Moscow, may 23 — “News. Economy” Adopted a year ago in the EU General rules of data protection (GDPR) has changed the rules of the game for companies in the high-tech sector. The regulations valid on the territory of the EU, but the heads of teggiano believe that the same law GDPR should be adopted in the United States.
Microsoft supported the appeals of Apple and other IT companies to adopt a similar law in the United States. Microsoft has introduced a protection level GDPR for all its customers, but believes that voluntary steps by the tech giants is not enough — you need a legislated rules at the country level.
99 GDPR contains separate articles, but chief among them are four requirements for companies that want to store and process the personal data: the existence of a specific and legitimate reasons for processing personal data should be encrypted, the user should be able to copy their data, users can request the deletion of their data.
In its statement, Microsoft noted that many countries have followed the example of the EC and adopted new laws, modeled on the European regulations. These include Brazil, China, India, Japan, South Korea and Thailand. Now it is time to impose the same stricter standards in the United States, according to Microsoft.
“For Congress it’s time to be inspired by the example of the rest of the world and make the Federal legislation, which will distribute those protections, which operate under GDPR, citizens of the United States,” the company said. At the same time, according to Microsoft, compatibility with GDPR is a critical point. This will reduce the costs of compliance with the new standards, since companies do not need to create separate systems for different requirements in the countries where they conduct their business.
Recall GDPR entered into force in may last year in the European Union, bringing to a common denominator laws about the privacy of user data. Regulators and privacy advocates called the legislation a victory for consumers who want more control over their personal data, especially after the sensational stories like Cambridge Analytica. The law includes key principles and requires companies to notify the authorities of any data breaches within 72 hours. For failure to comply with the principles imposed a fine in the amount from 10 to 20 million EUR or 2 to 4% of the annual turnover of the company.
Legislators, lobbyists and CEO, the U.S. seeks to highlight the best parts in the GDPR — and to reject what they consider inappropriate practices in the United States.
Last year California adopted a data privacy law (California Consumer Privacy Act, or CCPA), which copies many of the principles of the GDPR, such as rights of access and deletion of personal data. State law, which will enter into force in 2020, imposes fines of up to $7500 for a large company that does not disclose methods of data collection or acquire user permissions to transfer data to third parties.
The new law is not as harsh as the European Directive, but still involves a big change in the life of the business. Every Internet user in California will have the right to request the company the information she gathered about him, and the list of third parties that became known.
On the basis of this law, the user is now able to sue the organization that was illegally used his personal data or has not fulfilled any of his requests in time.
Under the CCPA includes companies that handle personal data of California residents (residents can be found throughout the state and beyond) and receive a minimum of $25 million in annual revenue. But there is a caveat: if income is less, but it stores personal data of more than 50 thousand people, its activity falls under the CCPA.
The new law also regulates the activities of firms receiving more than half of the profits (no matter what size) from the sale of data. The location of the organization plays no role: no matter whether she in California or out of state.
When it comes to the Federal laws of the United States about privacy, you should pay attention to whether it be contrary to the rules of the state of California. Some Democrats, such as Senator Dianne Feinstein, said they would not support a Federal bill that “weakens” the California standards, while technology companies and some Republicans advocate a national law that overrides and possibly weaken the requirements of the state.
The President and CEO of BSA. Victoria Espinel said that the California law is “a very important step forward,” but added that “Federal privacy legislation went beyond the jurisdiction of California.”
According to Espinel, European officials are making all efforts to adapt the complexity of the GDPR especially for small companies. Critics of the law say that GDPR puts the company at different levels in unequal conditions — technological giants, with adequate resources, it is easier to comply with their obligations and even to fines, while for small businesses to comply with legislation are often extremely problematic.
There is concern regarding the potential negative impact of GDPR on the freedom of speech. Some privacy experts fear that the GDPR requirements associated with the “right to oblivion” (which oblige the company to remove from the Internet illegal or inaccurate data), can cause opaque abuse by companies who will try to fulfill them.
“GDPR does not provide adequate procedural obstacles to the abuse of removal of data, said Daphne Keller from the Center for Internet and society at Stanford law school. — In many cases, it, apparently, greatly shifts the balance toward implementation even doubtful claims about the use of “right to oblivion”, like those that Google received from the priests who tried to hide the scandals over sexual abuse, or financiers who wanted to see their conviction for fraud forgot.”
Despite years of criticism in this respect, the EU legislators did not satisfy the need for “adequate security measures for those whose freedom of speech may be violated,” says Keller.
GDPR applies to any company that has customers in the European Union, even if its head office is located outside this block. Many large companies end up saying that a single standard, be it European law or something else would be the simplest way to guarantee the right to protection of personal data of users, but in the near future the development of an international agreement is unlikely.
“The global consensus on privacy will probably come in a few years. It’s a long goal, but that’s what we are trying to achieve, ” said Espinel.
Read more •••