When GDPR takes effect on May 25th, the European bureaucrats that glued together this abomination are expected to get a stiffie.
A Euro lawyer’s wet dream, the General Data Protection Regulation is supposedly a method to ensure that personal information remains private, and under the control of the person it’s collected from.
And yet, the exact definition of what is the type of information affected, and how it’s best safeguarded, is unknown.
That’s right. With fewer than 10 days before GDPR takes effect, nobody knows for sure what the fuck it’s all about.
GDPR data – Photo by Jose A.Thompson on Unsplash
Alison Cool, a professor of anthropology and information science at the University of Colorado, wrote an essay published by the NY Times that describes the pitfalls of attempting to enforce a European law in the US.
The law is staggeringly complex. After three years of intense lobbying and contentious negotiation, the European Parliament published a draft, which then received some 4,000 amendment proposals, a reflection of the divergent interests at stake. Corporations, governments and academic institutions all process personal data, but they use it for different purposes.
Ms. Cool continues:
[…] the regulation is intentionally ambiguous, representing a series of compromises. It promises to ease restrictions on data flows while allowing citizens to control their personal data, and to spur European economic growth while protecting the right to privacy. It skirts over possible differences between current and future technologies by using broad principles.
The conclusion:
If the ultimate goal is to change what people do with our data, we need more research that looks carefully at how personal data is collected and by whom, and how those people make decisions about data protection. Policymakers should use such studies as a basis for developing empirically grounded, practical rules.
Read the full article, titled “Europe’s Data Protection Law Is a Big, Confusing Mess.”
The law actually prescribes the definition of which data is collected and how it’s handled that Ms. Cool is talking about in her conclusion.
The main difference here is that companies (and people to some extend) in the EU (especially in countries with strict regulations) are already more aware of how they handle which data. To get to this point, the US still has to a long way to go and many people and companies don’t even think about the potential danger and negative impact of the data.
Frank – The law should be confined within the realm of the EU. Instead, it’s a far-reaching cocktail of regulatory definitions, that demands data conformity not even European countries agree upon. How do you expect this to be enforced outside of the EU? Many companies will simply end providing data access to European countries.
Maybe. I think more privacy is a must in general and of course enforce-ability with non-European entities without European presence is questionable.
I guess at the same time we should tackle why owners of non-US gambling sites accessible from the US are arrested when traveling through the US. Or what about US laws being enforced outside the US? I.e. European banks having to report US citizens account data?
How this became law is beyond me.
@Matt: Most of this has been law for a long time. The addition of fines is the main part that changed.