EU law is world law


I hadn’t realized before last weekend’s episode of TWIT, that the GDPA was a rehash of from 1995.

My understanding is that this law was largely ignored by US companies because it lacked teeth, which the GDPA has.

It seems to me that the in the large fines are the only thing that forces companies to comply, and that without it, there would be no action on their part.

If the the purpose of this act was merely to make more, I would assume that the EU would instead make the fines much smaller, and hope that more companies would instead pay the fine rather than follow the rules.

Either way, anything that makes my data more secure and ensures my ownership of it is a good thing. If a company can’t make a product without stealing my data to make ends meet, then it deserves to go out of business. I am sure a better company will be able to do it.


Liability in civil law suits is also a big incentive.


Just like EU car companies have been dealing with strict emissions regulations for some time and are sure to be fined by the EU in case of severe malpractice…


@legowarrior: Precisely.

@Aceris: I usually don’t bother responding to the kind of troll comments you’re making here, but in this case you’re basically just reinforcing the point I’m trying to make.

Firstly, Volkswagen isn’t out of the woods yet. Legal actions are still ongoing and will likely continue for a while yet. It’s only last month that a manager from the Volkswagen group was arrested in connection with the continued investigations into this.

Secondly, the huge problem in this entire scandal - the reason why the EU has been unable to smack down the car companies the way they deserved to be - is that the regulations regarding emissions devolved responsibility to the member states. Which is a big problem when you have countries - like Germany - who basically live from making cars. It’s hard to punish someone when you don’t have laws you can pin them to.

Fortunately, the US does have laws that make this illegal - and have punished VW for their actions - in Europe - which violated US laws.

Also fortunately, EU politicians are not dumb - and while the new regulation being put into place next year are far from perfect (Germany has had way too much influence in forming it), it - like the GDPR - will give the EU actual ability to punish transgressors.


It’s very clear that VW systematically abused the emissions testing scheme, and the responsible regulatory bodies in the EU decided that, on what appears a technicality, they were unable to take punitive action. It’s taken a massive scandal to reframe the regulation in a way that makes this less likely. The EU IT industry has not been discredited in this way - why assume it has less influence over the way the GDPR is implemented than the EU automakers had in the way emissions regs were implemented?

The US didn’t punish VW for their actions in Europe that violated US law, they punished VW for selling cars in the US on the basis of a (cheated) test under the US emissions testing regimen.

I don’t think GDPR is an attempt to screw money out of google and facebook and the like - it’s a genuine response to public pressure, and the commission is far more likely to push for better behaviour than levy swingeing fines. But the blind assertion that EU companies are probably complying already flies in the face of evidence from other fields, and I also find the expectation that the commission will be completely evenhanded unlikely. They won’t be blatantly biased, but they will be more keen to go after foreign firms. That’s just the way of the world.


You’re of course free to think what you will.

As I said, I’ve worked with data for 15+ years. I know how bad data management can be (I’ve had to clean up in more than one mess), but I also know how seriously companies and institutions that have to deal with private data have had to become during the past ten years in the face of ever more stringent laws - I’ve reviewed more than my fair share of EU directives in the past years. IMO, any European company that works with private data for the past few years, which doesn’t have sane routines in place for this stuff already, has an idiot as their CEO and deserves to go under. Period. There really is no excuse to be caught out unawares by the GDPR for EU entities.

And the current panic is just ridiculous. Granted - it’s unsurprising, given that a large part of the industry has a vested interest in spreading FUD and making the panic as large as possible - on the one hand, the multi-national corporations who want to try and weaken the GDPR as much as possible - and on the other hand, all of the consulting companies (huge and small) who are trying to sell expensive consultants for GDPR “certification”, compliance consultancy, courses, vetting, and whatever else they can get gullible customers to pay for. Fear is a great marketing tool.


On the other hand, if they’re a public entity in bumfuck austerityland, they’ve just got a warning last week that most of what they do for care and research of a rare and fatal disease is completely illegal (which, of course, already was and would violate HIPPA as well) and needs to stop overnight - which will can’t happen, because there will never be more money for state services in the Euroland. Strapped for cash mentors of a related data science PHD thesis don’t give a fuck about it either. I’d be surprised if other public hospitals are doing any better.

Whether that is a political tactic to force more disastrous privatization is just a conspiracy theory that’s going trough my head.



Thats really good!




“The most contentious element is Article 13 of the proposed directive (EU-speak for law). It seeks to make Internet services that host large amounts of user-uploaded material responsible for policing their holdings to prevent copyright infringement”

“The other hotly contested section of the proposed law is Article 11. This is the “snippet tax,” which seeks to make companies pay when they use even short extracts of text from news publications, as is common today on social media and elsewhere.”


It’s unclear this will pass (there’s a lot of discussion going on already, and in previous cases this discussions have made the EU to revert positions before implementing the policy).

However, I see nothing wrong with providers of content (open to the public) being responsible for policing copyright. That they are not is indeed baffling.

The proposed automatic filter (which I believe is unworkable technically and an implementation mess) is much more worrisome.


Yeah, I genuinely have no opinion on the matter yet. I am very interested in reading the arguments and being educated though.


I’ve got nothing to defend this. It’s pure nonsense by people who don’t understand the Internet or copyright. The only reasonable answer from, say, Google and Facebook, would be to remove all links to European “content producers” and let them die of irrelevance.


It’s still really early for such judgements. I think the idea of content distributors being responsible is a good one, but the implementation needs to be sensible (like enforcing contracts with verified ID on upload so responsibility can be shifted to the uploader on infringement, for example).

Going by previous regulations, a lot of crazy stuff is floated early and then the final text is sensible.


Is it? We’ve had this discussion at the time of the DMCA and the EUCD, it’s just the same affront to free speech now as it was then. It’s just as stifling to culture, creativity and education as it was then.
It’s even weirder that this is at the behest of news companies no one in their right mind takes all that seriously anymore and are first in line to get blacklisted off social media.


Parliament has voted down the copyright proposal.


What I’ve read about it, I’m going to go with good. Copyright on the web probably needs a look at, but it needs to be technically feasible, or the Internet as we know it dies in the EU…


Well almost. They voted against the paper and instead decided they will vote on each issue separately in september. So it is not quiet over yet. Both parts of the current suggestions are horrible.


I would support Articles 11 and 13 as an experiment. I am interested in knowing what the result would really be, as opposed to what is speculated (and cherry-picked IMO). If 5-10 years is such a big deal, then your business is running too many risks, already.