- cross-posted to:
- technology@lemmy.world
- world@lemmy.world
- cross-posted to:
- technology@lemmy.world
- world@lemmy.world
Europe’s most famous technology law, the GDPR, is next on the hit list as the European Union pushes ahead with its regulatory killing spree to slash laws it reckons are weighing down its businesses.
The European Commission plans to present a proposal to cut back the General Data Protection Regulation, or GDPR for short, in the next couple of weeks. Slashing regulation is a key focus for Commission President Ursula von der Leyen, as part of an attempt to make businesses in Europe more competitive with rivals in the United States, China and elsewhere.
You must log in or # to comment.
@EUCommission@ec.social-network.europa.eu are you trying to become the USA? Deregulation will make us just like them! Don’t undo all the good work you did!
Von der Leyen is a member of the so-called “Christian Democratic Union” party, so yes, I’m pretty sure becoming the USA is the point. Christian Conservatives of a feather will flock together and all that.
Oh boy what can go wrong?
There is one thing that would make the GDPR easier: one single Data Protection Authority at Union level, with direct sanctioning powers.
No more asking Ireland first only to get Norway and Germany telling you the opposite.
That would be pretty neat, yeah.
They intend to simplify compliance, not axe the law. And this is needed if Europe wants to make itself independent of USA and China on the tech front.
You who are against this, have you ever had to deal with GDPR? It is a nightmare and I am certain American big tech is secretly celebrating it, because it kills any European startup alternatives, because they cannot afford to employ enough people to be compliant with the law and if they try to do it with existing personnel they don’t have enough time left over to actually run their business.
If you have ever complained that there aren’t enough European alternatives, GDPR and other legislation is the reason why. USA shoots itself in the foot with tariffs and we Europeans shoot ourselves in the foot with regulations. I am just really glad the EU commission has realized this and are fixing it.
have you ever had to deal with GDPR? It is a nightmare and I am certain American big tech is secretly celebrating it, because it kills any European startup alternatives, because they cannot afford to employ enough people to be compliant with the law and if they try to do it with existing personnel they don’t have enough time left over to actually run their business
Am DPO. What do you mean? GDPR is trivial to deal with and you do not need to employ additional personnel beyond a DPO. They don’t even have to do it full time.
There are certain few business models that explicitly rely on exploiting personal data, but them being slowed down is very much the intention.
It is not trivial, the existence of you job makes that self-evident. If it was trivial companies wouldn’t need a DPO, would they? I would love to see you walk up to your employer and tell them that your job is trivial and anyone can do it…
You might not see this yourself, but the fact that even a small company needs a DPO in order to interpret data protection regulation IS the problem! But I am sure you are not complaining… It needs to be simplified so a small company can be GDPR compliant without requiring a DPO.
This problem is recognized in the report from the EU commission linked in the article, which is why they are acting.
The fact that small startups cannot even take off because they cannot afford to hiring the bureaucrats required to interpret and be compliant with regulation is a massive problem and one of the reasons Europe’s economy is stagnating. It is not about exploiting personal data, it is about the cost of bureaucracy killing European startups in their infancy.
It is not trivial, the existence of you job makes that self-evident. If it was trivial companies wouldn’t need a DPO, would they? I would love to see you walk up to your employer and tell them that your job is trivial and anyone can do it…
Again, as someone who performs the job, I’m telling you: It’s trivial. Come on, don’t try to somehow ‘reason’ that away, that’s just silly. Many jobs are trivial, many jobs need to be done. Mine needs to be done because it’s mandated, not because it’s hard. And I could, in fact, walk up to my employer and tell them that it’s trivial because they would understand - both my boss and I took the same one-day course to become certified.
You might not see this yourself, but the fact that even a small company needs a DPO in order to interpret data protection regulation IS the problem! But I am sure you are not complaining… It needs to be simplified so a small company can be GDPR compliant without requiring a DPO.
Again, I don’t know what you think the workload entails, but if you want more specifics I can tell you that my position as a DPO takes up less than 5% of my time and most of that falls to preparing the yearly internal employee training course and the rest is basically automated. It’s not some kind of full time profession unless you have a gigantic corporation or literally run a legal business offering external DPO services. Compare it to the position of something like a medical first responder, if that exists where you live.
In fact, I’m going to do you a solid now and break down the certification course: If you handle personal data, write down where it is and who does what with it. Don’t ask for personal data that you don’t need to perform your function, don’t share personal data with third parties, delete all personal data the moment you don’t need it any more. There, GDRP-compliance for the vast majority of businesses in just one paragraph.
It truly is very, very trivial - as is the whole GDPR main text, for that matter. It’s well structured and uses simple wording.This problem is recognized in the report from the EU commission linked in the article, which is why they are acting.
Ah yes, the Draghi report. “Europe must invest twice as much as it did rebuilding after World War II, allow more tech and telecoms companies to merge and take drastic measures on defense spending”
If you’ll have another look at the article, that’s part of the massive industry lobbying effort that they’re referring to.The fact that small startups cannot even take off because they cannot afford to hiring the bureaucrats required to interpret and be compliant with regulation is a massive problem and one of the reasons Europe’s economy is stagnating. It is not about exploiting personal data, it is about the cost of bureaucracy killing European startups in their infancy.
I don’t know how else to put this, but this is just not a real problem. I’m reluctant to outright call it a fiction, because there might always be information that I’m missing, but as someone who has worked in the field for about 3 years now I’ve never come across internal or external reports of businesses who could not afford GDPR compliance. Again, that would be silly, that’s like complaining about building code because you have to spend a pittance on fire extinguishers.
I completely agree! GDPR was good in theory, but it’s really hindering us in practice. Coming from someone working in healthcare.
gross why are they getting rid of the best thing they’ve done?
Preventing total exploitation harms corporate short-term profits.
Privacy matters, but it is really not good in its current shape. For example, it seriously hinders scientific research into contagious diseases because a lot of data of patients is incredibly hard to get or work on. There’s a lot more that could be done against epidemics if it wasn’t for the GDPR in its current shape.
This is so untrue it’s actually hilarious.
Ask for concent, its not hard.
This is not about consent but about databases that already exist and that could be anonymized easily, treasure troves of data for medical research, but even anonymously that data can’t be used because of stupid red tape
You do realise that most medical research these days is for-profit? The only thing opening these databases to medical research will do is increase the profit lining the pockets of the already mega wealthy (and corrupt) industrial medical complex.
Jfc you tankie, just because someone makes money from selling medication, do you really think the person receiving the medication is sad about the existence of the medication? You are literally saying “let’s not cure or prevent diseases because someone could make money from it”, how removed can you be
Also, I was talking about state funded medical research into how the spread of contagious diseases could be halted, which would only have resulted in regulatory actions. That’s just one example. Get your head out of your own ass
Schrödingers patient. They would gladly give all their data to for profit businesses to then sell an expensive cure when not asked, but they would not be willing to give consent when asked…
Especially in the case of medical data it is relatively easy to break anonymization. If you make the data sellable the first to buy will be insurance companies so that they can begin pushing for coverage to not be universal, but rather based on how healthy you are and maybe even denying coverage for your lung cancer at 60 because you used to smoke in your 20s…
And the people who have the kind of diseases that would benefit greatly from research on it, will be first to be hung to dry in such a system.
Consent is red tape?
If you want to ask every person in an anonymized database for consent, yes
You consent to your data going in to a database first, and that it will be used for medical research.
Yes this is the exact moment that we decide we want to be as similar to the US as possible. These neoliberals need to go.
That’s a funny way of saying liberals
That’s a funny way of saying liberals
What do you mean? By the looks of it the original point was about deregulated free market capitalism, not about individual freedoms in general.
Fucking assholes, taking away gdpr and pushing for chatcontrol.
We should have democratic mechanisms to vote these politicians out of office when they start messing up.
Finally!!! GDPR strongly needs a revision. I work in healthcare in Sweden, where many hospitals recently have gotten a new digital journal system. In theory it would be a really good one, but because of GDPR we still have to rely on printing papers, and sending them to other clinics via post or fax. How in the world does that protect our privacy better than just using the digital services that are built to do this?!
All my patients expect me to have ready up on their medical history, and know what medications they take, so that I am up to date about what they need. But in order to do that, I first have to ask for their permission, and THEN open their journal. It has to be the other way around - that you can actively block healthcare personnel from reading your journal if you for some reason don’t want them to.
Revising the GDPR to make it less intrusive in healthcare, would increase our ability to see more patients and spend less time on administrative tasks, which I think everyone is positive to.
but because of GDPR we still have to rely on printing papers, and sending them to other clinics via post or fax
I don’t know who told you this but that is certainly not mandated by GDPR. Could you elaborate on the situation?
All my patients expect me to have ready up on their medical history, and know what medications they take, so that I am up to date about what they need. But in order to do that, I first have to ask for their permission, and THEN open their journal. It has to be the other way around - that you can actively block healthcare personnel from reading your journal if you for some reason don’t want them to.
That is also not mandated by GDPR. I don’t know who you DPO is, but at some point of the communication chain there must be a misunderstanding.
Lots of ad companies and other data harvesters who wanted to keep being evil put out a lot of misinformation about things the GDPR would outlaw, and some of it stuck, so plenty of people think the GDPR says things it doesn’t. In general, you’re safe as long as you don’t do anything obviously dodgy or send data to a company likely to do evil things with it, but in a world where nearly everyone uses Google analytics to monitor if their site goes down, everyone had to change something and there was plenty of opportunity to scare people by telling them they needed to change more than they really did.
Don’t do it, you really don’t want to try and race us to the bottom when we have a solid head start.
what the fuck
If they can make GDPR more simple easier to comply with, it would do wonders.
One thing that’s symptomatic for anti-GDPR sentiment in general are “cookie banner” discussions. As if the EU had ever told anyone they need cookie banners! You absolutely don’t need them if you’re not randomly throwing around data. And people should know better, just from seeing titles on said cookie banners like “Your privacy is important to us and our 1234 partners” (and that’s not even exaggerated!). In addition, “cookie banner” is a misnomer too, as the thing you’re really setting up is not cookie behavior but data-spreading behavior.
As an addendum: At a former employer, we ran an online survey which we announced through a small notification on the page. I didn’t want it to be too annoying, so included a “go away” button in the notification. That button wrote an extremely GDPR-compliant cookie that simply stored the preference. One of my co-workers was careless enough to casually mention this to a high-ranking American employee who then questioned me whether we shouldn’t include that cookie on the cookie banner, etc. It took a while to set that straight.
That American was the same person who was responsible for combining browsing behavior on employer’s website with a third-party chat provider, so either AI or human agents could open a chat box on specific people’s screens and ask them creepily specific questions about whether they’d like to buy any of the products they’d been looking at on former employer’s site over the past months.
There are a lot of people who don’t even understand the basics of what GDPR is trying to do but whose job it is, to create GDPR-compliant things.
The only part of GDPR that requires any effort is the ability to export and delete user data, which is good design in software any way.
Most companies breaking GDPR go out of their way to break it
I‘m afraid they‘re aiming to erase privacy instead, but I have hope I might be wrong.
If a proposal comes from Mrs VDL, you can always assume the worst, and the most corrupt option imaginable.
Actually, it’s quite easy to comply with. Don’t collect any data you don’t need in order to conduct legitimate business with the person you’re collecting data from. Delete collected data once you don’t need them anymore. And you’re done.
Maybe in your field? Tell that to healthcare workers. Don’t you want your doctor to know about your medical history and what medications you’re taking, without having to wait and see you first to be able to ask you? GDPR HAS to be revised.
There is a legitimate reason for the doctor accessing those data, so there isn’t a problem with the GDPR. No need to revise it for that.
Its not that complex in practice. The problem is that there it’s industry is trying to make it seem more complicated than it is so you’ll have to hire one of those contractors.
Seems to me like the EU wants to pander to the USA to get market access. Alphabet, Microsoft and Meta are licking their lips.
It’s about the same with DORA.
What do you find hard to comply with? What would you “simplify”?
It’s really not that complicated. I don’t see what they could do to “simplify” it and not ruin it.
My first reaction was disdain, but I think we at least need to wait for the actual proposal to form an opinion.
