a free market solution to the problem of junk calls. Good business for you while it lasted, hmm?

    I tell you what - let's call a temporary truce and agree to disagree for now. Someday soon this will be resolved one way or the other - trade war or negotiated settlement. When it is, you or I should be sure to submit it to slashdot to evaluate the outcome and decide winners and losers (which side substantially gets their way, anyhow). And after that, next time I'm in London, loser buys the first round. Deal?

    Feel free to get in the last word :)
  • It is quite clear from the graphs in the map link that you provided, that US and Canadian citizens are emiting more than their fair share of CO2.
    The idea of including the growth of forrests in the target is plainly unfair. Here in Sweden about 70% of the land is covered in forrests and we got a low population density so we could go about polluting like mad, but as I said it wouldn't be fair.

    The US administration doesn't seem to be intrested in the environment at all. And most americans seem to be unintrested in doing anything that might hurt their wallets.
    Without US commitments its going to be impossible to have countries like China and India agree to not reaching the same levels of emissions.

    Please wake up and do something before the entire current eccosystem collapses. Change has to start now.The Kyoto treaty might be flawed but we can't wait around forever for an agreement. If a house is burning you don't stand around argueing about who's bucket to be used. Start acting on your own if you don't like the treaty but don't use it as an excuse for doing nothing.

  • Using GNP could mean that if the strenght of the dollar increased the US is suddenly polluting less. Doesn't sound fair to me.

    Furthermore developing nations often get the heavy industries that are to costly to run in the rich nations. The rich nations then concentrate on cleaner services, leaving even more room for pollution from private activities. Using GNP as a measure would distort things even further since services generally generate more GNP.

    Finally GNP is a rather subjective mesure, pollution isn't.
  • It's interesting to see this story right next to one proclaiming that SQL over FreeNet is working. This might be the start of a new Techies vs. Govt. feud. Anyway out? Should there be any way out?

    Caution: Now approaching the (technological) singularity.
  • Yeah, but I don't think that anything was gained by the president mouthing off about China as soon as the airmen were safe. Mind you, I'm glad he waited. With his track record I find that mildly surprising.

    Caution: Now approaching the (technological) singularity.
  • If some companies want to give up doing business with Britain, France, Germany, ... etc., then I'm sure that there will be others who are willing. The rules appear to be quite reasonable. They just aren't open permission to crack the safe and walk off with everything you can carry.

    Caution: Now approaching the (technological) singularity.
  • But if your information was really valuable to you and your neighbors, wouldn't the market reward companies who voluntarily protected it? Think about it - if I'm one of the dozen gas companies
    (which is 11 more than I have to choose from, BTW), and I make it clear to potential customers
    that I'm not like those other grotty bastards - all I want from you is a name and an address to send a bill to - shouldn't I receive a reward in the form of hordes of privacy concerned customers such as yourself descending on me to receive service? And then, seeing that, won't my competitors have to somehow respond in kind?


    What if those eleven gas companies make up an oligarchy? You'd have a very difficult time breaking into that market.

    Okay, so you have a billion dollars. If you also had the business sense and drive required to get a billion dollars, wouldn't you have taken advantage of the lack of privacy regulations to maximize your competitive edge?

    What if it happens that the marketing point of protecting your customers' privacy doesn't turn out to be as lucrative as milking their personal information for all its worth? What if you can't convince your investors otherwise?

    If you start up a business that is based on not doing $BAD_THING, but all your competitors do $BAD_THING, you're inflicting a handicap on yourself which you may or may not be able to afford.

    In other words, the solution you are offering is overlooking many of the real-world intricacies of starting and sustaining a business. Why is it that you don't see (many) companies out there that offer privacy as a marketing point, given all the exposure that the issue has received?

    There is at least one reason that a businessperson would prefer regulation over market dynamics: it would be unilaterally applicable. Sure, he/she would take a profit hit, but then, so would all of his/her competitors.
  • Minor point, Sweden is a member of the EU (which is nice, as it made getting my Resident's Permit a mere formality). They are not a member of the single European currency, maybe you were getting confused with that.
  • "We have historically kept to ourselves"

    Iran, Guatemala, Zaire, Vietnam, Dominican Republic, Indonesia, Greece, Chile, Laos, Cambodia, Angola, Grenada, El Salvador, Nicaragua, Afghansitan, Panama, Iraq, Haiti and Yugoslavia all in the second half of Twentieth Century.

    "but have been asked repeatedly to come across the big pond to help Europe defend itself against invasion (think WW 1 and WW 2)"

    Blah, blah, blah, usual excuses for turning up late for a war which included one of the biggest acts of genocide in the past few hundred years. Ignores the fact that aid was given to Britain in return for using British bases in the West Indies to defend themselves against Japan. Ignores the fact that of the first four countries to declare war on Germany (Britain, Australia, New Zealand, France) only one of them actually did get invaded. Heard it all before, it is getting boring and tiresome.

    Please remember that Hollywood isn't exactly the number one choice for historical accuracy. Perhaps you aught to look elsewhere.
  • The EU accord basically makes it illegal for me to sell somebody else a mailing list I may have built.

    No it doesn't. It means that if a country wants to do things like this which would violate our privacy laws if it was done in the EU, then we can decide not to let data flow to that country.

    To make it illegal in your country we would somehow have to change the laws in your country.
  • by mindstrm (20013) on Tuesday May 08, 2001 @02:43AM (#238922)
    No.. I don't think so. Here's why.

    This is really about consumer protection. The EU is saying that, if your country can't guarantee the same standards of consumer privacy protection, then we are not going to permit our local businesses to export data to you.

    This is GOOD. This is GOOD for the EU citizen.

  • Trade sanctions of one sort or another are traditionally used [iie.com] to bring human rights abuses (and other political goals). It doesn't seem much of a stretch to apply that idea to the trade of information.
  • The point is that you may be a nice guy who is trusted by your neighbours. However, the guy you are selling the data to may not be trusted by your neighbours at all. Since this data regards their lives, they would probably like a say in what happens to it. It is a bit like having a friend, but not expecting to become a friend with all her or his friends and retaining the ability to choose your own friends and the level of trust you put in them.
  • by mpe (36238) on Tuesday May 08, 2001 @05:47AM (#238925)
    I can't see how it over-reaches territory, if you deal with a foreign country then you must abide by their domestic laws, this has always been the case.

    It isn't over-reaching at all. A government is prefectly entitled to restrict how anything may be exported.
    The only way in which it would be over-reaching would be to attempt to apply it to situations of an EU citzen who was not present in an EU member state at the time.
  • >But they _did_ have a say in what happens to it -

    Yes. The important thing here would be whether they had an INFORMED say in what happens to it. Did you tell them what you were going to do with it ?

    The basic principle behind EU law is "informed consent". You can collect data for (eg) marketing purposes but the people you collect it off must be aware that you are collecting it for that purpose and you must tell them everything you intend to do with that data. If you later decide you want to use the Data for another purpose then you cannot use the data you have collected unless you go back and ask permission.

    >particularly as I carefully avoided discussing WHY I might want such information

    Then that would make what you did unlawful - In the UK deliberately concealing the reason for collecting data is a criminal offence punishable by huge fines and/or time in Jail.

    The thinking behind UK/EU law is that it is inevitable that Personal Data will have to be collected by companies. There is no realistic possibility of consumers having a real choice to withold it. So it attempts to strike a balance - to allow consumers to release vital information in the knowledge that :

    1) They know and control who has the information

    2) They know and can control what it is going to be used for

    3) They can check information held on them.

    4) They can have errors corrected

    5) That they cannot be required to give more data than can be reasonably justified for the intended purpose.

    6) That personal information will be held securely.

    >shouldn't they have taken that into account when choosing to respond to my questions?

    We have decided that attempting to trick people into revealing personal data is dishonest. The UK and the EU have decided that the law should prevent companies working in that devious way, prevent them from trying to trick people or catch them out. - And prevent them for using (eg) their size or market share from coercing people into releasing information with no safeguards.

    This is nothing new in the UK - the laws were first created over ten years ago and passed through our legislatures with great ease and with the backing of almost all politicians of nearly every party.

    >you are free to take your business elsewhere

    Not if there is no "elsewhere" which doesn't also try the scam. A choice is only a real choice if people have a real alternative.

    In reality people need things like insurance, so they have no real choice to withold information - the price would be too high for almost everyone.

    If people are effectively forced to reveal personal information to companies it seems reasonable that companies are legally oblidged to treat people's information with respect.

    A year or two ago I (and several other people) reported a company which had been directly flouting the UK data protection laws to the Data Protection registrar. They were abusing my Fax number. Recently I had the pleasure of being informed that the company I complained about had been Liquidated (bankrupted), closed down and the directors of the company were fined tens of thousands of pounds each.

    The UK Data protection regime works. The rules are tough and enforced firmly. So companies working in the UK take them very, very seriously.

    The UK/EU stance is about one thing only - preventing companies operating in the EU from exporting the data they collect in the EU to other countries in an attempt to force a loophole into our Data protection rules.

    If you don't actually operate in the EU then the rules do not affect you.

    If you only collect data outside the EU then the rules do not affect you.

    The rules only affect data collected in the EU about EU citizens.

    But if you collect Data under EU rules then the EU is making those rules watertight to prevent them being abused.

  • >I don't know - did they ASK me what I was going to do with it?

    Under UK law they don't have to. The onus is deliberately and specifically placed on the organisation collecting the information to say exactly what they want to do with it. The details are obligatory. General terms will not do. That is how the law is written. Anyone trying your approach would find themslves fined into bankruptcy

    >I challenge you to show me where, in my hypothetical situation, I attempted to gain information under false pretenses.

    You miss the point. The assumption is that we are starting from an unequal position. People who want to live in "modern times" are effectively required to deal with businesses including big businesses. It is a matter of simple record that there have been examples where Big Business have abused their strong position, including examples where they have abused information they have collected. The aim of data protection law is to even things up - even tilt them towards the consumer a bit.

    For this to work Data protection law has to be "solid" - it has to resist attempts to find loopholes - because big corporations have shown themselves experts at finding and abusing legal loopholes.

    Therefore corporations are forced to be "whiter than white" when it comes to data protection. It isn't that you mustn't gain information under false pretences - it is that you must do everything in such a way as to prevent any possibility that you might be doing otherwise.

    So the Law says it isn't enough to use vague terms which include your intended use. You must describe your intentions clearly and in terms which most people will not be confused by. Anything else is illegal.

    >You may have decided that you need insurance, but I fail to see how, for example, life insurance is a basic human right which must be extended to all, regardless of what conditions they put on it.

    If I want to live and work in the UK there's a fair chance I will require a car to do so. In the UK that means compulsary Car insurance. Apart from the insurance I also will want water, Gas and Electricity - all of which force me to deal with Corporations of some type.

    Yes - I have an "option" - but if that option amounts to living rough in a tent somewhere in the Welsh moutains without a job, power, light or telephone, it is only a matter of common sense that most people will regard that as a non-option.

    >Now this is just a cop-out - there is no "effectively forced". Either you are ACTUALLY forced to reveal personal things about yourself, or you are not.

    Well the options are :

    A) opt-out of modern life, school, the Rat-race etc etc

    or

    B) Put up with the non-choices offered by the corporate world.

    You may regard that as a real choice - I don't.

    You paint a world where only the extremes are possible. There are other methods - including the one democratically decided in the UK - which is we place legal restaints on what businesses can do with our personal data. That we can have modern life, businesses can collect whatever data they can show they need in order to provide their goods and services and I can relax a little knowing that there are sensible, enforced restraints placed on what can be done with the Data I disclose.

    Ding! Everyone wins. Everyone except companies who want to force me to part with my personal information on their terms - so they can sell it or whatever. By I'm pleased when that kind of corporate behavious is punished - they deserve it.

    We've now had data protection rules working in the UK for well over 15 years. Our companies and corporations are still functioning, the DPA has not forced them out of business. They just can't do some of the things which Corporate America seems to like doing.

    How many junk telephone calls does the Average American get everyweek ?
    I get less than one junk phone call a year on average. I get less than one junk fax a month. I get almost no junk mail addressed to me as a person (less than one item a week) When corporations do mail me marketing info it is because I have said I want to receive it (there are some kinds of marketing Material I don't mind).

    If my friend needs to find my phone number they can get it - I'm not fully ex-directory - but the junk call people can't get it - and if they did ever phone me they would be comitting a criminal offence - because we have an opt-out system for cold calls which has real sanctions behind it.

    And I enjoy all the above and I can still buy what I want from the corporations - These are a few of the benefits I get from the various EU privacy laws. And I want to keep them - no new loopholes.

    > I repeat - just because you demand particular conditions attach to a transaction involving you does not mean that someone should be obligated to step up, do business with you, AND satisfy all your conditions.

    No. When our democracy decides that certain conditions shall applied to such transactions - then we damn well can force companies to accept those conditions. By the way - these aren't my "personal" set of conditions - these are the rules defined by my country and its institutions.

    > but rather than take responsibility for it yourself, you've chosen to push it off on someone else by coercing them.

    No. I, along with a load of other people wanted a "real" choice. I want to know I can get insurance, buy a house, heat it, light it, buy a car, get a job, rent a phone line, etc WITHOUT having to reveal personal information on whatever terms some company cares to offer.

    Practical reality seems to suggest that if we leave it to the corporate world I will not have that choice - my choice will be limited to either "have a phone" or "protect my data" - there will be no "both" option - even if many people or most people would prefer the "both" option.

    >So, your "right" has now become someone else's >obligation.

    That's right. We have democratically decided that the "both" option is important enough for it to be enforced by law. Do you have some problem with that ?

  • >merely the philosophical argument that people ought to be willing to take steps to protect their own information, if it is truly important to them. I'm big on personal responsibility. It's nice that the Irish government is concerned about your well-being.

    Where I live I have the choice of :

    * One supplier for water and Sewage
    * Two suppliers for Telephone Service
    * About a dozen electricity companies
    * About a dozen gas companies

    If the above companies didn't give me any "privacy" options - they just give me the choice of "give us the info to do whatever we like with if you want our service" - then can you please explain what practical steps I can take to protect my privacy ?

    > But my point is this - no matter how thoughtful and wise your representatives are (and I'm sure they're all fine and decent people), none of them can possibly know what's good for you better than YOU can.

    And in the UK we've looked at this and realised that leaving it to people's "personal responsibility" is simply a load of meaningless bullshit unless people are guaranteed a real, practical workable option to choose - which means something a bit better than "do without".

    So this is one example where people acting together through their elected government can achieve a real, useful result.

    It gives people real choices about what happens to their data without forcing to choose between whether they doing without gas and electricity or putting up with loads of crappy junk mail and cold-calling.

  • >since you don't like your current choices,
    it is then the proper function of government to require some third party to cater to you in the fashion in which you think you deserve?

    No. Not quite. What's happens is lots of people like me decide that there seems to be a problem. In this case the root cause of the problem is there is an imbalance of power and choice between the consumer and the corporation. They don't actually care whether or not they loose me as a customer - but I might really need the service they have on offer.

    So that's the problem - and there is an obvious solution. One of the functions of government is to make things work properly - which includes evening up the odds when the big guy can use his size and strength to trample on the little guy - even if the concerns of the little guy are widely believed to be reasonable and genuine.

    So our democratic government evens up the odds. It tells the big guy - in this case the corporation - that they HAVE to a real choice - they can collect data , but they MUST give real control over what can then be done with it.

    It's exactly the same reasoning as requires corporations to use the courts (with the inherent checks and safeguards) when recovering debts - as opposed to allowing corporations to require me to hand over my first-born son as hostage when I'm more than two days late paying the phone bill. Or to give another example it's the same reasoning which requires UK employers to pay their wages in proper currency rather than tokens which can only be exchanged in the company shop. All examples where the power of the big guy can be (and has been) used to screw the little guy - and where laws are passed to even up the odds again.

    >seeing that, won't my competitors have to somehow respond in kind? I merely wish to suggest that in the absence of government coercion, these problems occasionally do resolve themselves.

    Sometimes they do. Rather too often they don't - at least that seems to be the experience with most "big guy v little guy" situations. So when it really matters - we pass laws and make sure it works properly.

    None of the UK rules are stopping a company collecting data and using it for marketing. All they do is give me a real, practical, genuine choice to opt out. They stop the big guys using their power for purposes unrelated to what they are supposed to be supplying.

    I happen to think that the little guys matter.

    >all I want from you is a name and an address to send a bill to - shouldn't I receive a reward in the form of hordes of privacy concerned customers such as yourself descending on me to receive service?

    What would actually happen is that you would find yourself with loads of customers who gave you tremendous problems with extracting payment. You'd probably go bust.

    That's because a sensible Gas supplier does actually need more than just Name and Address when deciding what terms to offer to a potential customer. As does an insurance company (who would otherwise get lumbered with all the really bad risks).

    So companies have a genuine need to personal information for basic busines purposes. Then the problem start - many people resent having Data (effectively forced out of them) given for one purpose passed on for use for purposes completely unrelated to the original reason.

    > this discussion is perhaps symptomatic of a deep philosophical divide between the US and Europe.

    Well - as an outside observer who has real, practical experience of both schemes. I reckon this is the key difference :

    The EU/UK approach to giving consumers privacy seems to work - we get real, meaningful privacy and corporations get the information they need to run they core business.

    Whereas the USA approach err... doesn't work. They don't get the choices on privacy that we get.

    However what the USA allows or doesn't allow in the USA is not my business or problem. So I don't feel I want to get further involved in that discussion.

    >we can also agree that these disagreements are best settled through diplomacy and negotiation

    In this case. No. I don't agree. If a US company wants to trade in the UK or the EU then they should be limited to these two choices :

    A) Do it according to the same laws and rules as apply to all other companies trading in the UK/EU

    B) Fuck Right Off.

    And that means they should not be allowed to move data around at will so they can create loopholes to avoid any rules they don't like.

    It is worth repeating agin that nothing in any of the EU provisions says anything about what US companies does with data collected in the US. It is exclusively concerned with Data which was collected in the EU and is therefore subject to EU laws.

  • >And of course, since you "really need" that service, they are naturally required to provide it to you, no matter what the terms, good or bad, are for them, hmm

    The Law in the UK (and everywhere in the world) already involves itself in contracts between corporations and consumers. Companies do not operate in a legal vacuum - they are constrained in what they can do and what contracts they can write. Unless I am much mistaken the situation in the USA is very similar. Contracts written in the USA must conform with the relevant US law and this means US companies are not free to write whatever contract they might like to. Are you suggesting they should be ? Or are you going to concede the principle that no company acts in a legal vacuum ?

    Once you have conceeded the principle, all that is left is deciding where to draw the lines. You draw it in one place, we draw it in slightly different places.

    > Mine just asked for a name, address, and Social Security number.

    We don't have to give a social security number. There is no government issued number in the UK
    which can be reliably used by companies to uniquely and reliably identify an individual.

    Of course one effect of this (and of our privacy rules) is to make "Identity Theft" very much easier in the USA than it is in the UK.

    So enough information is required to see how much credit can safely be given, or if a deposit will be required. All that is normally asked of here is the information required to tie you to the right credit records. Usually Name and address and a previous address if the current address is recent. Of course the situation for Car insurance or Health Insurance is very different.

    >We could compare unemployment rates for the UK and US since 1985 to see if one economy tends to generate more jobs than the other, hence indicating the relative health of job-providers. Among other things.

    So you think that preventing companies from ramming piles of useless junk mail down our throats and buiding up unregulated databases of personal information has measurably damaged our corporations and our economy?

    >Fortunately for both of our economies, the leaders of both sides have a great deal of incentive to find the middle ground that you so cleverly excluded.

    If you believe that then you have sorely misjudged this issue. There is no "middle ground".

    It is very simple - If US companies want to trade within the EU then they will be forced to trade according to EU law. Period.

    This is not a principle capable of compromise - either the rules are the same for everyone - or they are not.

    Nor are we likely to create massive loopholes just because some large American companies can't get their corporate heads around ideas like "respecting customers", "privacy", "Enforceable rules" and "meaningful sanctions". And that will remain true even when those same corporations go whining to the Politicians they have bought - ooops. Sorry. Erm... "sponsored"?

    It seems that some US companies have been surpised by just how seriously the EU regards this issue. So it seems it isn't just you who might have misjudged this.

    It might be worth remembering that Privacy Policy is actually one of the few areas where the EU commission have managed to gain substantial and widely-based approval. The various espects of Privacy Policy are very popular in Europe - across country lines, political lines and with most ordinary people.

  • I'm answering this seperately because the point is important.

    > Why does this sound familiar? "From each according to his means, to each according to his needs." Is that where we're going?

    Not even close.

    Within our countries we have Individuals, Companies and Government. (Hopefully) the Government exists to run the country on behalf of the individuals. Its the people who count. They count the most. They should matter more than any corporation, any politician and Ideology.

    Companies exist to make money for their shareholders. They do this by offering some product or service, getting paid for it and making a profit. However they must always operate within the rules provided by government.

    The Law exists primarily to benefit individuals. To protect people from crime - of all types. That's crime as in Robbery, theft, mugging and murder - and that's crime as in being scammed by a con man out of their saving.

    The Law also exists to provide a framework companies can work in - to make contracts enforceable, to resolve disputes efficiently and many other things.

    In the UK and in the USA of course it limits the discretion of companies in certain way. Deliberately so. For example it would be illegal for a UK company to refuse to a service to someone because of their race, colour or sex. Companies are prevented from employing young children even if they and their parents agree to their employment. In the UK any company which extends credit to consumers has to obey strict rules intended to stops the kind of behaviour which some people would call nothing more than clever scams. This is not because the law makers are busy bodies - but because there was a real problem with some companies creating deals with terms which looked favourable - but which contained nasty, expensive "catches" which were so well hidden that even trained lawyers had trouble finding and decoding amongst the small print.

    This is not done for any "communist" or "socialist" principle. It is based on simple pragmatism. Most people sign contracts in shops, in hurry, in poor lighting and without the benefit of a handy lawyer to check the small print for bombs. We and our government decided it shouldn't be legal for companies to spring legal traps on people in this way.

    None of this has anything to do with redistribution of wealth. All that is happening is society is creating rules for the benefit of society and some of the rules impose limits on what companies can and cannot do.

    Within the EU we've also gone a bit further - we now have "Unfair Contracts" contracts regulations. To slightly over simplify things - these have the effect of allowing a court to refuse to enforce contract terms it considers, in all the circumstances, to be unfair. Plenty of guidance is available for Companies as to what is "fair" and unfair - but, to give a simple example, a contract which allowed a company to vary the terms of the contract at will without agreement from the other aprty would also be rejected by the courts. As would a contract which attempt to take away certain legal rights.

    No doubt you'll be suggesting that this type of rule was unfair too - that it is "communist" or something ?

    BTW - US companies trading within the EU are forced to obey these rules too.

  • >I don't know that I have misjudged how seriously
    Europeans regard this issue

    I can assure you that you have. It is a matter of some note in the EU. Not because it something done by the EU which enjoys widespread support - but because it is one of the very few things which enjoys widespread support.

    >It is equally important to understand that many Americans regard the more free-wheeling, open market approach

    Yes. We do understand that. But USA have got to understand that when they are trading in Europe they do it under our laws. And if they're not willing to do it that when then we will tell them to fuck right off. What would you say are the odds of persuading the US to allow EU countries to trade in the US under EU laws rather than EU laws ?

    >Isn't the end result the same?

    It doesn't seem to be. Because in the EU companies which collect data for one purpose are expreslly forbidden for using it for any other without asking permission first.

    Which has several important results :

    A) Inidividuals can ensure, without too much effort, that there is not loads of their personal information around the corporate world. Some people like this simply because it means less cold-calling, less junk mail - the little, practical things. Other people like this for reasons of principle. They simply like their privacy. Sometimes it is because they have some very tragic personal family memories about how such information can be misused

    B) It prevents companies building up cross-linked databases about us. The details of your Gas supply aren't very interesting of themselves. But lotsof such snippets of information can be (and elsewhere are) linked together to build something which infringes privacy very much more.

    >that over-regulation is a major contributor to the phenomenon so charmingly phrased as "Eurosclerosis".

    Yes. And that is a valid point. However you need to realise that the UK was once of the first countries in the EU to do something firm about Data protection, this was done during the 1980s - an era when the UK government deregulated business in many many ways - cutting away a lot of the over regulation - something we are still having battles with the rest of the EU about - And yet at the same time as we doing that we were bothering to impose controls on the use of data. There is a message in there somewhere if you look hard enough

    >a compromise will be reached

    Yes. US companies trading in the EU will have to build a system of managing data from the EU which complies with our Data protection principles. The Details of how it is done will be open to negoiation - but the principles will not.

    It seems some US companies are complainging because we are insisting on a system which can and will impose meaningful punishments, on those who break it - Punishments which will hurt enough to ensure that wilful disobedience is not a viable option. They have zero chance of getting a compromise on that - whatever system is agreed on WILL be one which is effective and which US companies will not be able to break, bypass or subvert.

    >EU will compromise by finding some way to loosen
    its requirements

    Frankly. No. Not to any meaningful degree. if you believe that then you have misjudged the situation. The essential principle are sacrosant - and whatever is agreed will be in full accord with those principle. To put it another way - the effect of what is done is not up for neogiation, however HOW US companies achieve it is - but they must realise that whatever is agreed must be something which will actually work.

    >With respect to contracts and what-have-you, again, you draw the line one place, we draw it another.

    Yes. And when European companies trade in the US they obey US law. When Us companies trade in Europe either they obey EU law - or we WILL tell them to fuck off. Eu citizens are not actually cowed by the prospects of a trade war with the US. Many actively regard a trade war with the US as a good thing. So don't think that threats of a Trade war are going to force the EU to do things the American way. We regard that kind of view as arrogance and a majority of the EU would simply love to give the USA a bloody nose for that.

    > potential or perceived abuses

    They aren't "potential" or "perceived" abuses - they are real, solid "nasty experience" abuses. A lot of EU privacy regulation was created as a direct response big business - because Big Business did things which the population found completely unacceptable. So they were stopped.

    I look at the USA and, as an observer, I am frankly amazed that you let Big Business get away with half the shit that you do.

  • >does that mean gov & corp will have to pay royalty fees for all those hidden surveilance systems in use?

    No. They don't have to pay a royalty. It's much funnier than that.

    If you are recorded on any surveillance system you have a right to a copy of that recording under the Data Protection Act. But every other identifiable face must first be blacked out.

    This was recently demonstrated by a UK Investigative Journalist/Comedian. Properly applied this might cause chaos amongst certain CCTV operators. One thing positive effect is it forces anyone (including the government) to say what they are doing with any information they collect from CCTV and they have to justify those uses and they are auditied on these points.

    The UK Data protection Act applies to Government as well as to Companies. As out Police are currently discovering. An Audit has revealed that our centralised criminal records are stuffed full of errors - from memory over half the records contain a signficiant, serious error. This was something our senior Police have known about for some time - but didn't want to spend money putting right. They are now being forced to by the Data Protection Registrar. What some in the US need to understand is we now take Data protection very seriously - this is not "show" or "lip service".

  • > If junk phone calls simply don't happen in Europe as a result of stringent privacy protection, why does your slashdot info say that you work on junk call blocking systems?

    Because :

    1) I haven't updated it in ages. I don't do much in that area any more - the market has shrunk. I'll give you one guess why!. Anyway - I'll probably update my entry in the next few days.

    2) Different rules apply for businesses - and businesses are the major UK customers for such call blocking equipment. There are also a very few individuals in the UK who buy the stuff to block malicious calls.

    3) My customer (they bought me out) also exports stuff overseas to countries where different rules apply.

    It's an interesting point though. I used to have two phone lines - one where I took sensible steps to prevent the number getting onto the wrong lists - and the other where I didn't because I needed "real" junk calls to test my designs and see what the seedier end of the industry was getting up to. The difference in junk call rates between the two lines was simply staggering. Now I mainly work in ISDN, PABX and remote automation So I've dumped the "dummy" line and kept the secured one.

    Another interesting factor is junk mail. I have a few personal mail boxes which I am very careful with - and those mail boxes remain spam free. I also have two other "sacrificial" mail boxes - exclusively used when signing up to internet sites which insist on a working email address for registration. One of these is exclusively used for EU regulated sites. the other for the rest of world - substantially the USA. I *ALWAYS* tick the "don't send me any email" options.

    One of those mail boxes gets very little spam. The little that I do get results from a company in Sweden who made a genuine mistake and (briefly) published A web page showing the email addresses subsribed to a certain mailing list.

    The other one mail box is stuffed full of spam. Have a guess which one is which ?

  • >Well, now, isn't that what I've been arguing all
    along? That individuals should take sensible steps on their own to protect their privacy?

    Those "sensible steps" are only available to individuals and effective because of the Data Protection Act.

    >So other countries are going for a free market >solution to the problem of junk calls.

    The "other countries" are mainly the "less developed world"... and the USA.

    The technical solutions work reasonably well - but they have limitiations side effects which are undesirable - for some people so undesirable as to make them completely impractical.

    To give a brief summary :

    The data protection legislation passed in the 1980s offered a fairly comprehensive solution to one problem (maintaining privacy) and a partial solution to another (letting people keep their phone number off junk call lists).

    Many people would prefer to have a listed phone number provided only that the information in that listing cannot be abused. They want friends to be able to find their number. But they object to (EG) corporations using the directory as a basis for a cold-calling list or linking the data in the directory with other data.

    The old data protection act solves part of the problem by controlling how the data published in directories can be republished (giving some protection to listed numbers) and by forcing companies to respect requests to keep your phone number private ( which makes having an unlisted number a meaningful, effective choice for those people who prefer that route ).

    More recently, additional legislation provides the rest of the solution by making it a criminal offence to cold-call domestic phone lines which have said they don't want to receive cold calls. (with similar provisions for junk faxes).

    >I'm in London, loser buys the first round. Deal?

    Hmmm. London is twenty two, slow, tiresome, expensive miles away. I live near Hatfield (The place which had the big Rail crash last year) and my rail service is still currently pretty fucked.

    Beer in London is universally expensively and far too frequently horrible. So this might not work out in practice. Unless you want to try some proper country pubs.

    It's also worth remembering that the EU does genuinely want a solution - a solution based on complete respect for the "Data Protection Principles" (that is not up for negoiation). However I think they will listen to any sensible suggestions as to how this can be done. One key criterion is that whatever method of chosen must be effective. Anything which seems to allow US companies to do whatever they choose without fear of meaningful sanction will be rejected.

    But, within that criterion these, is plenty of room for maneuvre provided the US companies get it into their heads that the EU is serious on this - they are going to demand a system which actually works and can be seen to be workable.

    That last bit seems to be the concept which bothers some US companies. Is it so unreasonable that Companies which break the rules should have to face a meaningful penalty?

  • These treaties work because there aren't many people in antarctica or on the moon. The basic problem is that the internet circumvents many of the things that make it worthwhile to be a nation. To approve that is to approve the dilution of their powers (for example taxation). While I wouldn't discount the possibility of a selfless solution, I'm more inclined to think that there are many more nations with an interest in regulation than there are against.

    As long as the police can confiscate your computer, they can jail you for breaking national laws. The kiddie pR0n issue alone is enough reason for most countries to want content control.

    Xix.

  • where do you think the electricity to run it came from

    Over here it comes from a nuclear power plant. Oh yeah, I forgot Bush Jr was in the pocket of the oil industry ...
  • Governments are self-perpetuating

    Such is IBM, Microsoft, McDonalds, Sony, etc... they are even much more self-perpetuating and powerfull that many third-world governement.

    if you will, deciding with their pocketbook

    I'd rather decide with votes - as pocketbook size vary from citizen to citizen (and then, why should Bill Gates have a higher decision power into those things than you or me ?)

    Governments, by and large, don't respond to such economic factors as rapidly

    And this is good - governement should care about people, not their pocketbook. Your idea of "democracy" is really sick if you believe money is the thing that matter.
  • The US population is about 275 M - Europe as a whole is 727 M, with about 300 M in the European Union (and more to come with the coming arrival of Poland and other eastern Europe countries).

    That's according to the Population Reference Bureau at http://www.prb.org/
  • European Union is not 300 M but 368.7 M people right now - so it's already well ahead of USA :)
  • Except it's only a trade agreement (as the USA are only worried about economy), while EU is about a common governement, army and foreign policy too (in the making right now :)
  • Maybe by doing research on more energy efficient manufacturing ? Making the industry cleaner doesn't mean laying off people, if anything else it means investing in research and making new products, which can be good for the economy in the long run. When more energy efficient standards are made, they say "washing machine will cost X more". But 10 years later the price is the same and the machine use 1/2 as much energy... another big lie from businesses trying to make as believe more efficient products means more expensive products.

    But of course, businesses would rather not invest a cent in anything and will say "look, if you regulate our industry, we will lay off lots of people, and then you'll loose the elections" and get by with it.
  • We have less than 20 years worth of data. That is in no way conclusive.

    20 years of data ? Are you sure you weren't sleeping during class ? Ever heard about digging ice in the antarctic and looking at air samples in it ? We have data over the air composition for several 1000's or years. There are very precise graphs showing the rise of carbon since the 19th century (industrial age).

    The issue for Kyoto is being tied into something which is detrimental to our citizens.

    No - it is detrimental to the businesses - not the citizens. What you say is a huge lie that trie to make business=citizens, and is widely used by corporations against any regulation. Saving the environement is about saving the life of those who live in it. I don't care if that means cutting by 2% the profits of Texaco.
  • This - again - is a lie. Big time.

    There's an old debate in the US (and nowhere else) - mainly between drivers of pickups/SUV and others. The drivers of big "cars" (truck) argue that smaller cars are more dangerous for their drivers/passengers, because they offer less protection.

    This is pure bullshit. If this was true, we would all drive tanks with 3 mm thick steel plates. No one would die. The world would be wonderfull. Oh wait, this ain't so ! In fact, most cars are more to be less resistant, so that when they crash they fold. The car has to absorb the energy of the shock so that passengers are protected.

    Suppose you drive a big tank, but crash. At 60 mph. The tank is a bit shocked, but doesn't fold. Since the tank takes no energy from the shock, all it's content (you) is propeled to the front of the tank at 60 mph. You are smashed like an old tomatoe and the tank inside is painted in your blood and guts. So the argument that a big car is more resistant than a smaller one is a lie - because both are made to fold and not resist to the shock.

    But F150 drivers then pull up some stats saying you are less likely to die in a small car than a larger one. So if it's not the resistance of the car that save your life, why is it so ? Well, it is so because, when a Civic driver hit a F150, the heavy mass of the F150 kills the Civic driver, and not the opposite. So it's not small cars that are dangerous - it's big cars that kill small car drivers.

    So your number saying that fuel economy standard will increase deads on the road is a lie. Plain and simple. It's the same kind of lies that economy standards are bad for citizens. They are lies made by the gas/car industry to defend their interests. They use short-sighted logic to support their claims. But in Europe those standards have long been in place, every drive smaller, more efficient cars, and there aren't more deads, and there isn't an economic recession either because of it (the car industry is even thriving).
  • by Dwonis (52652) on Monday May 07, 2001 @06:35PM (#238945)
    Let's say Canada gets satisfactory data protection laws. Since most of Canada's packets go through the US, will be be cut off too?

    Also, aren't the links privately-owned?

    I support legislation against various network DoS attacks (including spam), but this is rediculous.
    ------
    I'm an assembly guru ... What's a stack?

  • Oooops! Seems you are in for a very bad ride.

    Here is the situation as I understand it. Standard disclaimers apply: IANAL, I haven't looked at the EU rules and, basically, I don't really know what I am talking about, except that I am going to talk about it, as is my Slashdot-given right. =)

    Most countries in the EU have (almost) the same set of basic rules:

    • Personal information given to a company cannot be sold, exchanged or transmitted to anyone without express consent from the EU citizen it came from. Even if your company goes under, some EU laws may even require you to wipe out your database.
    • Personal information given to a company should be erased immediately and completely if the customer/EU citizen requires it.
    • Personal information should be not include possible discrimination-related information (for instance religion, sexual orientation, etc.) If you need that type of info, it should be kept extra-confidential and anonymous, meaning no names, phone numbers or any other data that would allow one to trace back the info to a given individual.
    • Finally, provision should be made so that the customer can access and rectify the data he/she gave to the company. Especially useful when identity theft has been performed.

    That's about all there is. This being said, it's already fairly hard to enforce these laws in the EU (especially the "access" part).

    Make sure you give EU customers the above rights and, IMHO, you should be doing OK. But don't sue me if that's not the case... =)

  • Let me see. You think it should work this way?

    So you want pollute the planet?
    Well, since you rescued us, we don't mind that we will all have more floods, storms, calamities and the disappearance some tiny states, whose names most people even don't know.
    No problem,
    especially since it's a matter of cheap air conditioning or pricy air conditioning and not something as negligible survival.
  • Did anyone else notice that this article from a European publication about how European governments would threaten to cut off connectivity to countries that didn't protect your data tried to set no less than 4 cookies from various domains ?

    What follows is mostly a re-post of a caffeine and sleep deprevation induced manifesto I posted [slashdot.org] in the article on Cult of the Dead Cow's recent product announcement.

    Distributed proxies and access to the web

    There is a huge benefit in an easy way to access the web from controlled and possibly opressive environments, such as from behind company or school firewalls where administrators check on traffic, or from UN Human Rights Commission [yahoo.com] type countries.

    If Chinese grandmothers and high school students could easily read anything on the web, then China would be less likely to end up in a war with us or Taiwan. The Chinese are not going to like America or agree with us because they can read the propaganda and claptrap our press spews out every day, but they will have a different sense of perspective (perhaps more cynical) and they will be less likely to get into a froth about the spy-boys being a little rough with the planes. Suffice that I think that the more the people of the world can see and hear of each other, the safer the world will be. The Truth Shall Set You Free.

    Of course, if you give people in communist countries a safe, unblockable way to access a set of http proxies which can then get the web pages, then the same system can be used for someone in Europe to use paypal.com in spite of the best intentions of their paternal government. It can also be used to post to slashdot in spite of the fact that you've been modded down 5 times in the last 24 hours. If Saudis can access porn, then The WIPO Troll can post fecaljapan.

    The dailynews.yahoo.com link is a good example: it is unlikely that you can easily visit it from China. Look at these stories:

    • Punching Holes in Internet Walls [nytimes.com], a New York Times article on attempts to circumvent access restrictions from countries that "protect" their people from information. (Here are the obligatory partners [nytimes.com] and channel [nytimes.com] links.)
    • Beijing Declares Victory But Chat Rooms Are Skeptical [nytimes.com], a New York Times article on censored web discussion boards in China. If Chinese could safely access web sites outside the country, they might use uncensored web boards. (Again, channel [nytimes.com] and partners [nytimes.com] links.)
    • www.realmapping.com [realmapping.com], attempting to keep a database of IP addresses and geographic position. See some technical information here. [realmapping.com]
    The links describe a tit-for-tat battle between the Communists ( and others, conservative Islamics, for example ) on one hand, versus the people of those nations and those who would offer them information on the other. China and others don't firewall based on the content of the data passing through; they just generally block connections to specific places, by DNS name and IP address. People found they could use a proxy service such as safeweb to get to the unfiltered Internet. Then the Communists blocked access to Safeweb. Safeweb started mailing out a new list of sites which were running the safeweb proxy, and the Communists would rush to block those and the safeweb folks would rush out a new list. Eventually the safeweb people came out with a way for individuals in the free part of the world to run a proxy that accepts connections and redirects them to safeweb, that is the Triangle Boy [safeweb.com] system.

    This doesn't even touch on the persistent and heroic efforts of employees everywhere to read 2600.com, fuckedcompany.com, and other blocked sites while on the clock. And numerous attempts by *_sporks everywhere to . . . nevermind, no one sympathizes with *_sporks.

    Something like realmapping system might be used by gateway machines in China to track where offending users are inside China. A Triangle Boy running both inside and outside the wall is needed to let everyone see the all the internet they want (violating EU directives by sharing personal information if that's their desire).

    For a gnutella/freenet to fix the internet access problem, it has to be undetectable by the European/Communist firewalls (because the Communists will block all encrypted traffic, or find the student himself) and someone in the free part of the world must run a script to dump www.nytimes.com into the gnutella/freenet system. It would be much better to set up Triangle Boy without the single point to block, the central safeweb service, and doing something to hide and disguise the web page requests and content.

    This hard to do. A system that doesn't hide and disguise the traffic risks the Communists blocking all encrypted traffic or harassing users, but maybe it can work if enough people use it. Maybe proxy and client combinations can hide their real traffic in the meta tags and comments of innocent looking web pages, or use other steganographic tactics, but you would have to be constantly upgrading those modules.

    Without the central safeweb proxy, cooperation from publishers on the free side of the firewall is useless. This would have the effect of making it impossible for Yahoo to not display Nazi stuff to France, because they couldn't tell who was from France. Yahoo and the French, the Communists and their people, Rob Malda and the sporks will all have to realize that anything they put on the Internet is on the Internet for anyone who wants it.

    We can force the world to choose the whole Internet or none at all.

  • by The Trinidad Kid (96681) on Monday May 07, 2001 @11:06PM (#238960) Homepage
    First up, I have registered a number of organisations under the UK data protection act, work for a major UK bank, and am a politician manque so I know what I'm talking about.

    The data protection regulations affect:
    (1) the storing of information about an individual in an electronic format which can be accessed via indexes.
    (2) the storing of information about an individual in non-electronic format but with electronic indexes by which it can be searched and collated.

    Data Protection regulations require an individual to give informed consent for any use of data that they provide. The customer relationship is protected (ie any organisation can legitimately keep data collected by them about thier clients).

    This is a good thing, it protects the customers data - in databases. It does not affect data packets in transfer, or other non-indexed/databased information.

    However if I take data from a customer and that customer indicates to me that I may make that information available to other bodies I can only pass that information over to those bodies under the condition that they respect the customer wishes. To this extent Data Protection legislation is viral like open source licenses. I, the customer, make my information available to you for you to do certain things with. If I permit you to distribute it, you may do so provided that my wishes are respected.

    The US is not regarded by the EU as having appropriate Data Protection regulations (we think your money laundering regulations are weak as well).
  • Let's say Canada gets satisfactory data protection laws. Since most of Canada's packets go through the US, will be be cut off too?

    This raises a point worth making. At one point there were Canadian laws which stated that data traffic which originated and terminated within Canada could only be carried on Canadian networks. It was illegal to send data from Ontario to BC via the USA, because this would hurt Canada's telecommunications companies.

    These laws were removed some time (IIRC, about 10 years?) ago, when Canada realized that by forcing Canadian companies to do business with Canadian telecoms they were causing companies to move down to the US to evade these laws.

    I think the same is likely to happen with the internet as well: if countries start imposing heavy restrictions on what dot-coms can do, they'll just move to the next jurisdiction.
  • by cperciva (102828) on Monday May 07, 2001 @06:25PM (#238963) Homepage
    We need some international treaties -- like those regarding Antarctica and the moon -- which tell nation-states to keep their hands off the internet. Legislators don't understand the internet, so the only way intelligent regulations are going to be put in place is when they come from the internet community (eg, IESG).
  • by Leto2 (113578)
    Hah, indeed!

    It's funny to get that heart disease flyer addressed to "Mr. Dorm 4th floor" (which is the name under which we registered our dorm's phone line).
  • Interesting. I wonder what they'll do when a corporation that has a precense both in EU and another country (For example, USA) has data on a citizen. Forbid the corporation to have the data? forbid the corp to share it with itself outside the country?

    Sadly, in a world of Corporations larger than most Governments (cisco, McDonalds', Toyota, Sony), this type of border-reliant protection scheme is little more than lip service.

    Show me a plan that actually protects me from having data about myself misused in the name of profit, or collected by corporations and sold to my government, and you'll have me drooling. Otherwise, I call shenanigans.
    ------------------------------------ --------------
  • by Animats (122034) on Monday May 07, 2001 @09:23PM (#238974) Homepage
    That's just alarmist. All the EU Data Protection Directive [privacy.org] affects is privacy of personal data, data that has somebody's name, address, etc. attached. If you collect such data within the EU, you can't use it in ways the owner of the data (by law, the person mentioned) didn't specifically approve. To make this enforceable, the EU prohibits getting around the EU rules by sending such data to areas with weaker rules, unless there's an enforceable agreement in place to protect the data while it's outside the EU. The EU has had rules in this area since 1981, and the current rules date from 1995. So this is old stuff in the EU. US complaints are mostly whining by the Direct Marketing Association. [the-dma.org] Even the DMA, though, points out that companies which actually comply with the DMA's own "principles" don't have real problems. What scares them is that the EU Directive has enforcement power behind it. If a company misuses your personal data, it might be denied the right to maintain files of personal data at all.

    Basically, it put a lid on most slimy marketing practices that misuse personal data. Too many US companies are used to getting away with this, and much of the direct mail industry depends on it.

    But it has zero effect on open source or anything like that.

  • Australia's data privacy legislation is still dim.

    Companies can do pretty much what they like.

    Having said that... it -really- bugs me whenever I try to lookup a Swedish friend's telephone number online... it's just not there!

    (Where are the Asian companies who use their low cost of labor to produce cheap phone CD-ROM's - i.e. to key (or - hopefully - scan, these days) in all the data, e.g. from the Swedish [telefonkatalog] - when you need one -PLUS- a web site to host access to one of the resulting CD-ROM's ;-)

    It's apparently unlawful to publish any Swede's details online (read: on the Internet).

    Now, if one happens to be -in- Sweden, there are lots of data available:

    Name, address, number & names of any children (unless born out-of-wedlock), taxable incomes - for both State & Local tax jurisdictions, et al.

    Just visit any Swedish Tax Office [lokalaskattekontor] and ask - even in English! - to use the Public Data Terminal... and all that data can be accessed, as well as a summary of the individuals' most recently processed tax records!

    You'll be able to use the Tax Office's gear & network (protected from modifications by downgrading of access rights to "Public User") costfree (unless you want a printout).

    Thus, we have come the full spectrum from restrictive Sweden (which protects the rights of its residents)...

    ...to Australia (whose government seems to treat its people like the graziers treat their sheep) - fair game for any outsiders, who would exploit the data unduely.

    Go figure!

    Actually, this story is a bit dated... can anyone in Sweden (or recently returned from there) confirm that it is still as it once was (not so long ago)? TIA

  • It's a little scary that anyone, especially a power the size of the EU, is considering this. Granted, privacy is an important issue, but simply cutting off whole nations doesn't seem like a very appealing approach. This is about as friendly to a wired nation as cutting off diplomatic relations or placing 100% tarriffs. If another country has regulations that its culture deems appropriate, and well-enforced, it could still find disfavor with the EU, requiring either protracted disconnection or invalidating of the policy. The result is you're either overbearing or ineffective, but never hitting it right. Perfect enforcement isn't possible, but a more traditional approach might better serve the citizens of the EU and maintain diplomatic relations.
  • Interesting. I wonder what they'll do when a corporation that has a precense both in EU and another country (For example, USA) has data on a citizen. Forbid the corporation to have the data? forbid the corp to share it with itself outside the country?

    We're one such company. Our UK presence has data-sharing agreements with a sister company in the US (they do our web-hosting, amongst other things, so need some subscriber-related data).

    I'm not sure of the details, but basically we had to draw up a data-handling contract between the UK and US companies, defining very specifically how transfers of personal data would be dealt with, and protected in the US. This then went to the Data Protection Registrar for approval, and once approved we could just get on with it.

    The regualtions don't prevent all EU-outside transfers of personal data, they simply state that if the 'default' protection in the other territory isn't up to scratch, further binding conditions must be applied before data is transferred.

    TomV

  • There are two ways I can think of:

    Physically interrupting network connections to various countries. ...

    The EU would attempt to block traffic to and from a certain set of IP addresss....

    Much simpler than that, actually. In the great Tony Blair tradition, here'sthe Third Way:

    The European party to the data exchange gets charged, tried and convicted, has to pay a gargantuan amount in fines and punitive damages, loses it's credit rating dueto the judgements against it, and potentially its directors spend a bit of time behind bars.

    That would tend to work quite well

    TomV

  • by Aceticon (140883)
    That's quite interesting because i know FOR SURE that KPN has leaked my personal info to 2 external organizations (ANWB and some heart disease thing).
    I am non-dutch (but still and EU citizen) and KPN are the only ones that have my name wrong (now also two other companies).

    Do you know who where can i go to with this?

  • Surely the whole point of these regulations is that they are attempting to maintain people's privacy. Now, so long as HavenCo decides to have a proactive stance on data protection (it would be ironic if they didn't, seeing as data protection is the whole point of HavenCo in the first place), then they should be spared any problems.

    Regardless, with things like FreeNet and other 'clouds of data' springing up, there's going to be no way for the EU to effectively police something like this. Kudos to them for wanting to try though - one of the things I was most impressed about with Germany when I lived there was their bordering-on-paranoia feelings towards privacy. Not even the banks can legally hold complete records after a not-too-long period of time.
  • by lga (172042) on Tuesday May 08, 2001 @12:21AM (#238997) Homepage Journal

    I think some people here are misunderstanding the Data Protection laws. No one said anything about cutting off all net access to other countries. The law prevents the transfer of Personal Details and customer specific data, eg databases containing details of what I bought. No other data is affected, so there won't be any severing of internet connections. If a company does transfer customer data to a country with less protection then it will be liable for prosecution.

    I think this is a good thing. The EU Data Protection laws are there to prevent misuse of personal data. An example: If I were to buy a book from a multinational company in the UK then I would have to give them my address for delivery. At the same time, I would check the box marked "Please tick this box if you do not want to receive special offers carefully selected companies" which would prevent my address and phone number being sold to another company that wants to sell me bookshelves to go with my new book. And who wants to recieve that phone call?

    In order to get around the EU law requiring that they honour my request and don't sell my data, the company could send my data to it's US arm and from there sell the data back to a telemarketing company, which could then plague me with phone calls about bookshelves. By making the export illegal the company cannot do this.

    I hope that all makes sense.

    Steve.
  • Well, This reminds me of the case of France vs Yahoo last year.

    This is where the Value of the Internet is wiped out because everyone gets offended by what is going on in the next country, then the next province, the next city, town, or county.

    A case where people prefer to be safe in their ignorance.

    on the other hand, jerking the other guys chain with a high voltage cattle prod doesn't help either. You know, there are guys who will act as insulting as possible just because the other person gets upset about something, instead of acting with compassion.

    Sort of cutting off the nose to spite the face. Cutting themselves off might do more harm than good.

    Check out the Vinny the Vampire [eplugz.com] comic strip

  • by YKnot (181580) on Monday May 07, 2001 @10:54PM (#239005)
    The directive isn't primarily aimed at the internet. It's about what companies are allowed to do with information on the net as well as outside of it. The main aspect is data gathered by financial institutions. That's mostly a non-internet thing.
    Europe has a different, more restrictive view on protection of person-related information. Companies are trying to evade the restrictions by moving data across the border and having it processed by non-european companies. The regulation tries to stop this malpractice.
    The EU has been accused of trying to impose laws beyond its frontiers. The regulation does not tell non-EU companies how they may handle data. It tells EU companies how they must not use data and forbids exporting that data to circumvent the law. This is not even close to the US pushing the DMCA beyond US territory.
  • According to the article, these laws have been around a while now: "The directive, enacted in late 1998, has repeatedly caused frictions with the US, which has accused the EU of trying to impose laws beyond its own frontiers."

    From what I can tell, the article is actually about the EU pushing through a "model contract" for companies that want to work through these data regulations... a contract that the US wanted to delay.
  • by nz_mincemeat (192600) on Monday May 07, 2001 @06:33PM (#239011) Homepage
    Draconian from first glance, but it is indeed the best way to safeguard EU citizens' privacy (at least against entities outside the EU nations). Similar to the "ultimate form of security" - disconnecting the computer and bury it under meters of concrete (in terms of concept, effectiveness and amount of inconvenience caused.)

    As for the U.S. diplomatic feathers being ruffled - it's about time somebody/something stood up to their schoolyard-bully style of foreign policy.

    First the Kyoto accords, then the Spy Plane "accident"... all within three months!
  • by glassware (195317) on Monday May 07, 2001 @07:28PM (#239013) Homepage Journal
    My legal department representative walked into my room the other day and announced, "I need you to work on the EU Data Directive." There's a surprisingly little amount of information to use.

    So far, the explanations I have received from our vendors and our partners are unsatisfactory. People aren't really aware of the data directive; and those who are aware, refer to a clause called "Safe Harbor" that protects businesses that work on non-EU data but whose websites operate in the EU.

    The most cogent explanation I have received so far is that the EU Data Directive acts as a "poison pill," attaching itself to any data that comes from the EU. If a website collects data on users from the EU, that data can never leave the EU - the exception being "safe harbor" companies who do not really have a presence in the EU. I haven't yet received a satisfactory explanation about how a website that operates in the EU and collects data about American users is affected.

    Perhaps I should pose a business question: How can a website effectively mix US and EU data in a database? It sounds like we are in the land of do-as-you-please for US data, but anything from the EU cannot be shared, sold, or transferred to partners.

  • by 7-Vodka (195504) on Monday May 07, 2001 @07:44PM (#239014) Journal
    I really admire the EU informational privacy laws. They have finally got something right.

    For those of you unfamiliar with the laws there, they basically state that to do ANYTHING with someone's personal information you have to have a valid reason and the person's permission.

    This applies to information already collected before the passing of the laws.
    It affects everything. Eg. a teacher can no longer just post student's grades.
    Also, if you're collecting data, you have to have a valid reason and are under no circumstances allowed to share personal information gathered with other companies without the express permission of the individual.

    This puts the advantage right back into the individual's side of the deal. And so it should.

    "just connect this to..."
    BZZT.

  • I think the point being made is that the EU directive would require the U.S. to pass laws violating its own constitution - I've never really considered it this way, but it's not a bad argument, IMO.

    The First Amendment is not absolute and has lots of exceptions, this would just be another one. For example, you could just think of it as copyright - personal data is owned by the person it describes. Copyright is a well established exception.

  • ...If people have different laws than us, they must be embargoed!

    Oh yeah, that's what the US [did|does|tried to do] to Cuba.

    --

  • by Aztech (240868) on Tuesday May 08, 2001 @12:48AM (#239023)
    I can't see how it over-reaches territory, if you deal with a foreign country then you must abide by their domestic laws, this has always been the case. As a US company, if you try and sell a product into the UK and it doesn't meet their safety requirements or whatever, it will be deemed illegal, despite the fact it may be legal under US law. This isn't imposing law on another country since you can still sell the (potentially) unsafe product to your US citizens legally.

    Remember this only affects data concerning EU citizens, if you're an EU company then you cannot sell data on EU citizens to countries that have questionable data practices, if you're a US company dealing with EU people they you must do the same, obviously a US company can do whatever it likes with data on US citizens.

    This does in fact does make some sense, if they didn't put restrictions on foreign countries then EU companies would just move their customer databases abroad and then do whatever they like with it, and because the country is outside EU law, citizens would have no legal control of their data, this would just undermine the whole purpose of the law.

    If you've ever seen the "UK-Info" CD, which lets you find out in depth data about households by aggregates data from the British land registry, ordiance survery, electoral roll, company house records, acorn demographics, phone listings etc, they move this data to the Cayman Isles [cia.gov] then process and cross reference it and sell it on a CD to the UK. If the CD was cross referenced in the UK it would break a number of data protection [dataprotection.gov.uk] laws. Because the information can flow abroad then be sold back to the UK in an aggregated form, it's not illegal, which makes a mockery of the law, so they're trying to ensure citizens have rights on their data if its passed abroad (and choose if it even goes abroad).

    The requirements are for companies dealing with EU citizens not just companies within the EU.

    I can't see any law solving this issue easily, there are too many loopholes to deal with. As with the UK Info disc, lots of disparate forms of innocuous information are obtained which in themselves aren't a problem, it's when they're cross-referenced and interlinked it becomes an issue, I can't see how the EU can stop foreign countries processing this information.

    Enshrining privacy in the law is an honourable pursuit, but ultimately frivolous, if they don't get industry backing it will never work since companies will just hire lawyers to exploit any tiny loophole in the law. Therefore how do we get companies to respect our data? What is commercial incentive for a company to do so?
  • Ok,

    I see a lot of posts which completely misconstrue the point of the EU Personal Data regulations. Whether this is simple ignorance, or fostered by US corporate propaganda I don't know, but I will try to set things straight a little, from my own experience with the Dutch version of these regulations, the Wet Bescherming Persoonsgegevens, or Personal Data Protection Act (I work for a bank, so I am supposed to know this).

    First of all, it is perfectly legal for a corporation to build up a customer database and use it for marketing purposes. How long it is allowed to keep this database seems to be open to local regulations, but it is legal.

    However, the sting is in what a corp is allowed to do with the gathered data. In effect, the data can only be used inside the corporation itself. It is strictly forbidden to share this with any third parties without the explicit written permission of the customer. In the Netherlands this is enforced pretty strongly, at my work we're not even allowed to give out info to colleagues from another subsidiary.

    This is where the EU and the US differ: in the US it is accepted practice to sell customer data to third parties, and we've all seen the horror stories on Slashdot about the consequences of this (spam, among others). The EU is merely hardening its stance (and we've been negotiating for the last few years) vs the US and saying, unless you guarantee the integrity of our citizens' data by law, we will allow noone to export this data to you unless this integrity is protected by contract.

    So for the record, this whole discussion is old news (but still interesting), and has nothing to do with the routing of internet packets, as I've seen some people suggest.

    Mart
  • The parent post in excellent example of Amerocentric ignorance.

    they just need to route their packets through Sweden, who by dint of not being an EU member is freely exchanging packets with Russia, and has set up a service to do so.

    Sweden is an EU member, but I suppose you could replace that with any non-EU member that has cable connection to Russia.

    No, Sweden is just strongly suggested to stop routing to Russia. No problem they say, and then route their Russia-bound packets to Estonia, who quite happily sends packets through Byelorussia to Russia.

    Most of the East European countries (e.g. Estonia) are negotiating about EU membership, and have trade agreements etc. with EU. Applicants have to harmonize their legislation with EU, so if they do not enforce this, their negotiations could be stopped. Perhaps a threat of discontinuing the trade agreements could do it, if the country gets stubborn. So, the strong suggestion would be propably listened to. Any goverment not listening to EU will be an ex-goverment, as EU membership has very strong support among leading politicians in almost all East European countries.

    In EU-East Europe-relations, you should apply the Golden Rule:
    The one with the gold writes the rules

  • This is completely bullshit. This has nothing to do with data in general, but with EU companies exporting privacy protected personal data (like your address, social security numbers or equivalent, bank information, e-mail address, telephone number etc.) without your expressed consent.

  • If they know and don't care, it wouldn't hurt you to tell them how you would use the information, and obtain their express approval, in which case you could use the data the way you wanted.

    The EU privacy laws doesn't stop you from doing nasty things with private citizens personal data, it prevents you from doing it without their knowing consent.

  • Note: This is not legal advice.

    Any non-EU based website can collect information from EU citizens without being affected.

    Also, any non-EU data can be transported into the EU without problems.

    The issue arrives when an EU based business collects and processes personal information in the EU, in which case that data can't be exported to a country without adequate privacy protection without the recipient adhering to the safe harbor principles.

    Safe harbor in effect requires the recipient to abide by the same restrictions outside the EU as an EU based company would have to inside the EU, including not transferring the personal data received from the EU to any recipient in a country without adequate protection unless the recipient complies with the safe harbor provisions.

    In other words: If personal data has been collected and processed in the EU, it will have to continue to be treated according to EU law, or laws that are practically equivalent, no matter where the data is actually moved.

  • If you "speak up" on your behalf, and try to restrict how they use the information without any other pressure on them, they'll just refuse your loan application.

    If you really believe that you'd manage to go through life without giving out your personal details, you obviously haven't been around a lot.

    In many countries you wouldn't even be able to get a place to live (whether buy or rent) without giving away extensive amounts of information.

    These privacy laws doesn't restrict anyones ability to give your information away, it forces them to ask for your permission - putting the power back into the hands of the people, as opposed to in the hands of large corporates.

    Does that mean that you are opposed to forcing companies to inform you of health riscs with their products too? (After all, you could just go to them and tell them that either they do that, or you won't buy their products) Or to take any health precautions when producing their goods? (After all, you do ask in the store whether the food you are buying could contain any dangerous chemicals, don't you?)

    If you really believe that consumer boycotts generally work, you're one of the most naive persons I've encountered.

  • by vidarh (309115) <vidar@hokstad.com> on Monday May 07, 2001 @11:57PM (#239040) Homepage Journal
    I'm not a lawyer, but my company has been looking extensively into this, and I believe the following should reflect current EU law reasonably well:

    Sites not situated in the EU, or that have a substantial presence outside the EU and process and perhaps also collects, the data outside the EU (a EU citizen accessing thei EU based companys website run and operated in the US, for instance), will not be directly affected.

    Further, private citizens sending their information out of the EU can continue doing so.

    Companies sending private EU citizens information out of the EU to a company voluntarily complying with EU's "safe harbor" rules (applies for the US and other countries with crappy privacy protections), or that have adequate privacy laws (applies for instance to Norway, which has always had strict privacy laws, and have harmonized their laws with EUs as a member of the European Economic Area) are still allowed to do so without any more restrictions than what they are bound with for use within the EU.

    I also believe that companies that do give customers a real choice to opt in or out of transmission of their data abroad to a non-safe harbor complying company, and inform their customers of the consequences of letting their data be transmitted can do so. I haven't verified that, however, so if you plan on doing so and you're in the EU, check with your lawyer, and don't blame me.

    The whole point of the law is to require the companies to get consent and force them to provide information on where they got the personal information about someone, if that can be reasonably achieved (and it can if they have bought the data), and what they plan to do with it.

    And to ensure that the consumer can require the data to be corrected in the case of mistakes, or deleted provided it is legal for the company to do so and there's no contractual obligation on the person the data is about to let them maintain it.

    ObDisclaimer: Don't do this at home. Check with your lawyer if you're a company that plan on exporting personal data from the EU. Not doing so can jeopardize the companys financial health, and possibly result in a prison sentence for you.

  • by vidarh (309115) <vidar@hokstad.com> on Tuesday May 08, 2001 @12:08AM (#239041) Homepage Journal
    Yes you may have a choice in the first step. But without the privacy laws that EU, and most of non-EU member European states have you have no control over what happens to that information once you've given it away.

    What if you give your data to your bank because you're applying for a loan? Should the bank be free to sell that data without letting you know, or asking for your approval?

    That is what the EU privacy laws prevents. A company can't collect personal data, whether they are giving a good, trustworthy, valid reason or not, and give or sell or do anythign with it, unless they've received your consent for that specific use.

    There's so many valid recipients of personal data out there, that keeping your data to yourself isn't an option for most people.

  • First of all it has nothing to do with IP packets, but with restriction of transfer (whether over the internet, on paper or however you want to transfer it) of personal data. If you do it, and get caught, you risk heavy fines and jail time.

    Second, the reason it is directed at the US in particular is that the US has virtually no privacy protection whatsoever, and is one of the worst countries in the world when it comes to privacy protection. Coincidentally it is also one of EUs most important trade partners, and therefore EUs privacy laws would be more or less worthless without making sure that personal data isn't transported to the US without binding contracts to ensure the US recipient of personal data doesn't abuse it.

  • by Spy Hunter (317220) on Monday May 07, 2001 @06:27PM (#239044) Journal
    It is backed by the power to cut off data flows to countries that the EU judges not to have adequate data protection rules and enforcement.

    If that's a threat, we truly have a global information economy. Think how silly that would have sounded ten years ago.

  • Sweden and its neighbours Finland and Norway have fairly low emissions, true, but they are (in population terms) quite small. The UK has an even lower CO2 emission per capita. However, if you look _east_, then you see really low emissions - Hungary and Poland, for example. Almost the entirity of Europe has a pollution per capita level of 50% of that of the US.

    Of course weighting countries by population is only one way of doing it, if you were to measure pollution/GNP, then it would shift the balance considerably. However, that's a rather abstract measure, but the US could use it to justify their use of energy.

    This is all from
    http://www.grida.no/db/maps/collection/climate6/ in dex.htm

    THL.
    --
  • by janpod66 (323734) on Monday May 07, 2001 @08:27PM (#239047)
    The US has been trying to dictate US-style business practices for a long time. In many areas that is actually good, but when it comes to privacy, US laws and practices are unacceptably poor. Rampant identity theft and theft of large numbers of credit card numbers and other customer information (kept around by web sites long after an order has been fulfilled) in the US are examples of that. It is good that Europe is putting their foot down on this matter.

    And Europe certainly has the clout and experience to do so. B2C E-commerce has existed in Europe about a decade longer than in the US, and Europe itself is a multicultural economy comparable in size to the US and with a significantly larger population.

  • How dare they. We, in the "civilised" world, have come to accept that our constituants simply cannot be trusted to manage their own security. So we locked them out of the entire equation and have enacted laws that enable anyone with a big enough purse to help themselves to the public's private information. (What good is a secret if you can't tell anyone?) This is the only way we could appease the powers that be.
    Now the f*cking European Union think they can tell me what I can do with my publics private information. It is mine and I will continue to do with it whatever I like.
    Sen. Hon. Richard K R Alston

"Everything should be made as simple as possible, but not simpler." -- Albert Einstein

Working...