Page 2 of 2 FirstFirst 12
Results 17 to 30 of 30

Thread: UK Googlers to lose GDPR protections says Report

  1. #17
    Long member
    Join Date
    Apr 2008
    Posts
    2,427
    Thanks
    70
    Thanked
    404 times in 291 posts
    • philehidiot's system
      • Motherboard:
      • Father's bored
      • CPU:
      • Cockroach brain V0.1
      • Memory:
      • Innebriated, unwritten
      • Storage:
      • Big Yellow Self Storage
      • Graphics card(s):
      • Semi chewed Crayola Mega Pack
      • PSU:
      • 20KW single phase direct grid supply
      • Case:
      • Closed, Open, Cold
      • Operating System:
      • Cockroach
      • Monitor(s):
      • The mental health nurses
      • Internet:
      • Please.

    Re: UK Googlers to lose GDPR protections says Report

    Thank you Spaceman for providing the nuance which was sorely lacking.

    Unfortunately, I suspect we are in for this kind of thing ad nauseam as people jump and shout about something which is changing for perfectly sensible legal / business continuity reasons post-Brexit. I suspect those who didn't want it to happen are going to get upset at every change and I don't think we'll have someone with your kind of insight to provide the resolution needed to understand these decisions for every issue that comes up.

    Alternatively, those who did want us to leave will just go "it's part of the process, stop whining" and we may well miss an opportunistic government taking advantage.

    I think the lesson here is to not jump up and down with rage at every little change but also to be vigilant so that we don't lose even more rights or take backwards steps in certain areas.

  2. Received thanks from:

    Iota (20-02-2020),Pleiades (21-02-2020)

  3. #18
    Senior Member
    Join Date
    May 2009
    Location
    Where you are not
    Posts
    1,330
    Thanks
    607
    Thanked
    103 times in 90 posts
    • Iota's system
      • Motherboard:
      • Asus Maximus Hero XI
      • CPU:
      • Intel Core i9 9900KF
      • Memory:
      • CMD32GX4M2C3200C16
      • Storage:
      • 1 x 1TB / 3 x 2TB Samsung 970 Evo Plus NVMe
      • Graphics card(s):
      • Nvidia RTX 3090 Founders Edition
      • PSU:
      • Corsair HX1200i
      • Case:
      • Corsair Obsidian 500D
      • Operating System:
      • Windows 10 Pro 64-bit
      • Monitor(s):
      • Samsung Odyssey G9
      • Internet:
      • 500Mbps BT FTTH

    Re: UK Googlers to lose GDPR protections says Report

    Quote Originally Posted by spacein_vader View Post
    GDPR entered UK law as the Data Protection Act (2018) which is not far off a cut and paste of the EU legal text with a few local clarifiers. For example the EU text refers to "independant supervisory bodies" enforcing the rules, whereas the DPA states the Information Commisioners Office specifically. Amendments to the law to ensure it still works after the transition period have already been made, mostly in the form of the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019 which amends certain elements to refer to the UK courts as the arbiter of legal cases rather than EU courts and various similar items. The crucial part for our purposes is around data transfers to outside the UK.

    Under GDPR data can be transferred to any other country within the EU without needing any additional safeguards. All other countries are referred to as "third countries" and there are 3 legal methods for transferring to them. We will become a 3rd country to the EU and they become 3rd countries to us the day the transition period ends, and our own laws have been adapted accordingly. 2 of the methods involve rules and clauses being built into individual contracts for any data moved, which is a labourious task. The final method works at a nation to nation level and so makes the overhead for individual organisations disappear. This method is called an adequacy decision.

    An adequacy decision (article 45). This means the EU have looked at the data and related laws of a given country and decided that they meet or exceed the standards of GDPR OR they put special legal measures in place for EU data that don't apply to their domestic citizens data. The current list of countries deemed adequate is here, mostly those that border the EU, have trade deals in place or have put special measures in place, in particular the USAs Privacy Shield framework. The UK has compiled its own list of "adequate" countries for after the transition as every other country on earth becomes a 3rd country from our POV. That list contains all those already within the EU, the EEA and the EUs list, including the USA if under Privacy Shield. HOWEVER, the EU will NOT automatically recognise the UK as adequate, we will have to go through their process. This takes time and while our data law is identical to theirs they have long believed that the Investigatory Powers Act (2016) (aka the Snoopers Charter,) does not sufficently protect the rights & freedoms of citizens personal data. While we were a member this was moot but when we're outside it could count against adequacy. This could result in the Uk being free to transfer data to EU countries as we've recognised them, but them unable to do the same to us without contracts and safeguards at least until adequacy is agreed (if it ever is.)

    So if you're Google and currently administer UK data from Irish jurastiction, you could face a huge headache trying to do so post transition as you'll have to generate huge swathes of clauses and documents any time you change a service for UK users or implement a new one. This could be a large and ongoing cost depending on how long we're not deemed adequate. Your alternative is to bring UK data under US jurastiction. The UK recognises US adequacy under Privacy Shield in one direction and given US standards on data protection are MUCH lower than ours they aren't going to find our laws lacking. So in this case you do a one off piece of work and the ongoing cost is zero.

    This does NOT mean that GPDR/DPA protections will no longer apply to UK data held by Google under US jurastiction. As the Reuters article states:

    So under Privacy Shield Google (or any other US based organisation handling UK data this way,) would be legally obliged to handle that data in accordance with the DPA or any future new UK data legislation. We'd lose no protections unless the UK parliment passes laws removing them. All Google is doing is moving the administrative burden to a country that is not going to quibble about whether our data laws are robust enough. I don't doubt that the US will try to use our data laws as a bargaining chip on trade, and make no predictions as to whether we alter them in future, but the above is my read on the current situation.

    TL;DR - This move doesn't actually have any impact on the rights of Googles UK customers and is a logical move by Google to minimise the impact of Brexit on the administration of their UK data.
    That was essentially my understanding of the changes, the only real question is how the EU decides to handle the adequacy decision as well as the length of time they take to do so. Any changes the UK makes to the DPA 2018 that reduce the protections will impact on that going forward, which we have no indication thus far that they are willing to do so. Google still has to adhere to local laws, regardless of where the data is held going forward. The ICO isn't toothless either.

  4. #19
    Registered User
    Join Date
    Feb 2020
    Posts
    2
    Thanks
    0
    Thanked
    0 times in 0 posts

    Re: UK Googlers to lose GDPR protections says Report

    Can someone explain why I should care about gdpr? Other than financial and medical information i don't really care what happens to data about me. This regulation is costly to implement and that cost is passed on via higher prices.

  5. #20
    Senior Member
    Join Date
    Dec 2013
    Posts
    3,526
    Thanks
    504
    Thanked
    468 times in 326 posts

    Re: UK Googlers to lose GDPR protections says Report

    Quote Originally Posted by philehidiot View Post
    I think the lesson here is to not jump up and down with rage at every little change but also to be vigilant so that we don't lose even more rights or take backwards steps in certain areas.
    As we've not learnt that lesson in the last 40 year it's probably best not to get your hopes up, the jumping up and down with rage at every little change got so bad while we were a member a site had to be made to debunk the red-tops claims.
    Quote Originally Posted by Technikal View Post
    Can someone explain why I should care about gdpr? Other than financial and medical information i don't really care what happens to data about me. This regulation is costly to implement and that cost is passed on via higher prices.
    Not in a single post, privacy matters for various reasons, personally i don't want a company knowing the sort of details that can be gleaned from my data. A couple of stories spring to mind, one of a farther discovering his daughter was pregnant because companies sent baby related stuff to his house due to his daughters shopping habits changing, another is this short TedTalk about meta data.

    You could spend months watching and reading about how powerful data can be but i wouldn't want to creep anyone out.
    Last edited by Corky34; 21-02-2020 at 11:21 AM.

  6. Received thanks from:

    kompukare (21-02-2020),nichomach (21-02-2020),Pleiades (21-02-2020)

  7. #21
    Registered User
    Join Date
    Mar 2019
    Posts
    13
    Thanks
    0
    Thanked
    0 times in 0 posts

    Re: UK Googlers to lose GDPR protections says Report

    Duck duck go seems to be the easiest fix if it happens.

  8. #22
    Be wary of Scan Dashers's Avatar
    Join Date
    Jun 2016
    Posts
    1,079
    Thanks
    40
    Thanked
    137 times in 107 posts
    • Dashers's system
      • Motherboard:
      • Gigabyte GA-X99-UD4
      • CPU:
      • Intel i7-5930K
      • Memory:
      • 48GB Corsair DDR4 3000 Quad-channel
      • Storage:
      • Intel 750 PCIe SSD; RAID-0 x2 Samsung 840 EVO; RAID-0 x2 WD Black; RAID-0 x2 Crucial MX500
      • Graphics card(s):
      • MSI GeForce GTX 1070 Ti
      • PSU:
      • CoolerMaster Silent Pro M2 720W
      • Case:
      • Corsair 500R
      • Operating System:
      • Windows 10
      • Monitor(s):
      • Philips 40" 4K AMVA + 23.8" AOC 144Hz IPS
      • Internet:
      • Zen FTTC

    Re: UK Googlers to lose GDPR protections says Report

    Quote Originally Posted by Technikal View Post
    Can someone explain why I should care about gdpr? Other than financial and medical information i don't really care what happens to data about me. This regulation is costly to implement and that cost is passed on via higher prices.
    This is a huge subject with a lot of nuances.

    Some more present and real dangers are:
    - Identify theft. You provide "harmless" personal details to a company you trust. This trust is abused (intentionally or maliciously) and that personal data is now a powerful tool that can be used to create a virtual clone of you and further exploit you personally, or just be used in other things (forging votes etc).

    - Simple scamming. If I know more about you, I could potentially socially engineer phising against you.

    - Profiling and manipulation. We all work in echo chambers and no matter how "woke" we think we might be, are influenced by external factors. Profiling you means that companies can target your political and personal biases (see Cambridge Analytics).

    There are a myriad of different reasons why you don't want your personal information to be spread around in a liberal fashion.

    A more extreme case is of course, the origins of data protection in Europe. When Nazi's rolled into countries they used secure government censor data to identify people with particular religious beliefs and slaughter them. This doesn't seem a likely event now (but it probably didn't at the time people gave up that information) - but Brexit is most definitely not a good sign for peace and prosperity in Europe as a place.

  9. Received thanks from:

    kompukare (21-02-2020),nichomach (21-02-2020)

  10. #23
    Senior Member
    Join Date
    Jul 2009
    Location
    West Sussex
    Posts
    1,721
    Thanks
    197
    Thanked
    243 times in 223 posts
    • kompukare's system
      • Motherboard:
      • Asus P8Z77-V LX
      • CPU:
      • Intel i5-3570K
      • Memory:
      • 4 x 8GB DDR3
      • Storage:
      • Samsung 850 EVo 500GB | Corsair MP510 960GB | 2 x WD 4TB spinners
      • Graphics card(s):
      • Sappihre R7 260X 1GB (sic)
      • PSU:
      • Antec 650 Gold TruePower (Seasonic)
      • Case:
      • Aerocool DS 200 (silenced, 53.6 litres)l)
      • Operating System:
      • Windows 10-64
      • Monitor(s):
      • 2 x ViewSonic 27" 1440p

    Re: UK Googlers to lose GDPR protections says Report

    While we are here - naturally - focused on what this means for UK users of Google (and whoever follows Google for similar reasons), does this also bode very badly for any UK companies holding information of any EU-27 citizen?

    I guess for very companies shifting things around is not a problem but for small to medium companies this could prove costly.

  11. #24
    Missed by us all - RIP old boy spacein_vader's Avatar
    Join Date
    Sep 2014
    Location
    Darkest Northamptonshire
    Posts
    2,015
    Thanks
    184
    Thanked
    1,086 times in 410 posts
    • spacein_vader's system
      • Motherboard:
      • MSI B450 Tomahawk Max
      • CPU:
      • Ryzen 5 3600
      • Memory:
      • 2x8GB Patriot Steel DDR4 3600mhz
      • Storage:
      • 1tb Sabrent Rocket NVMe (boot), 500GB Crucial MX100, 1TB Crucial MX200
      • Graphics card(s):
      • Gigabyte Radeon RX5700 Gaming OC
      • PSU:
      • Corsair HX 520W modular
      • Case:
      • Fractal Design Meshify C
      • Operating System:
      • Windows 10 Pro
      • Monitor(s):
      • BenQ GW2765, Dell Ultrasharp U2412
      • Internet:
      • Zen Internet

    Re: UK Googlers to lose GDPR protections says Report

    Quote Originally Posted by Technikal View Post
    Can someone explain why I should care about gdpr? Other than financial and medical information i don't really care what happens to data about me. This regulation is costly to implement and that cost is passed on via higher prices.
    On your first point, it is absolutely your perogative not to care. What GDPR does is protect those who do. If you don't, you can consent to whatever data use you like. However it's worth bearing in mind that financial and medical data would be fair game too without GDPR (or other data protection law,) so it gives you protections there and you're free to surrender them everywhere else if you wish. Data Protection is not new, pre-GDPR we had the Data Protection Act 1998 which adhered to similar principles but with a lot more grey areas and much less punitive penalties (a maxium fine of £500k for example,) and before that the Data Protection Act 1984!

    On your second point about cost, do you have any evidence to back that up? I'm not saying that to be sarcastic but because I've actually been looking to find evidence for higher/lower costs post GDPR and have been unable to find anything substantive in either direction. There is undoubtably an up front cost if an organisation was being less stringent in its data practices beforehand but it should have just been 1 hit when the new legislation hit. Given that was nearly 2 years ago that cost has been paid already and in my own limited anecodtal experience the clarity the new law gives has made setting up new data usage/sharing arrangements has been quicker, easier and by extension cheaper than under the old regime.

    Quote Originally Posted by Dashers View Post
    A more extreme case is of course, the origins of data protection in Europe. When Nazi's rolled into countries they used secure government censor data to identify people with particular religious beliefs and slaughter them.
    Nerdy fact time. Under GDPR certain types of data are deemed to be extra sensitive and need extra conditions in place before you can process them, these are known as special category data. They are:

    Data relating to racial or ethnic origin.
    Data relating to political opinions.
    Data relating to religious or philosophical beliefs.
    Data relating to trade union membership.
    Data relating to genetics/biometrics.
    Data relating to health.
    Data relating to somones sex life or sexual orientation.

    That list was established in the 1950s and is essentially a list of things where the wrong answer would earn you a one way trip to a concentration camp under the Nazis. That's why financial data is not included on that list, as a lot of those sent to the camps were quite affluent.

    Quote Originally Posted by kompukare View Post
    While we are here - naturally - focused on what this means for UK users of Google (and whoever follows Google for similar reasons), does this also bode very badly for any UK companies holding information of any EU-27 citizen?

    I guess for very companies shifting things around is not a problem but for small to medium companies this could prove costly.
    That depends, but its something everybody involved is working towards resolving. If you're a multinational organisation you can use one of the other 2 methods of transfer I alluded to in my first post called Binding Corporate Rules. The simple version of this is that you provide legal undertakings that all offices/subsiduaries/franchises of a multinational org that lie outside of GDPR countries will follow the same rules and protections on the data as their offices/subsiduaries/franchises inside GDPR territories.

    If you're sharing with international partners that aren't part of the same multinational you can use the third method, Standard Contract Clauses. These are a set of clauses provided by the EU (or ICO for us now,) that you can drop into a contract that then bind both parties to uphold the rules of GDPR even though one of them may be extra-territorial to GPDR jurisdiction. I've been amending contracts in this way since we left and so have many others so that when the transition period ends everything will carry on as normal until/unless we get an adequacy decision or we change our Data Protection legislation.

  12. #25
    Senior Member
    Join Date
    May 2008
    Location
    London town
    Posts
    427
    Thanks
    8
    Thanked
    21 times in 16 posts

    Re: UK Googlers to lose GDPR protections says Report

    Anti-Brexit fear mongering designed to appeal to the remainiacs for whom EU=amazing, fab, stupendous and UK=s4it

    GDPR is UK law - the Data Protection Act 2018. The EU cannot pass laws in each country. We had to pass our own law to meet the directive of the GDPR.

    Before that we already had our own data protection laws that it was pointless updating whils the EU prepared GDPR.

    Just as the EU didn't invent employment protection laws, or the NHS, or clean water and safe food, they didn't invent data protection.

    People who think Boris is some tub thumping mini Trump, they are the problem. He is Tony Blair reincarnated (which for the current mad left is probably even worse). He's is progressive liberal (like most tories now) - I wouldn't even descibe him as econonomically conservative, given his spending plans.

  13. #26
    Senior Member
    Join Date
    Aug 2008
    Posts
    682
    Thanks
    31
    Thanked
    105 times in 75 posts
    • adidan's system
      • Motherboard:
      • MSI B450M Mortar Max
      • CPU:
      • R5 3600
      • Memory:
      • 32Gb 3200Mhz Crucial Ballistix Sport
      • Storage:
      • Corsair MP510 m.2 480Gb / 2xCrucial M500 1Tb0
      • Graphics card(s):
      • Zotac GTX1080 Mini
      • PSU:
      • 750W EVGA G3
      • Case:
      • CM NR400 Noctua Redux filled
      • Operating System:
      • W10 64 Bit
      • Monitor(s):
      • 27" 1440p Iiyama XUB2792QSU

    Re: UK Googlers to lose GDPR protections says Report

    Quote Originally Posted by gagaga View Post
    Boris is.....* snip * ....He's is progressive liberal (like most tories now)
    That really is a good one, I may use it.
    Grab that. Get that. Check it out. Bring that here. Grab anything useful. Take anything good.

  14. #27
    I'm Very Important
    Join Date
    Jul 2009
    Posts
    2,945
    Thanks
    321
    Thanked
    360 times in 318 posts
    • Domestic_Ginger's system
      • Motherboard:
      • Gigabyte GA-MA770-UD3
      • CPU:
      • Phenom II X2 550
      • Memory:
      • 4GB DDR2
      • Storage:
      • F3 500gb
      • Graphics card(s):
      • 5850
      • PSU:
      • Corsair 550vx
      • Case:
      • NZXT beta evo
      • Operating System:
      • W7
      • Monitor(s):
      • G2222HDL

    Re: UK Googlers to lose GDPR protections says Report

    Quote Originally Posted by gagaga View Post
    Anti-Brexit fear mongering designed to appeal to the remainiacs for whom EU=amazing, fab, stupendous and UK=s4it - snip- People who think Boris is some tub thumping mini Trump, they are the problem. He is Tony Blair reincarnated (which for the current mad left is probably even worse). He's is progressive liberal (like most tories now) - I wouldn't even descibe him as econonomically conservative, given his spending plans.
    Thats right!!! Because we all knew what we voted for



    The first comment is the best.

    "As usual I sit back and enjoy these videos. Laugh. Then I sit in a dark room and cry at the truth of it all." -stephen cain youtube.

  15. Received thanks from:

    nichomach (24-02-2020)

  16. #28
    Senior Member
    Join Date
    Aug 2016
    Posts
    3,927
    Thanks
    932
    Thanked
    970 times in 714 posts

    Re: UK Googlers to lose GDPR protections says Report

    Quote Originally Posted by gagaga View Post
    .....

    The EU cannot pass laws in each country. We had to pass our own law to meet the directive of the GDPR.

    .....
    Erm, they don't need to pass laws in each country. But yes, the EU can pass laws that have direct, binding effect in all member states the instant they are passed in the Eu.

    This is the difference between Regulation and Directive. A 'directive' is essentially a statement of objectives, or minimum standards to be achieved in all countries but it is left to each country to pass laws to achieve that .... if sufficient laws are already in place.

    A classic example is the consumer protection directive some years back. The EU directive mandated a two-year warranty ( which is not the two-year "guarantee" many mistook it for) on retail purchases. The UK Sale of Goods Act had had 6 years in place for a couple of decades, so we needed to take no action on that.

    But it also included minimum protections on distances purchases, so we got the Distance Selling Regs, implemented in the UK by Statutory Instrument to amend the SoGA.

    That's how EU directives work - member states have to all achieve at least the standards in the directive, but each member state can choose how to do it, and whether to exceed it.


    Regulations, on the other hand, become national law in all member states the moment they are passed in the EU, at which point, the principle of supremacy (as defined in and agreed to by all member states when they joined) in the fundamental EU Act by which that membership is created. This applies the areas of EU competency, but not to all areas.

    As soon as that EU reg is passed, citizens can rely on it in national courts, who are bound to accept the supremacy of such EU regs over any already existing national regs.
    A lesson learned from PeterB about dignity in adversity, so Peter, In Memorium, "Onwards and Upwards".

  17. Received thanks from:

    nichomach (24-02-2020)

  18. #29
    Senior Member
    Join Date
    Dec 2013
    Posts
    3,526
    Thanks
    504
    Thanked
    468 times in 326 posts

    Re: UK Googlers to lose GDPR protections says Report

    Quote Originally Posted by Saracen999 View Post
    Erm, they don't need to pass laws in each country. But yes, the EU can pass laws that have direct, binding effect in all member states the instant they are passed in the Eu.
    But only because those member states have enacted legislation to that effect. To say the EU can pass laws that have direct binding effect in all member states the instant they're passed is a bit like saying your local town council can pass laws that has direct binding effect on you even though you've chosen to live there, got to all the council meetings, and get to vote on all the laws the council passes.

  19. #30
    Senior Member
    Join Date
    Aug 2016
    Posts
    3,927
    Thanks
    932
    Thanked
    970 times in 714 posts

    Re: UK Googlers to lose GDPR protections says Report

    Quote Originally Posted by Corky34 View Post
    But only because those member states have enacted legislation to that effect. To say the EU can pass laws that have direct binding effect in all member states the instant they're passed is a bit like saying your local town council can pass laws that has direct binding effect on you even though you've chosen to live there, got to all the council meetings, and get to vote on all the laws the council passes.
    I'm not sure what you're getting at. If you mean that the EU can pass laws that directly affect all citizens because their country agreed to it, then yes. That's what I said. Second to last paragraph. Any country that joins the EU signs up to the founding treaties, and that is part of that.

    But I certainly didn't move to a "town" then object to the laws, and no I have no say in those laws, any more than I had in joining the EU.

    But hey, let's not go down the route of EU pro's and con's again.

    The point I was making was that, contrary to the remark I quoted, whether we think it good or bad, the EU can indeed pass laws that have direct effect. Not all EU laws require legislationin each member country.

    The other difference of course is that an EU law, via supremacy, is superior to national laws that either already exist or may be subsequently created, and they apply letter for letter, word for word, in all member states.

    Directives, on the other hand, set out the objectives nations are required to achieve, but each member state can (and has to) implement national laws to do do, by a date specified in the directive, but in their own wording.

    That is, Regs apply instantly, as soon as passed, and courts up to the ECJ apply, quite literally, the latter of that EU law.

    Directives don't apply instantly because the depend on being implemented in national law and that national law sets the start date nation by nation though all must (in theory at least) start by the date specified in the EU directive.


    That's all I'm saying. Two different methods of creating EU law, one requires implementing locallly but the other does not.

    There is nothing in there saying whether I like it or not, or approve (as if anybody cared) or not. It's simpy how it is. If a country buys into the EU, that's an indivisible part of the package. Take it or leave it. We, or rather Edward Heath, took it.
    A lesson learned from PeterB about dignity in adversity, so Peter, In Memorium, "Onwards and Upwards".

Page 2 of 2 FirstFirst 12

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •