EU just can’t keep loosing with their proposals. With Swiss regulators trying to weaken the privacy laws in Switzerland and the EU constantly pushing ChatControl or now stuff like this, what would be the next best country from a privacy standpoint should these proposals pass at some point in the future?
Off topic
Disclaimer that politico is owned by Axel Springer SE
Iceland has been noted in past discussion as a non-EU country with strong privacy protections.
According to Austrian privacy activist Max Schrems, the GDPR is still a “huge target” for lobbyists, but its core rules can’t easily be scrapped since the protection of personal data is enshrined in the EU’s Charter of Fundamental Rights as an inalienable freedom.
Makes me optimistic, but I guess you never know with these things.
Maybe a hot take because I am not a GDPR legal expert, but there are elements of the GDPR which I feel are overly burdensome, particularly to non-EU entities. I like the technical limitations they place on companies, but some of the jurisdiction-based requirements like needing an EU representative, or even the restrictions on international data transfer do not make a lot of sense to me for governing the inherently borderless internet.
These parts feel more like the EU just trying to strong-arm companies into investing in the EU and being more local, which is a fair goal for a government to have, but not necessarily a privacy benefit.
For a non-EU example, this is also the reason I think TikTok’s Project Texas is stupid. Simply having an American presence and local data storage is not really beneficial to Americans, because at the end of the day it is still TikTok.
I respectfully disagree, how else can a country protect their citizens from these evil corporations abroad who do not give a damn about human rights? This is the best measure to have accountability.
It makes it very simple, either you have a place where it can hurt if you fuck up or you cannot do business. I think that this a very very good thing.
If Facebook let’s say never had needed to have a representation here they would simply not have cared to make changes. It was a good thing they were forced and it wouldn’t have happened without this clause. Note I am not saying it is good now but it was way worse.
The alternative would be to allow EU authorities to saction US businesses and holding them accountable. But the US did not want this, which tbf that I understand.
The governments of a country should be able to enforce laws protecting their citizens, especially also on the web where unfortunately a lot of billionaires cowboys are not taking human rights so seriously.
It is very normal that if you want to operate in a part of the world you have to follow the local laws. I mean same goes for food standards. You also wouldn’t want a company selling you poisoned food from a third country that is not faling under your jurisdiction and you having no way to sue them whatsoever.
To be frank, our fundamental rights are a joke. They are woefully inadequate and governments have no issue blatantly ignoring (‘reinterpreting’) them when it suits them.
Yes, I think that is a fair argument and certainly the thought process behind the requirements. My counter is mainly that users should be making a conscious decision about the services they use and where they are located.
If you want local service and protections you should buy locally. As a non-internet example, I recently traveled to Japan and bought a camera. I wouldn’t expect services offered by Nikon in Japan like warranty service to be available to me in the US. If I run into an issue I’d either have to go back to them, or accept that’s the cost of doing business in a foreign jurisdiction.
If a company is actively selling or advertising to European customers in Europe that is a different scenario, but I think that case should be covered by trade regulation, not privacy regulation. I also think this would cover all Big Tech companies and other major privacy offenders.
I don’t think merely existing on the internet should count as soliciting European customers though. Right now the letter of the law of GDPR essentially demands most small non-EU businesses (and non-businesses because the GDPR has no real exceptions for other entities like the CCPA does) block access to the EU entirely. Most don’t because the EU likely will not enforce it or care about them, and because it annoys EU citizens, and the latter thing here is why I think the GDPR should ultimately be relaxed in this regard.
Tbh I would prefer this too, yeah. Just like above, regulated by trade legislation.
The actual content of the article isn’t as alarming as the title. The main thing it identifies is cutting back on the amount of reports and paperwork that businesses, especially small and medium enterprises, have to produce.
This is blaming the customer and making an average person responsible for a lot of things they cannot oversee. I will use the same example here again. You can not expect from a customer to test all their groceries on safety either. The same applies here to digital rights. That’s why we have authorities and laws to guarantee some common set standard for all of us. It would simply be an impossible task to do proper due diligence on everything you consume. Let alone that it would be highly inefficiënt. You are now blaming the customer instead of putting the responsibilities where they should be at the providers. It is like saying the climate crisis is caused because people buy the wrong things, which is just an false narrative. The average consumer can never fight the system alone and this is an unequal and unfair thing to say. If only customers would buy things that are good for everyone the world would be perfect is just such a shitty argument. It is not something you can expect from the individual who would have to police the world then all one by one versus the big corporates, who have infinite resources to abuse them.
the only part that was there to make the US a “safe” data habour, was the oversight body that was fired by the current administration. So if anything it goes the other direction.
To make it possible to have it under a trade agreement the US should have at least somewhat of the same values. And I frankly believe we are far away from having a similar mindset on what is privacy (even before the current government). The cultural values are very different.
This I believe to be a very problematic stance from you actually. The GDPR is not a very complex law to adhere to imho. It would create all kinds of nasty loopholes which we already enough of unfortunately. It would make it even harder to police the regulation. It is already the case that authorities fine based on what kind of organisation it is and they are doing. Also the there is always the option to go to court. We shouldn’t require less. The current system already takes into account how bad an offence is and what punishment is justified. Fines are tight to the profit of the organisation. Why should a small entity be allowed to violate basic human rights? It makes no sense to me, in fact it would also be unfair to bigger businesses and be highly impractical in terms of scaling business. It is not difficult to act right by design. Authorities here do not fine small organisations who make small mistakes as first offence, they get warned and informed what to change. The problem you see here does not quite exist in reality.
between the lines, happy to have this fundamental discussion, it is nothing personal. I find it good we discuss these things as I see there is a lot of misunderstandings in the world on what GDPR actually is and does.
The sad part I see with this news article is that there is a lot of lobbying against GDPR. Online you read a lot of people parroting that the GPDR is not allowing data sharing for critical things. All of that is so false. GDPR is actually very allowing for exceptions as long as they are well defined, assessed and in certain cases law defined. It requires decisions to be made with care and right measures which is a really great thing. Instead of making the required laws to make justified and thoughtful exceptions some politicians cans now try to dismantle the default policy.
I like to compare it to like a firewall. You want to block everything by default and open the right parts where it makes sense instead of having an any any policy 
Here I am thinking the GDPR is inadequate and should go further. Just a pipe dream I guess 
A law requiring explicit consent for all data collected + mandating data minimisation would be pretty simple to follow.
Well the successor was cancelled…
Dang I completely missed that, it’s a shame it got cancelled. It’s almost like an unelected commission + lobbying leads to decisions that aren’t in the interest of EU citizens.
Wdym ?
The European Parliament is the only directly elected institution of the EU and yet they don’t even have the power to propose new laws.
Meanwhile the Commission is made up of representatives selected by national representatives that already do a terrible job serving the interests of their citizens. You can imagine how much less democratic a representative of a representative is.
Inconsistency in enforcement among EU member states have led to the European Commission to consider relaxing the requirements of the GDPR. This is expected to help smaller businesses reduce the costs required to comply.
The European Commission is now finalizing a plan to simplify and potentially remove many of the regulatory requirements imposed by the continent’s complex and far-reaching General Data Protection Regulation, particularly those impacting small and medium-sized businesses.
The commission is working on a plan to simplify the law in order to “ease the burden” on smaller organizations while “preserving the underlying core objective of our GDPR regime,” Michael McGrath, the European commissioner overseeing data privacy laws, said in recent remarks at an interview at the Center for Strategic and International Studies (CSIS).
At the end of March, Danish Digital Minister Caroline Stage Olsen reportedly told journalists that while there are many positive features in the GDPR and privacy is paramount, Europe needs “to make it easy for businesses and for companies to comply.”
I have no experience in privacy or compliance to judge whether this is good or not. If the rules are simplified, does that mean that we would see more websites and business comply with the GDPR? Or will this be a severe mistake by the EU?
Ooooh… how fun it is to see all the tinfoil brigade going insane.
In the EU/EEA there are some regualtions.
GDPR is one of those.
No, this economic area is not the US.
A slight adjustment of the GDPR will in no shape or form F%& up GDPR.
The strength of the privacy laws in the EU/EEA will continue to be as strong as they are.
Holly crap, what is Privacy Guides devolving into…tinfoil.