Who will be enforcing this for anything happening in the UK? The ICO?
Why do I have this sense of impending doom?
I also can't shake the image of complete lack of action that has become so closely associated with the ICO...
Strict new rules forcing companies to pay four per cent of their global turnover in fines if they breach the European Union's data protection regulations have today been formally agreed. The legislation will create a uniform set of rules across the EU "fit for the digital era," said the EU in a press release. It said they …
The ECHR should be behind this. The ECHR decision on Safe Harbour came about because Schrems wasn't satisfied with the relevant regulator's response (in that case Ireland). So if the ICO doesn't get their finger out then they also might be taken to court. I suppose the Treasury might be egging them on as well - the thought of 4% of the global turnover of Google or Facebook or MS. Mmmm all that data from W10....
With news article after news article about how every company considers user data (not to mention a whole load of governments too, but that's a different story) as fair game, it is wonderful to see some action not influenced by corporate shills.
Bless you EU, may you force this through to the UK before the pig f***er puts through a EU referendum.
Companies seem to think that adding the word 'innovation' to anything they do makes what they do morally and legally acceptable. It doesn't, and terms like 'data innovation' - something they claim that they won't be allowed to do in at least one article - really make my skin crawl.
Of course the same applies to private outfits which are set up for the sole purpose of harassing (cold calling), hoovering up data etc, often hidden in layers of "holdings" and "groups" and practically nada on their balance sheets, or all the entities which keep losing citizens' data.
Turnover alone is a very bad metric to determine fines. But hey, it's a good start, because unless something costs serious money, megacorps will not care.
This should be fun. The Google pinata law is Go. Unfortunately Google can actually handle its data, though they'll definitely have to leave a limb behind. Facebook will be apoplectic that they'll have to allow user data export. Good.
Enforced data export fluidity might be an problem where finding and cleaning the data is the point of the business. Everyone's definitely going to get 'informed consent' fatigue. Cookie banners on steroids that must actively prevent you entering until you agree. Will sites be usable by those who decline? Incognito browsing will bloom barriers every .. single .. time.. and God help you if you're a bot.
But really, this is just a big glorified beta test, and it's going to get very grating for all parties over the next few years, with other nations taking note/advantage. Nobody will get this right for decades.
If they published a press release saying you had been prosecuted for tax evasion, then yes you could ask them to take it down after a suitable period of time had passed. If they leaked your tax return data, you could complain in the same way that you could complain about anyone else leaking your data.