EU Protects Online Data Quite Differently From The US

Uploaded on 2016-02-12 in NEWS-Cybersecurity News, GOVERNMENT-National, FREE TO VIEW, BUSINESS-Services-Law

Your digital footprint can quickly extend far and wide and be used in multiple ways. Your interactions on Facebook shape the ads you see there. The kinds of films and music you stream may allow online companies to make inferences about your political leanings or religious beliefs. And your health insurer may analyze details about your online shopping habits.

How much control do you have over how companies collect and use your information? And what mechanisms are in place to protect your data against misuse?

If you are in the United States or Europe, the answers vary, which has led to tensions between officials and disputes with companies. In the United States, a variety of laws apply to specific sectors, like health and credit. In the European Union, data protection is considered a fundamental right, which can have far-reaching consequences in all 28-member states.

All the talk about data privacy can get caught up in political wrangling. But the different approaches have practical consequences for people, too.

  • You made a stupid mistake 10 years ago, pulling a harmless prank while at college that led to your arrest and to misdemeanor charges that were eventually dropped. Your record was spotless before and has been since. But that mistake follows you online, since a local newspaper wrote about the arrest and the article shows up when anyone searches for your name online. What’s your recourse?
  • In EU The so-called right to be forgotten legal decision allows you to ask search engines like Google and Microsoft’s Bing to remove links to the news article on European versions of those sites. (The news article remains available on the newspaper’s website.)
  • In the US The First Amendment of the Constitution protects freedom of expression, including the right of an individual to speak freely. There is no blanket ruling that allows people to delete, or remove negative information, about them-selves online.
  • Surprise! your bank has been Hacked - You have just received your monthly credit card bill after the holiday season. There are many luxury purchases you don’t recognize. Your card details — and those of thousands of other customers — have been stolen by hackers.
  • In EU Under new rules that will come into force over the next two years, any company must notify national regulators within three days of discovering a breach or face fines for not sufficiently protecting your data.
  • In the US Notification requirements vary by industry under federal law. Financial institutions, for example, are required to tell customers as soon as possible if a data breach could lead to misuse of personal information. However, companies may delay these disclosures if law enforcement officials determine that notifying customers could interfere with a criminal investigation.
  • All those clicks add up - You do thousands of searches on Google each year. You have hundreds of Twitter followers. And you have become addicted to the shopping and video services available through Amazon Prime. What information do these companies have on you?
  • In EU You can ask any company — for a modest administration fee — to send you details about what data it holds on you and what that information is used for. In most cases, companies must hand over the files within a month. In practice, the process is not always so smooth; some companies have declined to provide people with the data they had requested.
  • In the US There is no single federal law or standard people can rely on to obtain copies of their records. But there are industry-specific rules. Patients, for instance, may request copies of their medical records from health-care providers. Some companies, like Twitter, also allow customers to download their own archives.
  • My child has fallen for Video Games - Your 10-year-old wants to set up a player profile on an online video game that collects personal information including children’s real names, locations, photos and email addresses.
  • In EU Currently, there are no European-wide laws that apply specifically to how children’s data can be collected and used. Under new rules to come into force over the next two years, digital services like Facebook, Snapchat and Instagram must obtain parental consent before collecting data on anyone under 16 (and national governments can lower that age limit to 13).
  • In the US A federal law called the Children’s Online Privacy Protection Act requires children’s sites and apps to obtain parental permission before collecting personal details – like names and email addresses – from children under 13. The Federal Trade Commission enforces these protections.

NYT

 

 

« TalkTalk's Cybersecurity Lesson
Who Needs A Computer Science Degree Anyway? »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

RSA Security

RSA Security

RSA provide cybersecurity products for Threat Detection and Response, Identity and Access Management, Governance, Risk and Compliance, and Fraud Prevention.

Promon

Promon

Promon is an application security vendor providing Self-Protection abilities to Mobile apps and Desktop applications.

Cybernetic Global Intelligence (CGI)

Cybernetic Global Intelligence (CGI)

CGI is a global IT Security firm that helps companies protect their data and minimize their vulnerability to cyber threats through a range of services such as Security Audits and Managed Services.

Cybersecurity Competence Center (C3)

Cybersecurity Competence Center (C3)

The Cybersecurity Competence Center was created to further strengthen the Luxembourg economy in the field of cybersecurity.

Nuspire

Nuspire

Nuspire provide services to protect your network with best-in-class managed detection and response, allowing you to stay focused on managing your business.

URS Certification

URS Certification

United Registrar of Systems (URS Certification) is an independent certification body operating in more than 30 countries within the multinational URS Holdings.

Identifi Global Recruitment

Identifi Global Recruitment

Identifi Global is one of the UK's leading Cyber Security & IT Recruitment specialists.

Cyentia Institute

Cyentia Institute

The Cyentia Institute is a research & data science firm with a mission to advance knowledge in the cybersecurity industry.

SightGain

SightGain

SightGain is the only integrated risk management solution focused on cybersecurity readiness using real-world attack simulations in your live environment.

EYE Security

EYE Security

EYE provides enterprise-grade cyber security services and cyber insurance to SMEs in Europe, Cyber Incident Response and strategic advice in board rooms.

GajShield

GajShield

GajShield Infotech provides Data Security Firewall solutions to Corporate’s and Government agencies.

Zitec

Zitec

One of Europe's largest and most prominent full-cycle software development services companies, Zitec is the digital transformation partner to companies in the EU, UK, USA, Canada and ME.

TeamT5

TeamT5

TeamT5 Inc. is a leading cybersecurity company dedicated to cyber threat research and solutions.

National Critical Information Infrastructure Protection Centre (NCIIPC) - India

National Critical Information Infrastructure Protection Centre (NCIIPC) - India

NCIIPC's mission is to protect the Critical Information Infrastructure of India, from unauthorized access, modification, use, disclosure, disruption, incapacitation or destruction.

Obviam

Obviam

Obviam specialize in providing security solutions tailored to meet the unique needs of each of our clients, no matter where they are in their security journey.

Intelligent Protection Management (IPM)

Intelligent Protection Management (IPM)

At IPM, we deliver custom technology solutions that empower businesses to thrive. With over 20 years experience, we help companies of all sizes tackle IT, Security, and Cloud.