EU Protects Online Data Quite Differently From The US

Your digital footprint can quickly extend far and wide and be used in multiple ways. Your interactions on Facebook shape the ads you see there. The kinds of films and music you stream may allow online companies to make inferences about your political leanings or religious beliefs. And your health insurer may analyze details about your online shopping habits.

How much control do you have over how companies collect and use your information? And what mechanisms are in place to protect your data against misuse?

If you are in the United States or Europe, the answers vary, which has led to tensions between officials and disputes with companies. In the United States, a variety of laws apply to specific sectors, like health and credit. In the European Union, data protection is considered a fundamental right, which can have far-reaching consequences in all 28-member states.

All the talk about data privacy can get caught up in political wrangling. But the different approaches have practical consequences for people, too.

  • You made a stupid mistake 10 years ago, pulling a harmless prank while at college that led to your arrest and to misdemeanor charges that were eventually dropped. Your record was spotless before and has been since. But that mistake follows you online, since a local newspaper wrote about the arrest and the article shows up when anyone searches for your name online. What’s your recourse?
  • In EU The so-called right to be forgotten legal decision allows you to ask search engines like Google and Microsoft’s Bing to remove links to the news article on European versions of those sites. (The news article remains available on the newspaper’s website.)
  • In the US The First Amendment of the Constitution protects freedom of expression, including the right of an individual to speak freely. There is no blanket ruling that allows people to delete, or remove negative information, about them-selves online.
  • Surprise! your bank has been Hacked - You have just received your monthly credit card bill after the holiday season. There are many luxury purchases you don’t recognize. Your card details — and those of thousands of other customers — have been stolen by hackers.
  • In EU Under new rules that will come into force over the next two years, any company must notify national regulators within three days of discovering a breach or face fines for not sufficiently protecting your data.
  • In the US Notification requirements vary by industry under federal law. Financial institutions, for example, are required to tell customers as soon as possible if a data breach could lead to misuse of personal information. However, companies may delay these disclosures if law enforcement officials determine that notifying customers could interfere with a criminal investigation.
  • All those clicks add up - You do thousands of searches on Google each year. You have hundreds of Twitter followers. And you have become addicted to the shopping and video services available through Amazon Prime. What information do these companies have on you?
  • In EU You can ask any company — for a modest administration fee — to send you details about what data it holds on you and what that information is used for. In most cases, companies must hand over the files within a month. In practice, the process is not always so smooth; some companies have declined to provide people with the data they had requested.
  • In the US There is no single federal law or standard people can rely on to obtain copies of their records. But there are industry-specific rules. Patients, for instance, may request copies of their medical records from health-care providers. Some companies, like Twitter, also allow customers to download their own archives.
  • My child has fallen for Video Games - Your 10-year-old wants to set up a player profile on an online video game that collects personal information including children’s real names, locations, photos and email addresses.
  • In EU Currently, there are no European-wide laws that apply specifically to how children’s data can be collected and used. Under new rules to come into force over the next two years, digital services like Facebook, Snapchat and Instagram must obtain parental consent before collecting data on anyone under 16 (and national governments can lower that age limit to 13).
  • In the US A federal law called the Children’s Online Privacy Protection Act requires children’s sites and apps to obtain parental permission before collecting personal details – like names and email addresses – from children under 13. The Federal Trade Commission enforces these protections.

NYT

 

 

« TalkTalk's Cybersecurity Lesson
Who Needs A Computer Science Degree Anyway? »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Ahope

Ahope

Ahope is a mobile security solution provider in Korea with a long history of security solution development.

Infowhiz solutions

Infowhiz solutions

Infowhiz provides solutions for backup/disaster recovery and network security.

Plixer

Plixer

Plixer delivers a network traffic analytics system used for monitoring, visualization, and reporting of network and security incidents.

Red Canary

Red Canary

Red Canary continuously monitors and analyzes your endpoints, users, and network activity in search of threatening behaviors, patterns, and signatures.

Cycode

Cycode

Cycode is the industry’s first source code control, detection, and response platform.

Blockchain R&D Hub

Blockchain R&D Hub

Blockchain R&D Hub's mission is to serve the needs of blockchain ecosystem as the center of excellence for technology research and development.

SecureWorx

SecureWorx

SecureWorx are a secure multi-cloud MSP, a provider of advanced IT security services and an independent cyber security advisory.

FPT Software

FPT Software

As a leading technology service provider, FPT assists customers of all sizes and from any industries in implementing and adapting digital technologies including cybersecurity.

Federal Bureau of Investigation (FBI)

Federal Bureau of Investigation (FBI)

The mission of the FBI is to protect and defend against intelligence threats, uphold and enforce criminal laws, and provide criminal justice services.

Boecore

Boecore

Boecore is an aerospace and defense engineering company that specializes in software solutions, systems engineering, cybersecurity, enterprise networks, and mission operations.

C2 Risk

C2 Risk

C2 Risk are focussed on risk analytics for information assurance, privacy and ESG (Environmental, Social, and Governance).

Panoplia Digital Protection

Panoplia Digital Protection

Panoplia Digital Protection is a cutting-edge cybersecurity company that leverages the power of AI and ML to help businesses and consumers protect themselves against cyber threats.

Methods

Methods

Methods is the leading digital transformation partner for the UK public sector. We care deeply about making our public services better and have been doing this for over 28 years.

Leo CybSec

Leo CybSec

Leo CybSec unites a group of Cyber Security experts with 20+ years of collective expertise to help our clients realise and mitigate the cyber challenges and risks facing their business.

Driven Technologies

Driven Technologies

Driven is a cloud native service provider transforming the way companies leverage technology to improve business by securing, modernizing, and connecting applications, users, and data.

PowerDMARC

PowerDMARC

PowerDMARC is a domain security and email authentication SaaS platform that helps organizations protect their domain name, brand, and emails against unauthorized use.