EU Protects Online Data Quite Differently From The US

Uploaded on 2016-02-12 in NEWS-Cybersecurity News, GOVERNMENT-National, FREE TO VIEW, BUSINESS-Services-Law

Your digital footprint can quickly extend far and wide and be used in multiple ways. Your interactions on Facebook shape the ads you see there. The kinds of films and music you stream may allow online companies to make inferences about your political leanings or religious beliefs. And your health insurer may analyze details about your online shopping habits.

How much control do you have over how companies collect and use your information? And what mechanisms are in place to protect your data against misuse?

If you are in the United States or Europe, the answers vary, which has led to tensions between officials and disputes with companies. In the United States, a variety of laws apply to specific sectors, like health and credit. In the European Union, data protection is considered a fundamental right, which can have far-reaching consequences in all 28-member states.

All the talk about data privacy can get caught up in political wrangling. But the different approaches have practical consequences for people, too.

  • You made a stupid mistake 10 years ago, pulling a harmless prank while at college that led to your arrest and to misdemeanor charges that were eventually dropped. Your record was spotless before and has been since. But that mistake follows you online, since a local newspaper wrote about the arrest and the article shows up when anyone searches for your name online. What’s your recourse?
  • In EU The so-called right to be forgotten legal decision allows you to ask search engines like Google and Microsoft’s Bing to remove links to the news article on European versions of those sites. (The news article remains available on the newspaper’s website.)
  • In the US The First Amendment of the Constitution protects freedom of expression, including the right of an individual to speak freely. There is no blanket ruling that allows people to delete, or remove negative information, about them-selves online.
  • Surprise! your bank has been Hacked - You have just received your monthly credit card bill after the holiday season. There are many luxury purchases you don’t recognize. Your card details — and those of thousands of other customers — have been stolen by hackers.
  • In EU Under new rules that will come into force over the next two years, any company must notify national regulators within three days of discovering a breach or face fines for not sufficiently protecting your data.
  • In the US Notification requirements vary by industry under federal law. Financial institutions, for example, are required to tell customers as soon as possible if a data breach could lead to misuse of personal information. However, companies may delay these disclosures if law enforcement officials determine that notifying customers could interfere with a criminal investigation.
  • All those clicks add up - You do thousands of searches on Google each year. You have hundreds of Twitter followers. And you have become addicted to the shopping and video services available through Amazon Prime. What information do these companies have on you?
  • In EU You can ask any company — for a modest administration fee — to send you details about what data it holds on you and what that information is used for. In most cases, companies must hand over the files within a month. In practice, the process is not always so smooth; some companies have declined to provide people with the data they had requested.
  • In the US There is no single federal law or standard people can rely on to obtain copies of their records. But there are industry-specific rules. Patients, for instance, may request copies of their medical records from health-care providers. Some companies, like Twitter, also allow customers to download their own archives.
  • My child has fallen for Video Games - Your 10-year-old wants to set up a player profile on an online video game that collects personal information including children’s real names, locations, photos and email addresses.
  • In EU Currently, there are no European-wide laws that apply specifically to how children’s data can be collected and used. Under new rules to come into force over the next two years, digital services like Facebook, Snapchat and Instagram must obtain parental consent before collecting data on anyone under 16 (and national governments can lower that age limit to 13).
  • In the US A federal law called the Children’s Online Privacy Protection Act requires children’s sites and apps to obtain parental permission before collecting personal details – like names and email addresses – from children under 13. The Federal Trade Commission enforces these protections.

NYT

 

 

« TalkTalk's Cybersecurity Lesson
Who Needs A Computer Science Degree Anyway? »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Qubitekk

Qubitekk

Qubitekk has developed quantum cryptography solutions for the machine-to-machine (M2M) communications market.

File Centre

File Centre

File Centre is a leading specialist when it comes to data backup, we offer our clients a premium backup retrieval and delivery solution.

Mantix4

Mantix4

Mantix4’s M4 Cyber Threat Hunting Platform actively defends against cyber threats.

Honeywell Process Solutions (HPS)

Honeywell Process Solutions (HPS)

Honeywell's Industrial Cyber Security Solutions help plants and critical infrastructure sectors defend the availability, reliability and safety of their industrial control systems.

DigitalXRaid

DigitalXRaid

DigitalXRAID is driven and motivated to ensure the bad guys don’t win. We’re dedicated to providing our clients with state-of-the-art cyber security solutions.

KOVRR

KOVRR

Kovrr financially quantifies cyber risk on demand. Our technology enables decision makers to seamlessly drive actionable cyber risk management decisions.

BioConnect

BioConnect

BioConnect provide biometric access control solutions to verify a person’s identity across physical, IOT and digital applications.

New Enterprise Associates (NEA)

New Enterprise Associates (NEA)

As one of the world’s largest and most active venture capital firms, NEA has developed deep domain expertise and insight into our industries of focus - technology and healthcare.

Network Utilities (NetUtils)

Network Utilities (NetUtils)

Network Utilities provide identity centric network and security solutions to organisations from Telecoms and ISPs to SMEs and large corporates.

Cyber Griffin

Cyber Griffin

Founded by the City of London Police in 2017, Cyber Griffin is an initiative that supports businesses and individuals in the Square Mile to protect themselves from cyber crime.

mxHERO

mxHERO

mxHERO reduces the risks inherent with ransom and cyber-security threats specific to email.

Xceptional

Xceptional

Xceptional is a multi-award-winning technology services firm that celebrates the unique strengths of people with autism.

AI Spera

AI Spera

AI-Driven Cyber Threat Intelligence Security. AI Spera provides real-time intelligence to empower your security competences in all aspects of the business.

Alethea

Alethea

Alethea is a technology company helping companies, nonprofits, and democracies protect themselves from harms stemming from disinformation and social media manipulation.

Coffee Cup Solutions

Coffee Cup Solutions

We offer a full spectrum of IT Services, from our UK based Helpdesk to IT Consultancy and Cyber Security. Our team has the skills and experience to develop, deliver and manage IT for your business.

IT-Schulungen.com / New Elements GmbH

IT-Schulungen.com / New Elements GmbH

Under the name IT-Schulungen.com, the Nuremberg-based New Elements GmbH has been operating one of the largest training centres in the German-speaking world for over 20 years.

Assura

Assura

Assura provides innovative cybersecurity advisory and managed services to all industries including government, healthcare, financial, manufacturing, and transportation sectors.

Motive Managed Services

Motive Managed Services

Motive Managed Services take the complexity out of IT, Cybersecurity, and Network Operations, so you can focus on growing your business.