GDPR - Good or Bad?

[Maximilian75]

From Wikipedia…

The General Data Protection Regulation (GDPR) (EU) 2016/679 is a regulation in EU law on data protection and privacy for all individuals within the European Union (EU) and the European Economic Area (EEA). It also addresses the export of personal data outside the EU and EEA. The GDPR aims primarily to give control to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.[1]

More here : General Data Protection Regulation - Wikipedia

What’s your opinion?

• I am for this (Say why below)
• I am against this (Say why below)
• I am undecided

0 voters

 

[Brendan]

I’ll just say what I posted on FB a few weeks ago

---

I just got home from a business trip. GDPR figured heavily in the agenda.

After the first set of meetings, a coworker and I went to the hotel bar and ordered a round of GDPRs.(Ginger ale, Drambuie, Peach schnapps and Rum)

The drinks well represented their namesake:

• Each of the components is fine by themselves, but served together, all out of proportion to each other, made for a horrid, distasteful mess.
• It was only done in the first place because the modern workplace created a deep, perceived need for it.
• The person charged with implementation was dubious, needed to have the requirements restated several times, required convincing that yes, we were in fact, serious; and only acted when compelled to do so.
• It ended up costing significantly more than expected, or budgeted for.

 

[Maximilian75]

Clever!

 

[anikins]

Privacy is a good thing. There’s really not much else worth explaining.

 

[Brendan]

Clever!

Thanks,

In all seriousness, it is a good thing in theory. My problem is the way that the EU has traditionally clarified the ambiguity in it’s legislation. Primaryly, they choose a few ‘test’ cases and sue them like crazy. That generates the case law needed for others to effectively implement a standard.

In the case of GDPR, a prime example is that personal contact information may be kept legitimately for business purposes, but does not define that. If a business feels that it has a need for that data, is that sufficient? In light of previous EU legislation, probably not. But what legal standards should be used to guide a business in determining the length of time that it should keep it. For medical data, there is already case law , but how about for a shipping firm. There is simply no guidance in what standard to use to retain data on who it shipped what to.

Personally, I think that the EU should have provided clear guidance, but their practice is to generate that through case law instead, which means suing target companies and getting large fines first.

 

[Tis_Bearself]

This (the drinking joke) is awesome.
I’m going to share with my previous boss who is German and a privacy law expert.
(Which is also why I have no comment on this thread topic.)

 

[Xanthippe_Voorhees]

It seems ok but I can’t shake the feeling that it’s a bunch of grandpas and grannies making rules about things that they aren’t really understanding that have implications for the future they can’t comprehend and will likely be easily bypassed.

 

[phil19034]

As someone who works for a larger international law firm performing, electronic discovery, I see a HUGE downside to all of this.

Legal fees.

When a company is being sued, this privacy laws becoming a head ache, because in the EU, the custodian (user) owns his/her work email, not the company.

So it takes a while to get each user though “clearance” before legal review of their emails & eDocs (which electronic mail and files is how everything is done today).

Legal fees are passed down to customers by the companies.

NOTE: don’t get me wrong… we all should be entitled to total privacy for our personal email accounts (GMail. Yahoo Mail, college email account, etc). However, when the email account belongs to the a place of employment, the email should belong to the employee.

Why: because they are accountable for what you do at work. People should not be using their work emails for personal (esp confidential) things. The only exception should be HR related information, perhaps which should not be emailed around in the first place.

Now, for everyone who is thinking “well the EU doesn’t seem to have issues with this,” well that’s because their legal discovery process is far different than ours. And American companies sue each other A TON, compared to European companies. Also, in the US, the duty to share evidence, doucments, etc is vast compared to other nations.

Some nations like Japan, are actually allowed to withhold documents if it will potentially make the company look bad in anyway. In the US, nope. Unless a document is attorney - client privileged, if it’s responsive to the issues, it gets produced (even if it’s damaging to company in an unrelated way).

Anyway, I’ve seen first hand how difficult & expensive it can be working with EU data & other nations with privacy laws. So in general, I’m not for them unless it’s for you private email account owned for a service provided like gmail, etc.

NOTE: I would be curious to hear what any litigators who deal with international matters think.

God bless