Posted on 05/13/2018 8:17:11 AM PDT by CodeToad
European Union, USA March 7 2018
The EU’s General Data Protective Regulation (“GDPR”) has been a popular topic of late. Fisher Phillips’ Employment Privacy Blog has covered the evolution of this regulation, starting with the roll back of the previous “safe harbor” regime, as well as providing updates to GDPR compliance standards, and training recommendations.
As if to highlight the seriousness with which the EU is pursuing this directive, the GDPR has even made a recent appearance in Supreme Court arguments on Tuesday. United States v. Microsoft, No. 17-2, raised the issue of whether the United States may issue a search warrant to a U.S. based electronic communications service for data held on a server outside of the United States (in this case, Ireland). At the heart of the case is a 2016 ruling in favor of Microsoft and other tech companies by the Second Circuit limiting the geographic reach of the Stored Communications Act to data stored in the United States.
Among the many amicus briefs filed on behalf of Microsoft, was one submitted by the European Parliament, arguing that the US government must work through bilateral treaties in order to lawfully obtain the data stored in Ireland, or any other EU member country. The EU’s position states that the “successful execution of the U.S. warrant would extend the scope of U.S. jurisdiction to a sizeable majority of the data held in the world’s datacenters (most of which are controlled by U.S. corporations) and would thus undermine the protections of the EU data protection regime, specifically intended and designed to cover data stored in an EU Member State.” With the EU having made its position clear, the Supreme Court’s decision could set up a future conflict for companies seeking to comply with both U.S. and EU laws.
With the GDPR coming into full force on May 25th, and bringing with it steep new monetary penalties for violations, and with the EU’s highest court having already weighed in, determining that EU law does not recognize the US legal regime as upholding Europe’s “fundamental right to privacy,” US companies with data stored overseas and/or European operations, should be following this case closely.
Employers should also have a training and compliance plan in place to prepare for implementation of the GDPR, which requires training on handling personal data. The EU’s new website is a handy resource to start. GDPR compliance effects all levels of organizations which handle private information. With the enforcement data around the corner, organizations with any questions about the applicability of the GDPR to their activities or how to prepare should contact their regular Fisher Phillips attorney or any of the attorneys in our Data Security and Workplace Privacy Group.
The EU’s GDPR is international tyranny. It is the European Union declaring rules and fines for Internet companies, FreeRepublic included.
The GDPR claims fines such as $24 million for any data breach, or anything the EU considers a data breach or unlawful use of data. The EU is claiming GDPR is enforceable throughout the world, yet, it also argues no other nation has rights within the EU as they claim they have in other countries.
The GDPR is a lengthy law and has the typical extreme -left-wing conflicting rules, very much like ObamaCare. It is a law that is impossible to be compliant with while facing massive, company-ending, fines and criminal charges.
This is the EU trying to rule the USA and the Internet.
Prosecutors will use any force and any lever necessary to get what they want. As the holder of the data, the first need would be to get out of the path of the legal bullet. They should give the data to the government of the country where it resides or to whoever in the EU has the right to it. Then they can tell the US, we no longer have it. Otherwise, they may find their bank accounts seized or their offices closed by the US legal effort.
“...This is the EU trying to rule the USA and the Internet....”
They try this a lot. What else would we expect from a bunch of Socialist countries who cannot make their own money...oh, wait, socialism does not work.
They have not figured this out yet.....
One thing this is no doubt and attempt to do is outlaw profit making companies from the Internet.
GDPR has all kinds of gotchas that allow for ruining a company.
I fully expect an EU, “Gosh, we tried to regulate the Internet but it just didn’t work. I guess we’ll just have to take it over.”
GDPR is against the free access to the Internet. If you don’t like to be tracked, don’t use the site. Nobody is forcing you to visit a site. Let free market rule. It will weed out idiots.
Great article! I had no idea.
Thanks. CDPR is about to destroy the free-market Internet, and it will test US sovereignty.
I see this a bit differently, your information has become a commodity captured and gathered into a profile for each and everyone of us. This what Facebook and many others have been doing and if you think that is ok well then there is not much I can say to you.
In essence the GDPR seeks to limit the amount of use of your data by companies to whom it has been provided without your consent, and on the other side if you choose to have it deleted they must do so, totally.
As to the data transport issue Facebook just moved over 1.5 billion records from EU to the United States in order to try and thwart this regulation. Unless you have been living under a rock this is a huge issue around the world as that data is intended not for convenience.
I will leave the discussion for further insights, GDPR is not the only standard that seeks to help maintain YOUR privacy and data, HIPPA, GxP and others do the same. I belong to a group called VRM out of Harvard and they are all about data privacy, and not from some leftist perspective. Just do a search on VRM and have a look for yourselves and then think about You and how much you feel comfortable with someone else having
Phone calls
Chats
E-mails
This will not limit freedom of speech at all, it will protect it. Bringing it home to FreeRepublic if a user wanted their record deleted then that would be fine, it was if they never existed from the data standpoint and any financial or personal info would be deleted
“I see this a bit differently, your information has become a commodity captured and gathered into a profile for each and everyone of us. This what Facebook and many others have been doing and if you think that is ok well then there is not much I can say to you.”
You made a rather idiotic conclusion.
The choice isn’t between absolute abuse of personal information or an absolute abuse of Internet companies.
The answer to data abuse isn’t government abuse as the GDPR is.
That is why we have government abuse in this country: People asked for extreme measures out of juvenile anger about various subjects.
GDPR is extreme government abuse.
A simple law that takes care of data abuse is one that prohibits the selling or trading of data between companies or across borders.
In fact, the GDPR doesn’t even prevent data abuse. It only says the company must tell you about it first. The GDPR doesn’t even prohibit a company in your country from sending that information to another country. It pisses me off that a credit card company has given India call center my personal and financial information. I have zero protection should India screw with it.
The GDPR isn’t about protecting your privacy because it doesn’t do that. It is about government control of the Internet.
That is what VRM is about.
We can agree to disagree, I am not saying that GDPR does not have it’s faults but something has to be done to limit the exact problem you have experienced. The same applies to Robo calls and many other invasions of our privacy and as the Internet is a global model it will take many steps to rectify the issue.
You may call it an idiotic conclusion yet I made no similar comment to you. Let us consider the outcome I hope we mutually aspire for, that which will put us and all we are first and not be traded like playing cards. The EU is essentially a poor mans version of the United States. fix it here and then move forward. Either that or we will be faced with limiting our use and the real value of the Internet. This is a key element of what I do professionally and GDPR and other standards must be dealt with. and once again someone has to step out and say “no mas” and we as a Nation must lead the way.
The US could easily bypass the EU laws by requiring any company operating within the US to maintain a copy of all customer’s data within the boarders of the US
“The US could easily bypass the EU laws by requiring any company operating within the US to maintain a copy of all customer’s data within the boarders of the US”
I believe contracts that require users to allow crossing borders are illegal because it demands the users give up US legal control. We also lose all privacy rights at the border.
Anyone supporting tyrannical government response is an idiot as they consider tyrannical government control as a valid response to a civil issue.
I AM TOTALLY AGAINST GOVERNMENTAL CONTROL
And if you are calling me an idiot then I say I will consider the source of that comment, reading is not your strong suit
“I AM TOTALLY AGAINST GOVERNMENTAL CONTROL”
Then why the hell do you support GDPR which is nothing BUT government control??
GDPR doesn’t even protect personal information and it has impossible regulations such as the idiotic requirement to delete data from backups.
Do not put words in my mouth, GDPR is the decision of the governing body in Europe. It is a playing field element one has to deal with in the business world
So I thought a different approach is one I use with Development teams of Hardware and Software solutions, but I will keep it focused on software for this exercise. And the situation I am using is not fake, this is an actual solution in development and deployment as we speak
Currently I am rolling out a solution in a marketspace that in the US alone is over $450 billion and more in foreign countries. It involves both a software core as well as medical devices that gather information from the user as part of a therapeutic and diagnostic model. We will be rolling it out initially in the US but the roadmap is to take it global. The software core of the solution can and will be utilized across other implementations that will be global in scope, and there are many of them
So putting you on the virtual development team and knowing that this is not something we can avoid, what are YOUR suggestions and insights on how we work within the confines of not just US but other standards and regulations that include regions not covered by GDPR
Enough foot stomping, I have worked in product development and launches for decades and I really want to hear your insights as to what your ideas are, and if you have none then that is all I need to know
Batter up!
You want foreign sales, you deal with foreign laws.
Not my problem.
Don’t try to change the subject. The topic is the GDPR, not your problem dealing with foreign laws.
GDPR is directly involved as the data collected will be citizens of the EU as well as others
And data collection is a key element of the solution as it provides input on therapeutic models and effectiveness. In the model we have developed a way to protect the data and never provide direct information about an individual. Anyone who participates is ensured their data is not only protected but never provided associated by a name or other identifying info. If they wish to have their data removed we are prepared to do so
You changed the subject, I said OK solve it and your response was not my problem
Not about sales, about helping people and solving problems while honoring their right to privacy. GDPR is but one regulation businesses deal with in International trade and services delivery
So is your answer no, you have no ideas...
Just asking as your attitude is the first I have experienced but then maybe I am dealing with programmers who understand real world and business/personal solutions under the requirements from me that data security is sacrosanct and not to be altered or sold
I will let you go now, I am clear in my motivations and respect for personal privacy
Good Day
“You changed the subject, I said OK solve it and your response was not my problem”
NO, I did not change the subject.
You claimed to support such nonsense by making such a liberal “Just trying” statement. The EU is not “just trying” to solve privacy.
Your motivations are very liberal: Heavy handed government as a solution.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.