Civil War
More people need to be talking about taking up arms against the racists.
Article 50, the process for Britain’s formal withdrawal from the European Union, is looming. Upon the conclusion of Article 50, data centres resident in Britain will no longer be subject to EU data protection rules. Today, UK data centres are bound by the EU Data Protection Directive (95/46/C), which was in turn based on the …
Don't worry. The Graun readers have decided that EVERYBODY who voted leave is a racist (incidentally, the second worst slur the lefities have - the ultimate big boy is "Daily Mail reader").
According to the Spectator the Graun is going to shut its comment forums presently, so the Reg will be soon be even more contaminated with digital refugees, coming here to vent their socialist bile and hatred of democracy.
Given the complete loss of all and any sense of humour and inability to recognise sarcasm when it comes to anything around the referendum, I have no idea if this, or the AC to which it was addressed, were intended sarcastically or not.
We are here because the combined forces or our glorious leaders and supposedly intellectual superiors failed (and lost ground against, how FFS) to win over what were apparently just a bunch of old uneducated xenophobes.
The day when people stop letting the referendum prod them into being crap to each other really can't come soon enough.
"Or possibly very well educated people who <emfound reasons other than "blimmin' forinnners"</em> to vote exit."
Of which there are NONE.
Seriously.
Citation needed.
Because the way the EU is now trying to steal the pensions funds (BTW, until the UK is out the UKs and the Netherlands pension funds, which form the vast majority of pension savings funds within the EU, are still at risk. Look into the recently passed EU wide pension legislation), the way the EU is trying to backdoor in an EU wide army, the way the EU is trying to backdoor a federation, the way the EU is trying to backdoor and backroom handle trade negotiations like TTIP and CTIP and the way the EU is trying to backdoor and closed door backroom handle many many other less than popular legislations cannot POSSIBLY be a reason to vote for Leave. Nope, just "blimmin forinrs"...
Maybe you should step out of your little bubble and meet some people from other walks of life. You seem to have been infected with EU propaganda. And if you really think all those who voted leave are ignorant racists it bloody well falls on the Remain campaign for failing to actually, you know, campaign and explain people PROPERLY why remain is the better option. Instead of going doom mongering.
"Given the complete loss of all and any sense of humour and inability to recognise sarcasm when it comes to anything around the referendum"
This is indeed a great loss. Quite possibly the worst harm caused by all that Brexit brouhaha.
As one fellow commenter half-jokingly quipped: British sense of humour is about the only thing why Brits are really needed in the EU.
Yes, mentality is pretty darn important. With that in peril everything else is in peril. Economic matters can be resolved eventually, given enough time and effort, maybe with a need to suffer few years of hardship along the way. Trust, however, is very hard to regain. And a society so bitterly divided may take a whole generation to heal.
On the other hand it's not uniquely British problem. Great divisions over small(ish) issues seem to become normal all over the world. Like it was an alien mindbug or something like that. About the only thing a sane person can do is to be cautious and not go along with mindlessly screaming hordes. Oh, and keep the sense of humour intact.
As a fully signed up member of the Guardian reading London Metropolitan Elite I feel the need to point out you are quite wrong, your not Daily Mail readers or Racists, you are Daily Mail reading Racists! :-)
In all seriousness though, the Guardian closing its comments section is probably good news, the way the Indie's comments section has gone is horrendous, Calling many of commentators there racist is an insult to racists and I would hate to the Guardian turn into the cesspool of full on (Islamophobic) hate that is the Indie's comments section is these days.
"Don't worry. The Graun readers have decided that EVERYBODY who voted leave is a racist (incidentally, the second worst slur the lefities have - the ultimate big boy is "Daily Mail reader").
According to the Spectator the Graun is going to shut its comment forums presently, so the Reg will be soon be even more contaminated with digital refugees, coming here to vent their socialist bile and hatred of democracy."
The Guardian is wrong for not all those who voted Leave are racists. They are also ignorant, ill-informed, ill-educated, Europhobes, xenophobes and Polish-haters too.
Leave only had a marginal win at best and that win was only based on outright lies (the most egregious of which was that all EU money was going to be diverted to the NHS) and scaremongering about immigrants (like the leaflet that implied that the whole of the Turkish population was coming to the UK).
The Leave campaign made it acceptable to express hate in both verbal and physical form and that has very tragically led to some murders too. Yet no one from the Leave campaign, or supporters thereof, have condemned these attacks.
It is also a blatant falsehood to claim that only voters of the left voted to remain to within the EU for many millions of voters of the centre and centre-right also voted to remain in the EU.
"The Leave campaign made it acceptable to express hate in both verbal and physical form and that has very tragically led to some murders too. Yet no one from the Leave campaign, or supporters thereof, have condemned these attacks."
What an incendiary and disgusting comment to make. No campaign made it acceptable to do anything. Least of all to murder or abuse someone. None of that is acceptable in any way shape or form ever.
What I do know is, the world didn't end, world war 3 (and yes that was predicted by someone very central to the remain campaign) did not happen and that people did not have to have the fear of God put into them to scare them to vote a certain way. As another poster said above, plenty of people had many reasons that were nothing to do with xenophobia for leaving the EU. How dare you tar everyone with the same brush.
If it wasn't binding it wouldn't be a democracy. You're damn right its a mandate and people need to get over themselves and accept that. Brexit hasn't happened yet no, had you heard the hysteria at the time you would have thought the world was going to end as soon as a decision to leave was made. The world will not end when Brexit does happen either.
I doubt anyone is going to come back to these comment pages so long after the story being published but I thought I'd reply!
@heyrick
Did I ever say it wasn't advisory? Jeez you muppet try reading for God's sake. However, the people voting would expect the result to be binding regardless. I doubt the leave campaign would have been crying like babies that they didn't get the result they wanted and asking for another referendum. Nor would they be blathering on about it being advisory. As a leave campaigner I would have accepted a result to stay in as the will of the people. Quite simple really.
You said, and I quote: "If it wasn't binding it wouldn't be a democracy." What the hell is a binding advisory referendum supposed to be? If it is binding then it isn't advisory. Quite simple really.
"I doubt the leave campaign would have been crying like babies that they didn't get the result they wanted and asking for another referendum." Actually I believe that's EXACTLY what Farage was saying when he originally thought the result was going to be Yes.
Plus, the big poll for having a second referendum was started by a leave supporter.
But, hey, pretty much the entire leave campaign has been a whole lot of bullshit, what's a little more, eh?
"Good plan. We just need to agree on who the racist are."
Kill them all. God / Farage will recognise his own.
Can we start on the politicians, journalists, estate agents, lawyers and priests when we finish. After that we can get the Windows / Linux / Mac users {1.} up against the wall
1. Delete inapplicable.
data centres resident in Britain will no longer be subject to EU data protection rules.
This is only relevant if they will have any Eu business. That depends on DPR, taxation, VAT rules between UK and Eu and god knows what else.
Looking at any tea leaves before these are resolved is rather pointless. If the "hard line" of current BrExit secretary is to be implemented, there may be very little business in the first place so nothing to worry about from that perspective. It will be more appropriate to worry about getting that potato picker job in Lincolnshire to replace the evicted Eastern European migrants.
If a softer line is followed we need to see what will be the actual regs.
In any case, regardless of the softness or hardness of the negotiation line, UK-only Datacenter operators of the "physical server" variety are looking at lost business. Business does not like uncertainty - they will move somewhere where they can colocate without worrying about all of it. Cloudy/Virtualized providers who have facilities in both Eu and UK will just see some move from left pocket to right pocket + conversions as their ability to move the processing to the correct location becomes a major selling point.
Looking at any tea leaves before these are resolved is rather pointless
Au contraire, examining all the possibilities, ranking them by probability and looing at what mitigations to take for those with the biggest potential impact is all about effectively managing a company.
Look what just sitting and waiting ant not preparing did for our Govenment's Brexit strategy.
We are in the process of moving all our data and company registration to Amsterdam.
It's a bit of a hassle but worth it in the long run. We will not be held hostage to entirely unpredictable processes. Is the UK going to leave the EU? If so, when? Which EU regulations will the UK gov. still want/have to implement post-Brexit? Which regulation will change? Will that be for the better or worse? How much extra burden is having to comply with both UK and EU regulations? etc. etc.
By moving to a country that will stay in the EU any Brexit risk is then only impacting our UK customers, for the majority of our customers nothing changes. Far better than the other way around.
moving ... to Amsterdam.
By moving to a country that will stay in the EU
Given current unhappyness about government policy and the rise of EU skeptic political parties in the Netherlands, I have my doubts you should be so certain about that. I do believe however if it comes to the Netherlands leaving the EU it will be because the project has finally just failed so miserably it just falls apart. Doing so at the moment imho would probably have a massive negative impact on our economy (even if it IS the smart/right thing to do).
Of course we have looked into this risk and the actual chances of the Netherlands leaving the EU are minute.
Only one of the Dutch political parties (the far-right PVV of Geert Wilders) has ever favoured leaving the EU. They have gone remarkably quiet on this specific topic since the British referendum as the Dutch voter reads about the turmoil it has thrown the UK in and popularity of the EU has risen as a result. The PVV have now pivoted from anti-EU back to anti-foreigner. Furthermore, the PVV has just published its one-page election manifesto that is so outlandish (read: deliberately written to not be able to ever join a coalition government) that it makes Jeremy Corbyn look dead-set as the new PM. Don't expect a Dutch political party to make the same mistake Cameron has made, especially not after Cameron has shown the rest of Europe the dangers of it.
"Of course we have looked into this risk and the actual chances of the Netherlands leaving the EU are minute."
I seem to recall an awful lot of people saying similar things about the referendum here too...
Do you? I don't -- no-one who ever looked at the polling over the last few years, anyway.
@Len,
I think your research is a bit flawed to be honest. There are more parties and politicians that have voiced doubt about the current direction/organisation/politics of the EU.
On top of that you seem to highly overestimate the intelligence of the average politician in the Netherlands. If they think they can get votes by being EU skeptic they will be EU skeptic. On top of that the current governing parties (PvdA and VVD) are polling at an all time low and total decimation at the next elections (next year). PVV is still polling at a major win. Whatever happens in the meantime, political upheaval and uncertainty is no doubt coming to the Netherlands come the elections next year. I doubt it's going to stay business as usual over here.
I'll agree Geert Wilders is a bit of a loony and his "election 'manifesto'" is somewhat laughable, but we'll have to see if possibly VNL might be able to jump into the gap by being right wing but not batshit insane.
In any case, there is a massive undercurrent of dissatisfaction with the current government and current EU and Netherlands policies. Who knows how that will eventually work out. I wouldn't exclude a Nexit. (Like I said, my thinking is this will only happen if the EU as a whole falls apart)
@Len, BTW, don't get me wrong, you are very welcome in our little country. We could do with the added work/economy/tax given how many companies have left or fallen over. I'm just a little puzzled why anybody would choose the Netherlands out of all the EU countries on offer given our current goverments hostility towards any bussiness smaller than a few million euros turnover (Current attitudes seem to be: "If you don't make enough to make a special deal with the Tax services, bend over and take it!"). I certainly wouldn't consider starting a company in the Netherlands. And I live here!
nothing like premature ejection to spoil the mood.
the likely hood is that the UK will retain the same EU rules and regulations with the option to amend as and when is required using the normal predictable UK procedures and time lines.
yes the top court for rulings will change to a UK based one but why is that such a bad thing?
Also if you are trading in the UK what will be the impact to you of hosting UK data bound by UK rules in a foreign land?
interesting anecdotal data point. But if your employer wants to trade in the UK (which seems likely) they will still have to deal with the complications of trading across the new EU border between the UK and the EU27, won't they? And I'm pretty sure that a company which manufactures goods or provides services from sites located in the UK will still have to deal with whatever tariffs, taxes, regulations and whatnot are imposed, regardless of where the company's registered head office is. No? (IANAL, as must be glaringly obvious...)
Location of Head Office has NO IMPACT on any trading across actual borders. Subsidiary in say an EU country like Germany has two sets of rules a) An EXPORT outside EU, b) a DISPATCH to a country inside EU. At the moment all UK trade to EU and EU trade to UK is a Dispatch for customs & VAT purposes. After BREXIT all UK trade to EU and from EU is a normal EXPORT (it will cross the EU external boundary) [A dispatch crosses a National Boundary (say UK to Ireland, Netherlands to Germany ) but does not cross the EU Boundary. The Physical location of origin of goods is important the HQ and its registration is not.
This post has been deleted by its author
...that the UK government elects to conform to EU GDPR after Brexit. Apart from the obvious point that if we don't no EU-based company is going to want its data stored or processed here (because to do so would be illegal unless some sort of Safe Harbour agreement is reached (more negotiations - whoopee!)) but because we've been trying to get senior management to pay attention to " knowing what data they hold, why they hold it, where it’s kept and how long it should be kept for" but the will hasn't been there. Now it's actually likely to result in an ICO fine (especially when that fine level goes up to up to 20% of turnover) they have started to pay atttention!
Issues like this won't matter to most people that voted Brexit (ie the over 65 ex-mill or mine workers, at least here in the North West) because they don't have a computer. Or if they do don't know anything about how it works.
'Why the fuck is {Strictly/Bake Off/Antiques Roadshow} not working on this blasted computer?'
'Son, you got a minute?'
Brexit makes us all look like dicks.
If you consier that we're all human beings on this one planet, details of precisely who lives where shouldn't matter that much in the grand scheme of things, but unfortunately, it seems to matter enough to those who are moved by posters of "the hoardes" (of largely-brown people) on Nigel Farage's infamous poster to start behaving like dicks to anyone who seems to be from 'elsewhere'.
...not that this distaste for Johnny Foreginer makes us less likely to stop our government's casual and regular creation of countless refugees with our 'surgical' interventions in numerous countries over the last few decades.
Having spent several years in the 70's working on building sites out of term time at Uni, I'm perpetually amused at the attitude to Johnny Foreigner these days - at that time most of the workers were Irish (claiming to be IRA) and told the best jokes.
Of course, these days the Irish jokes are all too "racist" to laugh at or repeat in public.
UK had a data protection act prior to the EU DPD. In fact - both those pieces of legislation are basically trying to implement a much earlier (1940/50's?) UN human rights clause.
Leaving EU will not affect UK DP abilities or how good/bad we are perceived by non-EU. With or without GDPR.
As for the EU - if they choose to cut of the outside world that is their choice.
I think there is an important point here, which impacts many areas of the law.
If the EU sends a Regulation, then that EU law will automatically apply in each member state.
The GDPR is EU Law.
When we leave the EU, it simply no longer applies at a stroke.
But if the EU sends a Directive to members, then each country will enact a law in it's own legal system. That's what happened with the DPA.
So the DPA is a UK law.
It will not change when we leave the EU.
This post has been deleted by its author
What an almighty clusterf**k
Still the UK can still dump all it's data into the US without any problem. Yay.
Not so sure how many other European countries (yes Britain is a part of the European land mass, whatever they think) will want to send any of their data to the UK if they can help it.
One interesting side effect of Brexit will be to see just how "special" the special relationship with the US is once the UK is no longer it's back door stepping stone into Europe.
Still the UK can still dump all it's data into the US without any problem. Yay.
in practice, yes, but in theory that's been illegal since the US' status as Safe Harbour was struck down.
https://www.theguardian.com/technology/2015/oct/06/safe-harbour-european-court-declare-invalid-data-protection
UK companies and organisations must comply with GDPR. Even if Article 50 was triggered tomorrow, the end point would be Sept 2018. GDPR compliance must be made [for all European nations] by May 2018, so there would still be a 4 month period where the UK would have to be compliant (until the 2 year period after triggering Article 50 is up, the UK would legally still be a part of the EU and subject to it's laws). As it stands, it's doubtful that the UK will initiate Article 50 until early 2017, meaning the UK would have to be compliant for at least 8 months.
Additionally, it would be crazy not to be GDPR compliant after Brexit.
Firstly, why waste all that hard work becoming compliant? After all, GDPR is going to generate many new jobs in the IT industry (for example the DPO role that many companies will need) and increasing security for people's data can only be a good thing.
Secondly, I'm sure many UK companies would still continue to do business with European companies and individuals. Showing that the UK/UK Companies are GDPR compliant would also go a long way to help exit/future relationship negotiations with the EU.
"Additionally, it would be crazy not to be GDPR compliant after Brexit."
I agree with you but there are a lot of crazy people out there. And some of them will be looking at the issue and thinking "that's a lot of work" and then "if we don't do it there's only a few months when someone could catch us out and even if they catch us out they won't have time to do anything about it".
There's the additional complication that whatever businesses do about compliance the effect of investigative powers legislation might be to undermine any chance to be seen as compliant from the EU perspective.
Agreed, there may be people out there willing to risk it, but the attitude of many Eurocrats is "We want to make it as hard as possible [on the UK], to set an example to dissuade any other [member] states from following the UK and leaving the EU". I am sure that any UK company found to be non-compliant would be have their cases rushed through the EU courts to ensure they are hung, drawn and quartered before the terminal point of Article 50, don't you think?
"There's the additional complication that whatever businesses do about compliance the effect of investigative powers legislation might be to undermine any chance to be seen as compliant from the EU perspective."
I'm sure that there are many people on here that feel that the Data Retention and Investigatory Powers Act goes too far. GDPR could be the saving grace, to temper what is basically a Bill which legalises state sponsored spying on it's people (usually under the scaremongering banner of terrorism). Furthermore, non-compliance [of GDPR], combined with Data Retention and Investigatory Powers Act, may make the UK a pariah state (in Europe's eyes), forcing many businesses to mainland Europe after Brexit, potentially causing considerable job losses.
What we really need to know for definite (from the UK Government), is whether or not the UK will retain GDPR post-Brexit.
No language allows 'rush' and 'courts' in the same sentence, However yes the UK can 'may appear to rush things', same procedure; cease to trade as a company , in UK 10 days , in Italy 7+ years in my personal experience. It was a cessation of an unincorporated joint venture where each party has to cease under its own laws.
UK companies and organisations must comply with GDPR
And who's going to enforce that, pray tell? If you said "the ICO" -- I suggest you look into their powers and the size of their budget, and then contemplate the number of Data Controllers and Data Processors in the UK economy...
Is another lay of bureaucracy nothing more.
As someone all pointed out the world is one big data point.
If a country, business or individual wants a certain level of data protection then simply get your data centre to sign a contract to that level of security, if they break the contract, move your data and sue them.
If your worried about government snooping, then another lay of bureaucrats isnt going to fix anything.
Governments need to provide reasonable cause before getting a court order and grabbing the data under current laws which they generally if not ignore are simply rubber stamp over.
And when it comes to the UK & US, they have listening stations all over the planet and they grab your data out of the air.. so yeah a lay of bureaucracy really going to help there...
Where do I start?
To answer your points:
If a country, business or individual wants a certain level of data protection then simply get your data centre to sign a contract to that level of security, if they break the contract, move your data and sue them.
This is addressed [very] comprehensively in GDPR. It goes further, to include (read: require) risk assessments, conducted by both the data owner and the data centre.
If your worried about government snooping, then another lay of bureaucrats isnt going to fix anything.
It will if GDPR trumps the Data Retention and Investigatory Powers Act. GDPR not only ensures that any company that has your details are responsible for your details, but those details are private and should not be shared with anyone without your express permission.
Governments need to provide reasonable cause before getting a court order and grabbing the data under current laws which they generally if not ignore are simply rubber stamp over.
This is a major argument against the Data Retention and Investigatory Powers Act, as it does not require ANY judicial oversight to government "data grabbing". So no court order (or reasonable cause) needed.
And when it comes to the UK & US, they have listening stations all over the planet and they grab your data out of the air.. so yeah a lay of bureaucracy really going to help there...
That may be, but the evidence gathered is not (generally) admissible as evidence in a UK/US court of law. Nor would any government admit to "grabbing your data out of the air" from a listening post in a public court of law.
The article is good but a little misleading. No matter when (if?) Brexit happens, any UK company that holds data on an EU citizen anywhere will have to comply with GDPR.
For example, if you are an Exporter of widgets and have customers in France or Germany, you will need to ensure that your processes around personal data (whether you're B2B or B2C) abide by GDPR. In this case, if you had a breach, both the French and German regulator could come after you.
This needs to be made super clear to people - Brexit is not an excuse to ignore GDPR.
"The article is good but a little misleading. No matter when (if?) Brexit happens, any UK company that holds data on an EU citizen anywhere will have to comply with GDPR."
Hmmm. Not quite. If the company already holds that data that alone won't make them have to comply because post-Brexit they'll be outside the jurisdiction of the EU. There may be contractual issues with an EU customer if they have one but in that case it would be the customer at risk of non-compliance.
OTOH any UK company that wants to acquire such data from an EU customer will have to comply.
(Disclosure: I have, in my time, been the ICO-registered Information Security Officer responsible for my then employer's data protection processes.)
In the real world, many or most SMEs and probably quite a few larger enterprises are just going to ignore any new data protection requirements on the basis that they'll be going away shortly after coming into effect. For almost all of those organisations, that gamble will pay off. The only organisations that will suffer will be the ones that get compromised and lose a lot of customer PII, or leave unencrypted laptops in taxis, etc, *and* that the poor bastard doing my old job decides his/her personal legal liability for not notifying the ICO of the breach outweighs the enormous pressure the business will put on them to keep schtumm and hope it all goes away again. Although the ICO has an impressive list of past fines on their website*, for almost everyone else there's nothing to see here.
(I must emphasise that I don't think that's a GOOD thing -- just realistic.)
Oh yes? Who's going to make them? It'll be the EU courts that enforce it and they can only do so on entities within their jurisdiction.
If the non-EU company is going to process such data for an EU customer then it will be incumbent on that customer to require compliance as part of the contract. If the company fails to comply it will be a breach of contract and a civil matter for the customer to take up in whatever court has jurisdiction over the contract.
It's not the same thing.
and they can only do so on entities within their jurisdiction
True but any company big enough to worry about has a subsidiary / tax dodge in the EU.
EU shock troops aren't going to be landing at mountain view but they don't need to, they can just fine the hell out of Google Ireland.
The UK Government has to postpone invoking article 50 until after then to ensure the election overtakes it.
The EU has to force it before then to allow the UK pension spongers to be deported and the walls of Festung Europa to be built to appropriate heights.
Paris wonders "why?"
How could the EU possibly "force" the UK to trigger it? It is entirely up to the UK to determine the timing - or to do it at all.
Personally I think the UK government will be unable to reach agreement to do it, because as far as I know it is still unclear who or how it is trigger in a way that is official to the EU, and there seems to be a lot of Brexit-regret.
"Article 50, the process for Britain’s formal withdrawal from the European Union, is looming..."
I'm confused why everybody assumes that Dictatrix May will actually perform the ultimate stupidity of invoking Article 50 without a Parliamentary vote. I know she's said that she will, but by the end of the year all pretence that any of the Leave fantasies can be made real will certainly have vanished, and I expect Minister-for-National-Suicide Davis to be looking very sheepish. The risk of losing a vote of confidence will be very high if she dares to bypass the Commons on such a matter.
All the same, it does seem wise to make a plan for moving data centres to another part of the EU.
It's a tricky situation.
You're right that the risk of losing a vote of confidence exists if she dares bypass the Commons but what about the risk of losing an election if the Commons dares bypass the popular vote?
I think it would be foolish to be confident about either outcome.
Will everyone stop saying that we leave two years after Article 50 is triggered? Two years is just the timeout period if agreement hasn't been reached (unless an extension is agreed).
3. The Treaties shall cease to apply to the State in question from the date of entry into force of the withdrawal agreement or, failing that, two years after the notification referred to in paragraph 2, unless the European Council, in agreement with the Member State concerned, unanimously decides to extend this period.
I'm becoming more hopeful that Brexit won't happen.
Mayes won't trigger it without a commons vote - she'll have received advice that there is a real legal question that Crown Perogative would not extend to triggering Article 50. She'll then look at the commons, and see that there'd be a real chance of losing such a vote. So then it'll come down to the next election, and who knows what would happen then
First point, what on earth are the dodgy Civil War comments doing against this Brexit article - not the place i don't think!!!
Secondly are these comments accurate or are they matter of opinion in terms of when the UK leave the EU then the GDPR wont have to apply unless we decide to uphold it within our own laws and have our own Privacy Shield type agreement?
From what I have read elsewhere the GDPR will apply to all countries worldwide where those companies store and/or process EU citizen data. So for those companies that do their seems to be no choice, no need for Safe Harbour style agreements unless you are a UK organisation being passed EU data. If as my company does, you collect EU data directly from EU consumers then there is no choice we have to abide by GDPR just as the US , Canada, China etc... have to.
I am missing the point as to why any none EU country needs a Privacy Shield type agreement in place if EU member states will insist on the GDPR being applied by companies worldwide who process and store EU data - surely this should be the agreement. If EU companies want to use UK,US or other non EU countries for processing or storing data then they simply insist on the GDPR being applied there.
«“My opinion is that UK businesses will continue to enjoy a good latitude and freedom to transfer data to the US after Brexit,” [lawyer Ashley] Winton said, arguing that the UK ICO has always been accommodating when it comes to data transfer issues.»
Quelle surprise !...
Henri
I thought this line in the article was interesting.
Individuals have a right not to have decisions made about them without human intervention, such as credit approvals and e-recruiting
Wowsers, algorithms making decisions are now illegal? Have they just banned everything from automated comment moderation to internet dating to car insurance?
I'm guessing that is not what was intended but that's the trouble with broadly worded regulation. You don't have to ban things to discourage them just put enough doubt out there that someone considering a startup decides they don't want to bet the farm on an interpretation of the rules.
@Seajay: don't get too excited! The new anti-profiling rules are just a recycled version of the old Directive rules (cf section 12 Data Protection Act 1998). Just like the so-called "right to be forgotten" is just the recycled right to erasure (cf section 10 DPA). Plus ca change on the rules.
Remember: nothing has been suddenly made illegal - in fact all data processing has been illegal by default (ie unless you can justify it) since 1995. Indeed that's the British way, not just the EU way (just look at Copyright Designs and Patents Act 1988), as my US intellectual property lecturer sardonically put it years ago. On top of that, look at British Gas' excuse "it was our computer wot done it not us guv!" in Ferguson v British Gas, one of the funniest Court of Appeal judgments I saw last decade.
On your specific query, it's quite simple. Part of what you have to do to legitimize use of profiling algorithms is to disclose to your customers the substance of what the algorithms do (see for example Article 13). As someone working on profiling algorithms for "big data" decades before it was called that, I heartily endorse this approach.
The real differences are: now they'll be enforced. And everyone and his dog can enforce them. And now the fines are existential. At last people will be dragged kicking and screaming into the late 20th century...
And don't worry about startups. The GDPR will supercharge the internet of things by (inadvertently) destroying all the barriers to competition in that field. I leave it as an exercise for you to work out how... :).
Well done Mr Bradbury: by far the most insightful article on Brexit and the GDPR I've seen in a trade journal. There are some extra reasons nobody in the UK is likely to touch the GDPR for a while (associated with means, motive and - as a Home Office project - opportunity), but that's just icing on the cake.
That said, the GDPR is already embedded into UK law and it provides many commercial opportunities as well as threats. The mere fact it doesn't come into force in May 2018 doesn't mean parts of it (notably some of the Recitals) can't be exploited right now by companies - whether defending themselves against e-discovery in foreign law cases brought in civil and criminal jurisdictions (in my experience the "usual suspect" governments and competitors are found in the USA and Australia), or seeking to damage bigger competitors (as Google recently discovered), or taking advantage of the way the GDPR will eliminate many barriers to IoT startups.