There is a lot of complications that arise if you think about the second order/third order consequences of the law.
http://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX...
My reading of them finds no second/third order anything. The regs are surprisingly clear.
I forgot to mention that unless you are trying to abuse EU citizens in some way then you have no problems. A useful side effect of the internet is that deciding whether someone is an EU citizen or not is tricky. That means that most companies have decided to treat all citizens in nearly the same way:
For you as a private individual, a foreign power now provides you (indirectly) with way more "rights" than you might have had in the past on the internet. Have a read of the regs, please. The first few paras are a bit "we the people" but then, that is what is required. Then go through the articles. Read them as a person first and then consider them as a company or whatever you do later.
Half of commenters are making this assertion; the other half are asserting it's a damn good thing that small companies will be eviscerated for insufficient seriousness, whether or not they are doing anything abusive. Some of you are necessarily wrong.
This is an 88 page document with extremely dry language. Just confirming your assertion will be time consuming. No wonder many American services would rather shut out EU users than comply.
If you own a business, the cost of reading this document is about 2 days (with consideration for googling terms). To disenfranchise a whole continent because you are inconvenienced is ridiculous.
Put it a different way: are you too busy to read docs/specs of the technology you are using or will you abandon it because specs are too dry?
American services are just busy because they are doing their best to keep the lights on. Within a week, the handful of companies will comply. They’re just cautious because they have to pay folks and don’t want to make a silly mistake that will shut down their business.
Edit: structure
It starts along these lines after the usual intro:
"The processing of personal data should be designed to serve mankind The right to the protection of personal data is not an absolute right; it must be considered in relation to its function in society and be balanced against other fundamental rights, in accordance with the principle of proportionality"
I'll grant you that lacks a certain something but the language is compatible with another well respected charter of rights that you should be more familiar with.
FFS, do you not notice the similarities!
Good bye and good riddance. And I don't really care if the door hits you in the ass.
If Instapaper, to name an example, wouldn't do shady shit with user data, there would be no reason at all to forgo the European market.
The answer to “How do you handle...” is that you get your shit together. Separation of duties, build and configuration standards, no customer data on random laptops.
When I was in high school, I worked at a sandwich/coffee shop. The precious commodity in that store was cash. We didn’t leave cash on a counter, or on a roll in our pockets it was in a locked register. When there was more than $500, we withdrew down to $250 and put the cash in a safe. At the end of the night, we put the cash in a locked pouch and two of us walked to the bank and put it in a dropbox.
Data is no different, just more complex.
The word choice almost presumes the conclusion, that data privacy rules are obvious, and cheap, and akin to just washing hands after using the toilet.
Every regulation has costs and benefits. I also would love to have better worldwide privacy at no or little cost, but the fact that people are blocking the EU shows that some companies just don't see this to be the case. And they're voting with their feet.
EU citizens should accept the fact that if they support the law, they will further data privacy protections, which are good, and they will face the music if some innovation leaves or whatever compliance costs may come with it.
Yes, no matter. Should small companies also get free pass on food safety laws? Health inspections are a PITA for restaurants too.
This reaction is pretty much textbook psychological reactance[0]. People doing business had some freedoms wrt. user data, but it turned out in practice that they should never have them in the first place. Now that those excess freedoms are being removed, businesses cry foul.
--
The contempt shown for us collectively as users and people is what triggered the regulatory backlash.
The 2016 electron demonstrated that better than anything why this is important.
Like encryption, data privacy is either all or nothing.
And personally? I'd rather live in a world without tracking-enabled Google and Facebook business models than the one we're currently in.
Holding personally identifiable data is a toxic externality: Experian simply exposed a clear case.
If you want to do so, you should have to bear that cost. Or design your business model differently so that you don't.
Yes it is
It's like restaurants putting the toilet in the kitchen. Shut the business down!
