- by rbaz, Data Doctor
- 7/3/2017 12:08:10 PM
Corporate influence is so strong in the US that passage and enforcement is a challenge at any level. As you noted, the supreme Court ruling empowers corporations to the level of super citizen.
- 7/2/2017 11:49:03 PM
I'm sure that such a change could happen on a state level but it would be incredibly difficult to pass a law on the Federal level. One of the worst things was to give companies the legal status of a living person and in truth companies have more rights than a living person.
- by rbaz, Data Doctor
- 6/30/2017 10:31:02 PM
Seth, fines are supposed to be a deterrent but they are as you noted nothing more than a nuisance to most major corporations. So fine amounts based on percentage of revenue is the only way to be punitive enough to get compliance. The EU's approach is more effective than ours.
- 6/5/2017 7:17:35 PM
I'm really interested in seeing the results. There are concepts in it that are not usually considered here in the U.S.; though there has been some case law on the subject. One notable change is tha the concept of the right to be forgotten has been replaced by a more limited right to erasure. There is an interesting debate between those who would advocate for more privacy and those saying it allows history to be rewritten.
- by kq4ym, Data Doctor
- 6/5/2017 10:25:29 AM
With the proposal that " fines can be as much as 4% of a company's revenue," one would think there's going to be lots of attorneys meeting with companies worldwide to make sure they don't run afoul of any regulations as they come online and as they surely will be be modified over coming years.
- by Lyndon_Henry, Blogger
- 6/2/2017 1:05:55 PM
The EU has a webside specifically about the GDPR:
Here's a summary from their Homepage:
After four years of preparation and debate the GDPR was finally approved by the EU Parliament on 14 April 2016. It will enter in force 20 days after its publication in the EU Official Journal and will be directly application in all members states two years after this date. Enforcement date: 25 May 2018 - at which time those organizations in non-compliance will face heavy fines.
The EU General Data Protection Regulation (GDPR) replaces the Data Protection Directive 95/46/EC and was designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organizations across the region approach data privacy. The key articles of the GDPR, as well as information on its business impact, can be found throughout this site.
This bit particularly caught my eye:
Privacy by Design
Privacy by design as a concept has existed for years now, but it is only just becoming part of a legal requirement with the GDPR. At it's core, privacy by design calls for the inclusion of data protection from the onset of the designing of systems, rather than an addition.
This was of interest because we've had discussions here on A2 about the need to incorporate privacy and security directly into the design of systems. This GDPR should have the effect of encouraging a lot more effort in that direction ...
- by Michelle, Data Doctor