GDPR Is Here: Mess Up and We'll Fine You, Says Privacy Chief

  • Thread starter
  • Admin
  • #1

allheart55 (Cindy E)

Administrator
Windows 10
Edge 16.16299
gdpr.jpg

From tech giant Facebook Inc. to libraries and schools, organizations are now subject to the world’s most far-reaching data privacy regulation in a crackdown aimed at protecting people from losing control over their personal information.

It’s occupied thousands of lawyers, taken years of planning and triggered billions of emails.

Mess up now and you can expect very little tolerance, warns Andrea Jelinek, the Austrian in charge of policing the European Union’s General Data Protection Regulation, or GDPR, which took effect on May 25.
“If there are reasons to warn we will warn; if there are reasons to reprimand we will do that; and if we have reasons to fine, we are going to fine,” Jelinek, 57, told reporters ahead of the big day. Asked about criticism that some regulators are more lenient than others, she said that “it was like that in the past, but it should not continue in the future.”

Privacy has moved from a niche topic to one of the biggest headaches for top bosses such as Facebook founder Mark Zuckerberg, who this week was grilled by EU lawmakers about how the data of some 87 million users and their friends may have been shared with a consulting firm with links to Donald Trump’s U.S. presidential campaign.

Hefty Fines

The pressure has been increasing on firms using or processing EU personal data in the run-up to the deadline. Privacy regulators across Europe will for the first time get equal rights and responsibilities, and the same powers to mete out fines of as much as 4 percent of worldwide annual sales for serious violations.
Not everyone is willing to wait for Jelinek and regulators to flex their new powers.

Austrian lawyer Max Schrems, who has taken on Facebook many times and won a landmark EU court ruling in 2015, filed four complaints on Friday under the new rules, accusing Google, Facebook and also WhatsApp and Instagram of forcing users to agree to new privacy policies.

“Facebook has even blocked accounts of users who have not given consent,” Schrems said in an emailed statement. “In the end, users only had the choice to delete the account or hit the ‘agree’ button -- that’s not a free choice, it more reminds of a North Korean election process.”

The 30-year-old’s group called noyb -- for none of your business -- filed what are likely the first GDPR complaints with national regulators in Belgium, France, Austria and Germany.
Both Google and Facebook, in separate statements, said they had taken steps to prepare for GDPR day.

“We have prepared for the past 18 months to ensure we meet the requirements of the GDPR,” Erin Egan, Facebook’s chief privacy officer, said in an emailed statement. Facebook’s “work to improve people’s privacy doesn’t stop on May 25.”

EU nations will have to apply the same rules across the bloc, and give their data regulators complete independence. “We don’t like to see any deviations which will go beyond the rules and spirit” of the rules, EU Justice Commissioner Vera Jourova said last week.

Facebook would dodge the tough new sanctions under the updated EU rules if any violations in the Cambridge Analytica case are proven because the rules don’t apply retroactively.
Still, if companies “don’t stop on Friday, we can get them,” said Jelinek who leads Austria’s data privacy agency as well as a panel of regulators drawn from across the EU’s 28 nations. She said she’s expecting a big pile of complaints to be filed from day one of the new rules.

New Era

Regulators will “try to do our best” to deal with all complaints. She expects it won’t even be two months until the first probes will be opened, but there won’t be any fines right away.

Officials won’t just be “popping in” to companies to slap a fine on them, she said. “We are talking to the businesses, we have legal procedures to fulfill, we have to give them the opportunity to talk with us too.”
It will be the start of a new era for everyone: “We are at the beginning of a journey, which we’re going to make together through the field of data protection.”

The last few years have seen a “paradigm shift in awareness of data protection issues,” said Andrew Dyson, a lawyer at DLA Piper in London.
“You can’t open a newspaper without reading about the latest data breach, social media scandal or unethical marketing campaign. There is regulation, but it’s from a different era and increasingly looking toothless and out of date. The GDPR will reset the balance.”

Companies “that get this right will establish high ethical standards, enhanced levels of consumer trust and be able to unlock the value of data,” he said. “Those who get it wrong face wrath of regulators, disgruntled customers and big constraints on digital innovation.”

Source: IT Pro
 

AWS

Owner
OS X
Firefox 60.0
This is tough on a website owner. I made the UK site compliant so far. I'm not sure if I'm going to go the way some of the people I know went or not for the other sites. Most of the people I talk to are denying access to anyone in the EU.

I don't want to go that way, but, it would only take one troublesome user to create all kinds of problems.
 
  • Thread starter
  • Admin
  • #3

allheart55 (Cindy E)

Administrator
Windows 10
Edge 16.16299
It's a sticky wicket, for sure but I'm with you.
I would hate to see any European member denied access.
That could be half the membership.
 

starbuck

Malware Removal Specialist - Administrator
Windows 10
Firefox 60.0
I spent all of Saturday evening going through all of this and making necessary alterations and provisions.
It's just so confusing and in places even seems contradictory.
I'm sure it's been written so that only lawyers can understand it.
My server is based in the EU so I have no choice about not allowing EU members. (I'm bound by it anyway )
At the end of the day, we can just do the best we can and hope that every little clause is covered.

I think that the one big thing we have in common is that none of our sites show ads and no info is passed to any 3rd parties.
That rules out quite a bit.
 
Last edited:

plodr

Active Member
Windows 7
Pale Moon 27.9.2
I read a story about a Ghostery screwup.
Apparently they sent out emails to 500 users at a time telling them how important their privacy was. Well, the email had the users address then CC listed 499 others. So apparently, a user now knows 499 strangers email addresses and the fact that they use Ghostery. :funny:
 

starbuck

Malware Removal Specialist - Administrator
Windows 10
Firefox 60.0
Fortunately xenforo added tools to make things easier.
After a few hours work, I found out that SMF had a mod to help with GDPR as well :ouch:
That did make things easier.

I thought this article made a few good points: GDPR Oddsmakers: Who, Where, When Will Enforcement Hit First?

The law applies to the data of EU citizens, regardless of where the data resides, so it affects organizations across the globe.

If you've started your compliance process but aren't finished, you might not need to lose sleep. Yet.

"I don't think regulators are necessarily trying to play 'gotcha,'" says Greg Sparrow, senior vice president and general manager of CompliancePoint.
Rather than trying to stick it to the organizations that don't have every control for every article in place yet, he says they're looking for "willful neglect" and "blatant disregard" for the law and its intent.

Dennedy agrees. "A good will effort [to comply] is worth a lot. ...
You're definitely going to help limit your risk [of punitive action]
, and more importantly you're going to go a long way with your customers," she says.
 
Top