Entries Tagged "EU"

Page 1 of 2

The 600+ Companies PayPal Shares Your Data With

One of the effects of GDPR — the new EU General Data Protection Regulation — is that we’re all going to be learning a lot more about who collects our data and what they do with it. Consider PayPal, that just released a list of over 600 companies they share customer data with. Here’s a good visualization of that data.

Is 600 companies unusual? Is it more than average? Less? We’ll soon know.

Posted on March 14, 2018 at 6:24 AMView Comments

How the US Is Playing Both Ends on Data Privacy

There’s an excellent article in Foreign Affairs on how the European insistence on data privacy — most recently illustrated by their invalidation of the “safe harbor” agreement — is really about the US talking out of both sides of its mouth on the issue: championing privacy in public, but spying on everyone in private. As long as the US keeps this up, the authors argue, this issue will get worse.

From the conclusion:

The United States faces a profound choice. It can continue to work in a world of blurred lines and unilateral demands, making no concessions on surveillance and denouncing privacy rights as protectionism in disguise. Yet if it does so, it is U.S. companies that will suffer.

Alternatively, it can recognize that globalization comes in different flavors and that Europeans have real and legitimate problems with ubiquitous U.S. surveillance and unilateralism. An ambitious strategy would seek to reform EU and U.S. privacy rules so as to put in place a comprehensive institutional infrastructure that could protect the privacy rights of European and U.S. citizens alike, creating rules and institutions to restrict general surveillance to uses that are genuinely in the security interests of all the countries.

More broadly, the United States needs to disentangle the power of a U.S.-led order from the temptations of manipulating that order to its national security advantage. If it wants globalization to continue working as it has in the past, the United States is going to have to stop thinking of flows of goods and information as weapons and start seeing them as public goods that need to be maintained and nurtured. Ultimately, it is U.S. firms and the American economy that stand to benefit most.

EDITED TO ADD (1/13): Stewart Baker on the same topic.

Posted on January 6, 2016 at 6:14 AMView Comments

EU Might Raise Fines for Data Breaches

This makes a lot of sense.

Viviane Reding dismissed recent fines for Google as “pocket money” and said the firm would have had to pay $1bn under her plans for privacy failings.

Ms Reding said such punishments were necessary to ensure firms took the use of personal data seriously.

And she questioned how Google was able to take so long to getting round to changing its policy.

“Is it surprising to anyone that two whole years after the case emerged, it is still unclear whether Google will amend its privacy policy or not?” she said in a speech.

Ms Reding, who is also vice-president of the European Commission, wants far tougher laws that would introduce fines of up to 5% of the global annual turnover of a company for data breaches.

If fines are intended to change corporate behavior, they need to be large enough so that avoiding them is a smarter business strategy than simply paying them.

Posted on January 28, 2014 at 6:47 AMView Comments

Discovering What Facebook Knows About You

Things are getting interesting in Europe:

Max is a 24 year old law student from Vienna with a flair for the interview and plenty of smarts about both technology and legal issues. In Europe there is a requirement that entities with data about individuals make it available to them if they request it. That’s how Max ended up with a personalized CD from Facebook that he printed out on a stack of paper more than a thousand pages thick (see image below). Analysing it, he came to the conclusion that Facebook is engineered to break many of the requirements of European data protection. …

The logical next step was a series of 22 lucid and well-reasoned complaints that he submitted to the Irish Data Protection Commissioner (Facebook states that European users have a relationship with the Irish Facebook subsidiary).

EDITED TO ADD (11/14): The 22 complaints are here

Posted on October 18, 2011 at 6:34 AMView Comments

Interview with the European Union Privacy Chief

Interesting interview with Viviane Reding, the vice president of the EU Justice Commission and head of privacy regulation:

The basic values in Europe are that we have the right to our own private, personal data. It’s mine. And if one agrees to give that data,then it is available. That is known as opt-in consent and we’ve had that as law since 1995.

[…]

Protection of individuals is not the question of voluntary action. For us, it is written in our charter of fundamental rights that everyone has the right to the protection of their data.

Differences in privacy law between the US and the EU are going to be a big issue in 2011.

Posted on December 23, 2010 at 5:59 AMView Comments

More on Airplane Seat Cameras

I already blogged this once: an airplane-seat camera system that tries to detect terrorists before they leap up and do whatever they were planning on doing. Amazingly enough, the EU is “testing” this system:

Each camera tracks passengers’ facial expressions, with the footage then analysed by software to detect developing terrorist activity or potential air rage. Six wide-angle cameras are also positioned to monitor the plane’s aisles, presumably to catch anyone standing by the cockpit door with a suspiciously crusty bread roll.

But since people never sit still on planes, the software’s also designed so that footage from multiple cameras can be analysed. So, if one person continually walks from his seat to the bathroom, then several cameras can be used to track his facial movements.

The software watches for all sorts of other terrorist-like activities too, including running in the cabin, someone nervously touching their face or excessive sweating. An innocent nose scratch won’t see the F16s scrambled, but a combination of several threat indicators could trigger a red alert.

This pegs the stupid meter. All it will do is false alarm. No one has any idea what sorts of facial characteristics are unique to terrorists. And how in the world are they “testing” this system without any real terrorists? In any case, what happens when the alarm goes off? How exactly is a ten-second warning going to save people?

Sure, you can invent a terrorist tactic where a system like this, assuming it actually works, saves people — but that’s the very definition of a movie-plot threat. How about we spend this money on something that’s effective in more than just a few carefully chosen scenarios?

Posted on June 4, 2008 at 12:05 PMView Comments

Sidebar photo of Bruce Schneier by Joe MacInnis.