Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?
Privacy Government United States Politics Your Rights Online

EU Privacy Directive — Coming To the US? 180

An anonymous reader writes "An article over at ComputerWorld implies that the EU Privacy Directive, or something like it, will soon be signed into law here in the USA. The author seems to think this is a good thing, but I'm not so sure. From the article: 'We've finally come to realize that self-regulation by industry hasn't worked. The states have stepped in, creating the same situation of conflicting regulation that led to the creation of the EU privacy directive. The only question now is if the law that comes out of Congress will be a small step strictly focused on breaches, such as S.239, or whether we take the bigger step of forming a permanent committee under the FTC to monitor privacy as outlined by S.1178. Either way, the U.S. is finally moving away from the fractured environment of the past and toward a comprehensive privacy strategy.' Is it time for a national privacy law or 'Privacy Czar', or are we better off letting things be?"
This discussion has been archived. No new comments can be posted.

EU Privacy Directive — Coming To the US?

Comments Filter:
  • Is it just me (Score:3, Insightful)

    by kensai ( 139597 ) on Tuesday June 19, 2007 @06:21PM (#19571763) Homepage
    or has this whole "Czar" thing been way overused.
    • by WrongSizeGlass ( 838941 ) on Tuesday June 19, 2007 @06:23PM (#19571777)

      or has this whole "Czar" thing been way overused.
      Yes. Yes it has.

      I believe Czar is a Native American word meaning destined for failure.
      • by PhxBlue ( 562201 ) on Tuesday June 19, 2007 @07:26PM (#19572517) Homepage Journal

        I believe Czar is a Native American word meaning destined for failure.

        Y'know, based on my knowledge of history, I'd have to guess it means the same thing in Russian.

        • by jd ( 1658 )
          I thought it was Russian for "he who sneezes whilst smoking Cuban imports".
        • The Czars ruled the Russian Empire with iron hand for centuries surrounded by luxuries, I wouldn't call it a failure.
        • by gkhan1 ( 886823 )

          You could take that logic even further. Czar comes (like most European words for "emperor") from the name Ceasar (as in "I am Gaius of the Julii, called Ceasar!"), and we all know what happened to him*!

          A more appropriate term would be "Augustus", as in "Privacy Augustus", as in "I ruled for more than 40 years, brought peace and founded the most powerful empire the world has ever seen. Bitches!"

    • Re: (Score:3, Interesting)

      by RedElf ( 249078 )
      Hold up a second, they're just trying to be like Ceasar [] (except with bad spelling) too bad they didn't read the history books to see what happened to him.
      • by WrongSizeGlass ( 838941 ) on Tuesday June 19, 2007 @06:39PM (#19571997)

        too bad they didn't read the history books to see what happened to him.
        He had a salad named after him?
        • ... he has a bolt through the c*ck named to him, don't guess that was his dying last wish; A salad sure sounds better to me.
      • Re:Is it just me (Score:4, Insightful)

        by Bellum Aeternus ( 891584 ) on Tuesday June 19, 2007 @07:37PM (#19572613)
        Czar is an English spelling of a Russian word meaning caesar - which means autocrat. So what they're saying when they label somebody a czar is that his a leader who's above the law and with absolute authority. Seems to me, that in the "free" West, terms like czar should avoided for so many reasons.

        I mean what western leader thinks he's above the law... oh right.

        Anyways, why not follow the British example and refer to everyone as a minister?
        • by mike2R ( 721965 )

          Anyways, why not follow the British example and refer to everyone as a minister?

          Actually we have "Czars" as well (although I presume we copied the idea from somewhere else). I think the idea is that a Czar is someone given complete authority to deal with a particular issue, or at least that's what it is meant to sound like.

          Also a minister in the UK must be a member of parliament.

        • by pjt33 ( 739471 )
          A British minister is roughly the equivalent of a US Secretary (of State, of the Treasury, etc). The British equivalent of "Privacy Czar" is the Information Commissioner.
        • Czar, Caesar or Kaesar means emperor.
        • Just to make one thing clear here: "Czar" comes etimologically from "caesar", just like the German word "Kaisar". Both mean "emperor". And emperors are (usually) autocrats. But that doesn't mean that every word related to "caesar" means autocrat.

          And not even all emperors are autocrats. I believe Japan's power is firmly in the hands of a democratically elected government nowadays, for example. Just like kings and queens aren't autocrats anymore.

      • They are derived from exactly the same word, they just took different routes to get to English.
      • Not Czars=Ceasar
        NotNot who's there? I don't know, Who?
        Who's the guy in the picture with Bush in China?
        Putin Bush is in the other picture in Russia.
        I don't know, who is putin in a bush in Russia or China in a picture.
        At least a picture doesn't stink up everyplace making it unbearable, and unlivable.

        I hope there is never a passport required to leave this earth.
        I keep my towel close, my thumb up, and my beer mug full ... hoping to escape before any other elections.

        REMEMBER, I am an old guy ..., I don't know wh
    • Re: (Score:3, Informative)

      by capnez ( 873351 )

      Incidentially, I just read my current issue of The Economist, and they have a leader (op-ed piece) about absurd titles. You can read it online at story_id=9339915 [].

      My favourite sentence from that piece: "What next? Führers, Caudillos, Duci, Gauleiters and Generalisimos must be due for a comeback."

      • Yeah, all the tsars (tsarii?, tsaruses?) seem to be kinda stupid.

        Still wouldn't mind being the "nipple tsar". I mean, somebody (apparently) has to do it.

    • or has this whole "Czar" thing been way overused.

      It's just there in an attempt to make every libertarian reading this story goes into a screaming rage about evil government controls, and starts posting flamebaits like crazy. Slashdot needs discussion to generate ad revenue, you know. Besides, political discussions provide the most insightful comments and the creationism-bashimg flamebaits provide the most amusing perversions of science and logic (on both sides).

      That said, it is a pretty sad attempt.

  • by Anonymous Coward on Tuesday June 19, 2007 @06:22PM (#19571775)
    ...ever makes it into US law (if ever), it will be so watered down and ineffective that it might as well not even exist. The corporations who now run the USA will not stand for it.
    • Re: (Score:3, Insightful)

      "We've finally come to realize that self-regulation by industry hasn't worked."

      This is some serious disinformation here. Self-regulation by the tech industry worked just fine until the government began allowing business and corporate interests to affect its subsidies, grants, and funding. It was in the transferral of the power to self regulate from the researchers who created the technology to the Wall Street entities which began government appointed overseers and distributors of the technology that the ability to self-regulate was lost.

      There is no problem with self-regulation in t

      • This is some serious disinformation here. Self-regulation by the tech industry worked just fine until the government began allowing business and corporate interests to affect its subsidies, grants, and funding.

        I think you meant to put a colon after the word here. It makes more sense that way.

        I mean, do you honestly believe that there has ever been some mythical time in US history in which businesses happily kept to themselves and acted like gentlemen in the best interests of their customers before some swi
    • by msauve ( 701917 ) on Tuesday June 19, 2007 @06:59PM (#19572227)
      if you read the bill, it's nothing like the EU privacy laws. The EU laws protect a person's privacy, requiring their permission to disclose personal information (among other things).

      The US bill does nothing to prevent a corporation from deliberately disclosing whatever they want to whomever they want - it's focused exclusively on securing those transactions from third parties.

      The law is summed up in this paragraph:

      A covered entity shall develop, implement, maintain, and enforce a written program for the security of sensitive personal information the entity collects, maintains, sells, transfers, or disposes of, containing administrative, technical, and physical safeguards

      I have a thing about my Social Security number - I only give it to those who require it to fulfill legal mandates. That includes my employer, who has decided (without my permission, and despite my express denial) to give it to a health care provider. This proposed law does nothing to prevent that.

      I want them to be prevented from "selling or transferring" my confidential information, without my voluntary consent (no consent as a condition of employment, etc.).
      • by overshoot ( 39700 ) on Tuesday June 19, 2007 @07:06PM (#19572315)

        The US bill does nothing to prevent a corporation from deliberately disclosing whatever they want to whomever they want - it's focused exclusively on securing those transactions from third parties.
        That is, as you point out, the whole purpose of the Act. It's not "watered down" -- it's specifically designed to enable exactly what you cite (letting corporations do whatever they damn well please with your personal data) without interference from annoying State privacy laws.
        • Re: (Score:3, Insightful)

          by jandersen ( 462034 )
          As a European I take it for granted that my privacy is completely my own, and it seems obvious that I have to give written permission for anybody else to use my data - even government agencies. And that is one of the things about America that I really dislike - it is as if the only thing that matters in America is big money, and whatever big money wants, it gets. Just take the outrage of Microsoft trying to change legislation in the US, which read about here on /. - the reactions of my colleagues here in UK
          • "As a European I take it for granted that my privacy is completely my own, and it seems obvious that I have to give written permission for anybody else to use my data - even government agencies."

            Except for data gathered about you as you move about the city during your days? I guess where you go and when isn't something you take as a privacy matter....completely ok to let yourself be monitored at all times by CCTV, eh? Or, do they ask you for your written permission anytime some constable wants to review t

      • by ducomputergeek ( 595742 ) on Tuesday June 19, 2007 @07:19PM (#19572443)
        I've been asked for my SSN before on job applications and have told them, I'll put it on a W-4 when hired and you can't force me to give it to you because by law the only people I am required to give it out to is the Federal Government.

        Maybe one reason why i had trouble finding a job right out of college.

      • by jimicus ( 737525 )
        The EU laws protect a person's privacy, requiring their permission to disclose personal information (among other things).

        AFAIK, however, they don't prevent a business from making "you granting them permission to disclose information however they please" from being a condition of doing business with them.

        All you wind up with is that the organisations who you really don't want being cavalier with such information (like banks) hiding a clause in the small print which broadly says "We may ship your data to thir
  • Given the history of regulatory agencies (see the history of the Interstate Commerce Commission for starters), just how long will it be before the new regulators end up captive to the industries they regulate?

    There's a line in the movie "Absence of Malice" which sums up the problem of government regulators very neatly, even if it wasn't intended that way: "Have you given any thought to what you'll do after government service?"
    • This is precisely why, as much as I hate to say it, lawsuits have their place. Don't regulate our privacy - make it a civil offense to invade it and let the bloodsucking attorneys provide the penalties. Dollars are the blood of corporations - rightfully suing for the damage they do will either cause them to change their ways or at least compensate their victims. I'm not against using civil suits to inflict the necessary pain to limit corporate misbehavior.
      • Good luck trying to find an attorney to take the case of someone with the average income against a Microsoft-sized company. Even if they do take it, they're going to need a SHITLOAD of their own money to pay for the case out of pocket, as it will soon consume most of their time.
  • by ShadeTC ( 58886 ) on Tuesday June 19, 2007 @06:26PM (#19571831)
    I think in general privacy laws and government regulation of privacy is a good thing. The problem with self-regulation of privacy is that personal information is a lucrative commodity. It is hard to get companies to do what's right when most people don't even realize how much information they are giving up or what their rights are. I think well crafted legislation can provide a good framework for companies to better their privacy policies as well as provide redress for consumers who are adversely affected by bad policies. Good laws also provide a way for privacy advocacy groups to benchmark companies by providing a baseline as well as providing standards to hold companies to.

    The key here will be that the laws need to be broad enough to deal with the rapidly changing business methods as well as provide room for companies to try different methods of achieving the results. At some point you can push companies far enough that they will then try to advertise on how great their privacy is versus some other company, so it's good to set the bar and allow companies to rise above it as well as just meeting it.
  • Depends (Score:3, Interesting)

    by TubeSteak ( 669689 ) on Tuesday June 19, 2007 @06:28PM (#19571857) Journal
    Printer Friendly: mand=printArticleBasic&articleId=9024784 []

    Anyways, it doesn't matter what the US signs into law if there is no meaningful oversight, penalties and enforcement.

    I also can't imagine that the business lobby isn't going to scream and shout about the expense involved with implementing true EU style reforms.

    One alternative to all these expensive-to-implement laws is to make it an opt-in industry. By the time they're done culling out all the people who don't want to be in the database (a one-time event), EU style privacy laws won't cost all that much to implement.
    • Re: (Score:3, Interesting)

      by zCyl ( 14362 )

      Anyways, it doesn't matter what the US signs into law if there is no meaningful oversight, penalties and enforcement.

      It can, actually. If the American people believe they have a legal right to privacy, and expect it, then eventually oversight, penalties, and enforcement will come around, even if they don't start out in place.

      Sometimes we have to aim for gradual cultural shifts if we can't immediately obtain sweeping and effective legislation.
  • appointed, whatever program comes to a screeching failure. Think Drug Czar, Iraq War Czar, etc.
  • In most countries there will hopefully be just enough people exercising their rights under this kind of legislation to compel all concerned to comply. That's mostly what this sort of thing is about. The OP is a fool.. this *is* 'a good thing'.
  • by DimGeo ( 694000 ) on Tuesday June 19, 2007 @06:40PM (#19572005) Homepage
    And pigs can fly. Not a snowball's chance in hell that this could happen! Restricting business? How dare they! :)
  • by lawpoop ( 604919 ) on Tuesday June 19, 2007 @06:45PM (#19572065) Homepage Journal

    The author seems to think this is a good thing, but I'm not so sure.
    What exactly is the problem, AC? We don't need a government function actually serving the interests of the average consumer, instead of large corporations? It will become another bloated, ineffectual government bureaucracy that gets hijacked by industry, like the EPA and the FDA? This is a function that belongs on the state level, like the BBB?

    I was going to start to argue *for* another contender on the side of the little guy, but I think I just talked myself out of it.
    • by AuMatar ( 183847 )
      Nitpick- the BBB is not a state agency. Its a private agency, with corporations and buisnesses as voluntary members. It has no power, and really doesn't do jack shit- they put a little mark in a little file, occasionally ask someone to stop doing something, and give them a 50 dollar or so fine if they're one of the voluntary members. Maybe. They also happen to put out much harsher reports on non-members than dues paying members, but I'm sure thata a *total* coincidence.
      • by lawpoop ( 604919 )
        Thanks for the information. I wondered about that, after I hit the submit button, of course. But, another nitpick: I only said they were a state level entity ( they *are* state-by-state, aren't they? Or is there a national BBB?), not that they were a government agency ;)
  • by siddesu ( 698447 ) on Tuesday June 19, 2007 @06:51PM (#19572119)
    in the past, as near as maybe 20-30 years ago, privacy was not a huge issue, because it wasn't so easy and cheap to amass data. of course, files on people have always existed, but they were specialized and compartmentalized, and not easy to correlate and analyse. nevertheless, some governments (mostly associated with ex-communist countries) are known to have excelled at collection, storage and retrieval of files on people, even if they only used paper. these files were very successfully used to make people behave in certain ways.

    now, when there is the technology to collect, store and correlate all kinds of data about very many people by just about any entity with a minor budget, and there are no clear rules about what is okay and what is not, it is easy for the individual to be a target of abuse by a more powerful group (be that government, a large company, or some foundation), and it is almost impossible for the individual to counter-balance such groups, as data collection seems, in the absense of rules, quite legal, and, depending on the profile, the person may not be in a position to make a strong stand. so, it is pretty obvious that some levelling of the playing field is in order, and that it should be made a law, so that it has teeth.

    to me the reasonable minimum would be the ability of a person to see the information an entity has amassed on them, and to be able to remove parts of their profile or (that being un-possible for some reason) the whole profile at any time, at least from a private organization. exceptions from that rule should be considered carefully, and introduced on a demonstrated need basis.

    this will probably kill a few tabloid publications, and decrease the availability of movie star pictures on the internet though :(
  • Preemption (Score:3, Insightful)

    by overshoot ( 39700 ) on Tuesday June 19, 2007 @07:02PM (#19572265)
    Like the (you) CAN-SPAM and the new (you can) SPY Acts, the main point of both bills is the preemption of (effective) State laws. By pulling all enforcement into a single Federal authority and removing private rights of action, it becomes much less important for the drafters to include explicit language neutering the nominally-beneficial provisions of the legislation.

    Done right, these laws get the Legislature some headlines for the voters while effectively insulating the campaign contributors from the risk of being held liable for doing what the Act theoretically prohibits.

    Thought experiment: what would either Act have done in the case of HP spying on private parties?

  • by J'raxis ( 248192 ) on Tuesday June 19, 2007 @07:11PM (#19572371) Homepage
    Just wait. This will be an attempt to stealthily pass a bunch of anti-privacy legislation, such as data-retention laws.
  • Privacy laws were partly the cause of the VT shootings. That's simplfing it a bit, I know, but this is one of those things that I don't think can go both ways in my book. If we agree that privacy is a good thing, then sorry, events like VT could happen again because of the inability of sharing data. (And with the comming national ID cards and such, I really like the idea of having some strong privacy laws.)
    • So, are we supposed to all fall prostrate before the spectacle of the Viginia Tech shooting? Should we abandon our principles in the face of the masses of innocent college students who would get gunned down because we wanted unconscionable things like human rights and basic liberties? How long are people going to wave the students bodies around on their own personal flagpole?

      You may as well argue about terrorism and child porn. Personally, I'm tired of emotive arguments. Hearing one is a pretty sure fire ac
  • Disclosing information should not be considered a crime, unless of course you are bound by contract not to disclose it. Similarly, grabbing information should not be considered a crime, unless of course you invade someone's property by doing it (breaking in one's house, trash, computer etc)
  • You mean a single point of contact that helps reduce the privacy of the common man, but makes damned sure the elected officials have it?

    No thanks.
  • by Allnighterking ( 74212 ) on Tuesday June 19, 2007 @07:51PM (#19572721) Homepage
    All too often laws are enacted with the best of intentions only to show that compliance with the law is a hollow shell of the desired objective. Case in point is something like the CanSpam directive. By giving you a link to a page that had all the correct bells and whistles to appear to allow you to de-list yourself, when it actually de-listed you from one list and listed you on 40 others, is the probable end result.

    How many times have you had a company ask for ridiculously invasive information for your protection . Similar results will be incurred here. Currently asking information is at best spotty in legality and because of this you have a certain level of push back available to you when they request it. (No I will not give my sons grade school his SSN) however once a law like this goes into play it creates an aura of safety that once an organization appears to comply with it, the loss of your personal data no longer is a high level of liability for them. As a result your privacy is reduced to a level of cookie cutter actions that never get questioned because, 'everyone knows it meets legal requirements'.
  • These laws don't make sense unless the countries/regions also want to deal with how the data is disseminated.

    I just got off the phone dealing with someone from my phone company's customer service centre... in India. He was very helpful, so don't get me wrong but... It was disconcerting to know he could check my credit card number. I am sure many/most offshore call centre's employees are honest, but I have to wonder about how this privacy crap matters when we allow corporations to send our private infor

  • "Hand all over your private information over to us, the Government, so we may protect it for you!"
    just wait wait for it..
  • HIPPA didn't work (Score:3, Informative)

    by r00t ( 33219 ) on Wednesday June 20, 2007 @12:36AM (#19574801) Journal
    Do I want to get the health insurance my employer subsidizes? Sure I do. The insurer makes that conditional on waiving my HIPPA rights. I guess they want to post my info on their web site (crap, they do!) and leave it where even the janitor can see it.

    I'm also easy to impersonate.

    Meanwhile, if she follows the law, my own wife has no ability to get the info. WTF?

    My blood relatives should be able to get inheritable disease records. People who lived with me during the past year should be able to get contagious disease records. Anybody sharing finances with me (or recently, as with an ex-spouse) should be able to get billing records.

    So HIPPA has pretty much made everything worse for me. I don't need more of the same.
  • The author of the original article clearly didn't read the S.1178, "A bill to strengthen data protection and safeguards, require data breach notification, and further prevent identity theft" [], the bill they're citing. And nobody else here seems to have read it either.

    First, it's not anything like the European Privacy Directive. It has nothing to do with privacy. It's about leaks of information useful for identity theft and about credit reporting. It's actually another one of those bills designed to re

  • by erik_norgaard ( 692400 ) on Wednesday June 20, 2007 @04:10AM (#19575943) Homepage
    The EU directive is very good when it comes to specifying what 3rd parties may do with private data and giving the citizen rights to control the use of such data:

    * The citizen may request information of what data is kept
    * The citizen may require incorrect data to be corrected
    * The citizen may require data to be deleted

    Further, data must not be shared with states outside EU unless the EU has recognized these as providing adequate protection of personal data. US is not on the list (but Canada is) which is the reason of the current conflict over passenger data on transatlantic flights.

    But, the EU directive lacks one think: Supervision. There is no controls implemented, no prior certification of data processing entities, no posterior audit to ensure that data protection is adequately implemented, not even common standards on how data must be protected. AND, there is no obligation to publicly announce data breaches.

    Certifying data processing entities and then granting these authorization to handle data is cumbersome and expensive and won't ever happen - fine. But, some control system should be established, and standards or guidelines should be made. Why is there no requirement to encrypt personal data when stored in a non-controlled environment (say mobile devices) and not in use?

    And after the data retention directive, which seems also to be on the road into US law, why did they not set strict requirements on protection of these data to ensure that they are only available for the purpose of the retention - investigation of terrorism? Why may companies retain such traffic data and store it unencrypted?

    At the very least, we could learn from the many US states that require companies to advice customers about data breaches and risk of abuse.
  • A good thing (Score:4, Insightful)

    by Kirth ( 183 ) on Wednesday June 20, 2007 @04:50AM (#19576167) Homepage
    Guess why the USA has such a tremendous problem with "identity theft"? A much bigger one than in Europe?

    Something which facilitates this is the missing privacy directive. Companies are much more careless with YOUR data if they can't be held accountable. This, of course, makes it easier for criminals to get your data.

    Well, it would be a good thing if thy hadn't watered it down already..
    • Actually, the biggest difference between the US and the EU is WHO owns the data.
      In the US, the data belongs to the entity that collects it.
      In the EU, the data belongs to the person it represents.

      Once that difference sinks in, you'll see that all the rest is just a derivative of it.
      If the information belongs to you, the organizations collecting it need your authorization to do anything with it (especially share it) and are responsible if they lose it (as it belongs to you and they are only safe-keeping it).

    • by sco08y ( 615665 )
      Guess why the USA has such a tremendous problem with "identity theft"? A much bigger one than in Europe?

      Do you have numbers behind that claim?

  • US data privacy laws are a bloody mess.

    In 1972, Elliot Richardson was the Sec'y of HEW under Nixon. He commissioned one of the first reports on data privacy, which was shaping up to be a great thing. Then he left to become Attorney General to providee some moral credibility during Watergate, and Cap Weinberger (the mentor of Don Rumsfeld and Dick Cheney among others) came in and gutted the report's recommendations.

    What was left was a report that said data privacy is a HUGE problem, and recommended a numbe

No extensible language will be universal. -- T. Cheatham