Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

1/30/2012
04:43 PM
Connect Directly
LinkedIn
Twitter
RSS
E-Mail
50%
50%

EU Data Rules Worse Than SOPA?

European Union's proposed "right to be forgotten" data privacy rule threatens free speech and online business, critics argue.

Last week, the European Commission (EC) released a draft revision of its 1995 data protection rules for the stated purpose of strengthening online privacy rights and Europe's digital economy. But the rules threaten the viability of data-driven businesses, from Google to credit bureaus, critics contend.

The EC says that a single streamlined set of rules will save businesses billions in administrative work. The rules require: notification of national data authorities as soon as possible following a serious data breach; explicit rather than assumed consent for data collection; easier consumer access to data and easier transfer of that data to other providers; and support for a "right to be forgotten," which gives consumers the option under some circumstances to have their data deleted from third-party service providers.

The fine for violating these European Union (EU) data rules is substantial: up to 1 million Euros or up to 2% of global annual revenue. Under this regime, Google's collection of Wi-Fi network data through its Street View cars, disclosed in 2010, could have cost the company $586 million, had the EU chosen to punish the company to the full extent of the law.

[ Sometimes data protection means less privacy. Read Stolen iPhone Saved By iCloud. ]

Google helped lead the protest against SOPA and PIPA, U.S. legislation that would have harmed the Internet and forced Internet companies to protect content companies. The EU data rules don't threaten the flow of information in the same way. Rather, they threaten the existence of information online, through rules like Article 17, the "right to be forgotten and to erasure," and Article 20, which forbids the exclusive use of automated data processing for determining, among other things, creditworthiness or work performance.

Try to imagine an information economy starved of information. The concept clearly has potential problems.

"Article 17 will give EU residents an unprecedented inalienable right to control and delete facts that were once voluntarily communicated by the subject," explained Jane Yakowitz, visiting assistant professor of Brooklyn Law School, in an online post.

EU justice commissioner Viviane Reding described that right thus in a statement last week: "If an individual no longer wants his personal data to be processed or stored by a data controller, and if there is no legitimate reason for keeping it, the data should be removed from their system."

Article 17 has some limits. The proposed rules recognize that people can't have the right to erase history, hinder free expression, harm public health, or impede scientific research with their desire to delete their data.

But Yakowitz argues the limits are undermined by restrictive wording and draconian fines.

Previous
1 of 2
Next
Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
Bprince
50%
50%
Bprince,
User Rank: Ninja
1/31/2012 | 5:36:07 PM
re: EU Data Rules Worse Than SOPA?
There is a chance this proposal will be altered somewhat as it goes through the legislative process. More comparing the rules to SOPA from Time:
http://techland.time.com/2012/...
Brian Prince, InformationWeek/Dark Reading Comment Moderator
Tony A
50%
50%
Tony A,
User Rank: Apprentice
1/31/2012 | 9:01:50 PM
re: EU Data Rules Worse Than SOPA?
Nowhere in this article do I see any hint of an argument for why the "right to be forgotten" would conflict with freedom of expression. It conflicts with the self-interest of ISP's, search and social networking sites to utilize your content for their profit. These companies have lots of ways of making money without mining my posts for monetary gain. They also benefit from the general carelessness with which people offer and leave personal information online, which wouldn't change even if the EC law is enacted. They benefit from people's laziness in utilizing opt-out privileges. They benefit from court rulings that give them access to data that does no more than briefly pass through a server on the way to another desitnation. They have no inalienable right to any of this. If they want to provide a service and reap some ancillary benefit from it, fine, but their ability to do this does not give then any valid claim to the use of a post. Online content posted by users of a service should be protected by international copyright like every other original creation. That means that basically the only uses of it that can be made without my explicit permission are under the "fair use" convention, e.g., to quote it or use it for educational purposes. The right to profit from it does not exist. Go, EU!
News
FluBot Malware's Rapid Spread May Soon Hit US Phones
Kelly Sheridan, Staff Editor, Dark Reading,  4/28/2021
Slideshows
7 Modern-Day Cybersecurity Realities
Steve Zurier, Contributing Writer,  4/30/2021
Commentary
How to Secure Employees' Home Wi-Fi Networks
Bert Kashyap, CEO and Co-Founder at SecureW2,  4/28/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-31755
PUBLISHED: 2021-05-07
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setmac allows attackers to execute arbitrary code on the system via a crafted post request.
CVE-2021-31756
PUBLISHED: 2021-05-07
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /gofrom/setwanType allows attackers to execute arbitrary code on the system via a crafted post request. This occurs when input vector controlled by malicious attack get copie...
CVE-2021-31757
PUBLISHED: 2021-05-07
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setVLAN allows attackers to execute arbitrary code on the system via a crafted post request.
CVE-2021-31758
PUBLISHED: 2021-05-07
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setportList allows attackers to execute arbitrary code on the system via a crafted post request.
CVE-2021-31458
PUBLISHED: 2021-05-07
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handlin...