EU Protects Online Data Quite Differently From The US

Uploaded on 2016-02-12 in NEWS-Cybersecurity News, GOVERNMENT-National, FREE TO VIEW, BUSINESS-Services-Law

Your digital footprint can quickly extend far and wide and be used in multiple ways. Your interactions on Facebook shape the ads you see there. The kinds of films and music you stream may allow online companies to make inferences about your political leanings or religious beliefs. And your health insurer may analyze details about your online shopping habits.

How much control do you have over how companies collect and use your information? And what mechanisms are in place to protect your data against misuse?

If you are in the United States or Europe, the answers vary, which has led to tensions between officials and disputes with companies. In the United States, a variety of laws apply to specific sectors, like health and credit. In the European Union, data protection is considered a fundamental right, which can have far-reaching consequences in all 28-member states.

All the talk about data privacy can get caught up in political wrangling. But the different approaches have practical consequences for people, too.

  • You made a stupid mistake 10 years ago, pulling a harmless prank while at college that led to your arrest and to misdemeanor charges that were eventually dropped. Your record was spotless before and has been since. But that mistake follows you online, since a local newspaper wrote about the arrest and the article shows up when anyone searches for your name online. What’s your recourse?
  • In EU The so-called right to be forgotten legal decision allows you to ask search engines like Google and Microsoft’s Bing to remove links to the news article on European versions of those sites. (The news article remains available on the newspaper’s website.)
  • In the US The First Amendment of the Constitution protects freedom of expression, including the right of an individual to speak freely. There is no blanket ruling that allows people to delete, or remove negative information, about them-selves online.
  • Surprise! your bank has been Hacked - You have just received your monthly credit card bill after the holiday season. There are many luxury purchases you don’t recognize. Your card details — and those of thousands of other customers — have been stolen by hackers.
  • In EU Under new rules that will come into force over the next two years, any company must notify national regulators within three days of discovering a breach or face fines for not sufficiently protecting your data.
  • In the US Notification requirements vary by industry under federal law. Financial institutions, for example, are required to tell customers as soon as possible if a data breach could lead to misuse of personal information. However, companies may delay these disclosures if law enforcement officials determine that notifying customers could interfere with a criminal investigation.
  • All those clicks add up - You do thousands of searches on Google each year. You have hundreds of Twitter followers. And you have become addicted to the shopping and video services available through Amazon Prime. What information do these companies have on you?
  • In EU You can ask any company — for a modest administration fee — to send you details about what data it holds on you and what that information is used for. In most cases, companies must hand over the files within a month. In practice, the process is not always so smooth; some companies have declined to provide people with the data they had requested.
  • In the US There is no single federal law or standard people can rely on to obtain copies of their records. But there are industry-specific rules. Patients, for instance, may request copies of their medical records from health-care providers. Some companies, like Twitter, also allow customers to download their own archives.
  • My child has fallen for Video Games - Your 10-year-old wants to set up a player profile on an online video game that collects personal information including children’s real names, locations, photos and email addresses.
  • In EU Currently, there are no European-wide laws that apply specifically to how children’s data can be collected and used. Under new rules to come into force over the next two years, digital services like Facebook, Snapchat and Instagram must obtain parental consent before collecting data on anyone under 16 (and national governments can lower that age limit to 13).
  • In the US A federal law called the Children’s Online Privacy Protection Act requires children’s sites and apps to obtain parental permission before collecting personal details – like names and email addresses – from children under 13. The Federal Trade Commission enforces these protections.

NYT

 

 

« TalkTalk's Cybersecurity Lesson
Who Needs A Computer Science Degree Anyway? »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

AV Test

AV Test

The AV-TEST Institute is a leading international and independent service provider in the fields of anti-virus research and IT security.

FlashRouters

FlashRouters

FlashRouters offers DD-WRT compatible router models with improved performance, privacy/security options, and advanced functionality.

XenArmor

XenArmor

XenArmor products include NetCertScanner, an enterprise software to scan & manage expired SSL Certificates on your local network or internet.

Homeland Security Advanced Research Projects Agency (HSARPA)

Homeland Security Advanced Research Projects Agency (HSARPA)

HSARPA's Cyber Security Division (CSD) was set up to address DHS cyber operational and critical infrastructure protection requirements.

Invensis Learning

Invensis Learning

Invensis Learning is a professional training and certification company providing IT Service Management, IT Security & Governance, DevOps, Cloud Computing and Digital Awareness training.

SySS

SySS

SySS is a market leader in penetration testing in Germany and Europe.

Reposify

Reposify

Reposify’s cybersecurity solution identifies, manages and defends companies’ global digital footprints.

Havelsan

Havelsan

HAVELSAN is a leading technology company in Turkey developing indigenous systems for domestic and foreign military, public and private sector clients.

Trava Security

Trava Security

Trava simplifies cyber risk management for business owners and IT professionals. Automated assessments, mitigation advising, and data-driven cyber insurance.

Dawgen Global

Dawgen Global

Dawgen Global is an integrated multidisciplinary professional service firm in the Caribbean Region providing a range of services including Risk Management and Information Systems Assurance.

Exalens

Exalens

With deep roots in AI-driven cyber-physical security research and intrusion detection, at Exalens, we are enhancing operational resilience for cyber-physical systems at the OT edge.

MLSecOps Community

MLSecOps Community

The MLSecOps Community is a collaborative space for machine learning security experts and industry leaders to connect and shape the future of AI/ML security.

Domotz

Domotz

Domotz enables IT teams to monitor and manage their networks remotely, while ensuring that the security and the operational efficiency of their organizations are properly maintained.

CyberMaxx

CyberMaxx

At CyberMaxx, our approach to cybersecurity provides end-to-end coverage for our customers – we use offense to fuel defense.

Oxygen Technologies

Oxygen Technologies

Oxygen Technologies is a business systems strategy and integration company offering a variety of solutions to give our clients ways to work smarter not harder.

Secur-Serv

Secur-Serv

Secur-Serv is a security-first managed services provider. We provides Managed IT, Managed Print, Managed Device, and Cybersecurity services to companies of every size.