info
Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
And now, the GDPR...
6 views
Skip to first unread message
Denis Beauregard
May 24, 2018, 10:29:02 AM5/24/18
to
Europe has issued a new unified set of rules about privacy.
http://europa.eu/rapid/press-release_MEMO-18-387_en.htm
There are millions of web sites with "private" information. Some
show for example a link to uncles, siblings or nephews. If the
web site is in Europe, then the web site can be sued. Prepare to
see disappear millions of web sites...
Denis
--
Denis Beauregard - généalogiste émérite (FQSG)
Les Français d'Amérique du Nord - www.francogene.com/genealogie--quebec/
French in North America before 1722 - www.francogene.com/quebec--genealogy/
Sur cédérom à 1785 - On CD-ROM to 1785
http://europa.eu/rapid/press-release_MEMO-18-387_en.htm
There are millions of web sites with "private" information. Some
show for example a link to uncles, siblings or nephews. If the
web site is in Europe, then the web site can be sued. Prepare to
see disappear millions of web sites...
Denis
--
Denis Beauregard - généalogiste émérite (FQSG)
Les Français d'Amérique du Nord - www.francogene.com/genealogie--quebec/
French in North America before 1722 - www.francogene.com/quebec--genealogy/
Sur cédérom à 1785 - On CD-ROM to 1785
Ian Goddard
Jun 5, 2018, 6:00:51 AM6/5/18
to
On 24/05/18 15:28, Denis Beauregard wrote:
> Europe has issued a new unified set of rules about privacy.
>
> http://europa.eu/rapid/press-release_MEMO-18-387_en.htm
>
> There are millions of web sites with "private" information. Some
> show for example a link to uncles, siblings or nephews. If the
> web site is in Europe, then the web site can be sued. Prepare to
> see disappear millions of web sites...
It's a good deal more nuanced than that.
> Europe has issued a new unified set of rules about privacy.
>
> http://europa.eu/rapid/press-release_MEMO-18-387_en.htm
>
> There are millions of web sites with "private" information. Some
> show for example a link to uncles, siblings or nephews. If the
> web site is in Europe, then the web site can be sued. Prepare to
> see disappear millions of web sites...
1. GDPR only applies to persons resident in the EU. To be resident
there one has to be alive. My understanding is that it has /always/
been best practice not to put details of living people onto genealogical
sites without their permission. At the very least this is a matter of
common courtesy.
2. It doesn't apply to statutory information. That includes civil
registration data.
3. The first recourse of an EU resident is to contact the site to
require a take-down of the data. That's not the same as sueing.
4. If the site doesn't respond it's up to the relevant local data
regulator to take action. If they're not satisfied with the response
they can issue fines. That's not the same as being sued either.
5. It doesn't matter where the web-site is located, it matters where the
data subject is resident.
That's a brief overview of the issues raised in Denis's post. There's a
lot of other detail such as defining Data Controllers, Data Processors
and their roles and responsibilities.
To quite a large extent the provisions of the regulation were present in
the previous directive and in individual countries' legislation. The
difference between a directive and a regulation in the EU is that the
former has to be enacted by local legislation while the latter is
EU-wide legislation in itself. The regulation, however, closes a number
of loopholes (e.g. you can't make provision of a service conditional on
the provision of excessive data or on the provider's being able to use
data more widely than needed to provide the service) and it increases
fines to a level that should grab the attention of the boards of even
the largest corporations.
Ian
Denis Beauregard
Jun 5, 2018, 11:27:27 AM6/5/18
to
On Tue, 5 Jun 2018 11:00:50 +0100, Ian Goddard
<godd...@hotmail.co.uk> wrote in soc.genealogy.computing:
>On 24/05/18 15:28, Denis Beauregard wrote:
>> Europe has issued a new unified set of rules about privacy.
>>
>> http://europa.eu/rapid/press-release_MEMO-18-387_en.htm
>>
>> There are millions of web sites with "private" information. Some
>> show for example a link to uncles, siblings or nephews. If the
>> web site is in Europe, then the web site can be sued. Prepare to
>> see disappear millions of web sites...
>
>It's a good deal more nuanced than that.
>
>1. GDPR only applies to persons resident in the EU. To be resident
>there one has to be alive. My understanding is that it has /always/
>been best practice not to put details of living people onto genealogical
>sites without their permission. At the very least this is a matter of
>common courtesy.
FamilyTreeDNA is located in Houston, TX, and changed completely
their rules about privacy. World Families Network, which was
apparently hosted in USA, closed because of that. So, a lot of
people seems to worry about the GDPR even if not in EU.
New rules at FTDNA made the administrators of projects (who are
not employees) reponsible when they put the data on other sites
even if neither is in Europe.
>2. It doesn't apply to statutory information. That includes civil
>registration data.
>
>3. The first recourse of an EU resident is to contact the site to
>require a take-down of the data. That's not the same as sueing.
>
>4. If the site doesn't respond it's up to the relevant local data
>regulator to take action. If they're not satisfied with the response
>they can issue fines. That's not the same as being sued either.
>
>5. It doesn't matter where the web-site is located, it matters where the
>data subject is resident.
Actually, it is a European law that is applied to not-European
countries, which could be enough to be ruled as not legal, at least
by the lawyers when the 1st complaints will happen. By the way, they
already happened, against Facebook and Google.
>That's a brief overview of the issues raised in Denis's post. There's a
>lot of other detail such as defining Data Controllers, Data Processors
>and their roles and responsibilities.
>
>To quite a large extent the provisions of the regulation were present in
>the previous directive and in individual countries' legislation. The
>difference between a directive and a regulation in the EU is that the
>former has to be enacted by local legislation while the latter is
>EU-wide legislation in itself. The regulation, however, closes a number
>of loopholes (e.g. you can't make provision of a service conditional on
>the provision of excessive data or on the provider's being able to use
>data more widely than needed to provide the service) and it increases
>fines to a level that should grab the attention of the boards of even
>the largest corporations.
Fine can be 10% of the annual sales...
<godd...@hotmail.co.uk> wrote in soc.genealogy.computing:
>On 24/05/18 15:28, Denis Beauregard wrote:
>> Europe has issued a new unified set of rules about privacy.
>>
>> http://europa.eu/rapid/press-release_MEMO-18-387_en.htm
>>
>> There are millions of web sites with "private" information. Some
>> show for example a link to uncles, siblings or nephews. If the
>> web site is in Europe, then the web site can be sued. Prepare to
>> see disappear millions of web sites...
>
>It's a good deal more nuanced than that.
>
>1. GDPR only applies to persons resident in the EU. To be resident
>there one has to be alive. My understanding is that it has /always/
>been best practice not to put details of living people onto genealogical
>sites without their permission. At the very least this is a matter of
>common courtesy.
their rules about privacy. World Families Network, which was
apparently hosted in USA, closed because of that. So, a lot of
people seems to worry about the GDPR even if not in EU.
New rules at FTDNA made the administrators of projects (who are
not employees) reponsible when they put the data on other sites
even if neither is in Europe.
>2. It doesn't apply to statutory information. That includes civil
>registration data.
>
>3. The first recourse of an EU resident is to contact the site to
>require a take-down of the data. That's not the same as sueing.
>
>4. If the site doesn't respond it's up to the relevant local data
>regulator to take action. If they're not satisfied with the response
>they can issue fines. That's not the same as being sued either.
>
>5. It doesn't matter where the web-site is located, it matters where the
>data subject is resident.
countries, which could be enough to be ruled as not legal, at least
by the lawyers when the 1st complaints will happen. By the way, they
already happened, against Facebook and Google.
>That's a brief overview of the issues raised in Denis's post. There's a
>lot of other detail such as defining Data Controllers, Data Processors
>and their roles and responsibilities.
>
>To quite a large extent the provisions of the regulation were present in
>the previous directive and in individual countries' legislation. The
>difference between a directive and a regulation in the EU is that the
>former has to be enacted by local legislation while the latter is
>EU-wide legislation in itself. The regulation, however, closes a number
>of loopholes (e.g. you can't make provision of a service conditional on
>the provision of excessive data or on the provider's being able to use
>data more widely than needed to provide the service) and it increases
>fines to a level that should grab the attention of the boards of even
>the largest corporations.
0 new messages