Risk
1/30/2012
04:43 PM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

EU Data Rules Worse Than SOPA?

European Union's proposed "right to be forgotten" data privacy rule threatens free speech and online business, critics argue.

"I am disappointed, but not surprised, to see the EU continue a misguided attack on the information economy," Yakowitz wrote. "The right to be forgotten unequivocally favors the interests of the data subject, no matter how selfishly motivated, over the interests of data controllers and other consumers. Moreover, by making the right of erasure inalienable, the EU prevents its own citizens from participating in a business model that allows consumers to trade their information for stuff they want--convenience, discounts, or content."

In an email, Yakowitz explained that her objection to the rules is that they do not attempt to evaluate and balance competing interests.

Google's global privacy counsel, Peter Fleischer, through his personal blog, also expressed concern about the "right to be forgotten."

"While I strongly believe that people should have the right to complain to third-party websites about information that is published there about them, I am deeply skeptical that the laws should obligate such third parties to delete information on request of data subjects," he wrote. "This raises troubling questions of freedom of expression."

How much control should people have over the data shadows they cast online? And how much control should companies have? Or governments?

Fleischer says there should be more public debate about what the "right to be forgotten" means and about how it applies to search engines that index public information. Giving people too much power to control information about them online would make privacy rights trump the right to free expression, he argues, and would turn third-party Web services like Google into de facto censors.

Yakowitz suggests that tech companies form a protest movement similar to that which derailed SOPA and PIPA, to make sure the draft data rules get changed prior to a final vote. She proposes that Google block every search result involving anyone with first name "John," that Internet retailers stop accepting cookies (which would prevent any e-commerce), and that publishers double the number of ads on their Web pages to compensate for revenue lost to data starvation.

Find out how to create and implement a security program that will defend against malicious and inadvertent internal incidents and satisfy government and industry mandates in our Compliance From The Inside Out report. (Free registration required.)

Previous
2 of 2
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Tony A
50%
50%
Tony A,
User Rank: Apprentice
1/31/2012 | 9:01:50 PM
re: EU Data Rules Worse Than SOPA?
Nowhere in this article do I see any hint of an argument for why the "right to be forgotten" would conflict with freedom of expression. It conflicts with the self-interest of ISP's, search and social networking sites to utilize your content for their profit. These companies have lots of ways of making money without mining my posts for monetary gain. They also benefit from the general carelessness with which people offer and leave personal information online, which wouldn't change even if the EC law is enacted. They benefit from people's laziness in utilizing opt-out privileges. They benefit from court rulings that give them access to data that does no more than briefly pass through a server on the way to another desitnation. They have no inalienable right to any of this. If they want to provide a service and reap some ancillary benefit from it, fine, but their ability to do this does not give then any valid claim to the use of a post. Online content posted by users of a service should be protected by international copyright like every other original creation. That means that basically the only uses of it that can be made without my explicit permission are under the "fair use" convention, e.g., to quote it or use it for educational purposes. The right to profit from it does not exist. Go, EU!
Bprince
50%
50%
Bprince,
User Rank: Ninja
1/31/2012 | 5:36:07 PM
re: EU Data Rules Worse Than SOPA?
There is a chance this proposal will be altered somewhat as it goes through the legislative process. More comparing the rules to SOPA from Time:
http://techland.time.com/2012/...
Brian Prince, InformationWeek/Dark Reading Comment Moderator
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-3580
Published: 2014-12-18
The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a REPORT request for a resource that does not exist.

CVE-2014-4801
Published: 2014-12-18
Cross-site scripting (XSS) vulnerability in IBM Rational Quality Manager 2.x through 2.0.1.1, 3.x before 3.0.1.6 iFix 4, 4.x before 4.0.7 iFix 2, and 5.x before 5.0.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

CVE-2014-6076
Published: 2014-12-18
IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allow remote attackers to conduct clickjacking attacks via a crafted web site.

CVE-2014-6077
Published: 2014-12-18
Cross-site request forgery (CSRF) vulnerability in IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.

CVE-2014-6078
Published: 2014-12-18
IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 do not have a lockout period after invalid login attempts, which makes it easier for remote attackers to obtain admin access via a brute-force attack.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Join us Wednesday, Dec. 17 at 1 p.m. Eastern Time to hear what employers are really looking for in a chief information security officer -- it may not be what you think.