Mozilla Monitor Plus Scrubs Your Leaked Personal Information From the Web, For a...
source link: https://yro.slashdot.org/story/24/02/06/156228/mozilla-monitor-plus-scrubs-your-leaked-personal-information-from-the-web-for-a-fee?sbsrc=yro
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Mozilla Monitor Plus Scrubs Your Leaked Personal Information From the Web, For a Fee
›
Here in Europe it happens to be illegal to do this. It is illegal to store or process any personal information without explicite informed consent. If somebody buys personal information for a data broker (who needs that informed consent as well) or gets it in any other way, they have to inform the data owners (the people the data refers to) within a month of this and of all non-trivial processing that will be done. Oh, and you can withdraw consent under some conditions and when the data is from when you were
-
And how do you make it so that your private data does not leave Europe?
-
You don't have to: the law always pertains to the person the data belongs to, not the company that stores it. Meaning if you store data of any European citizen, you're on the hook.
If it's a European citizen in Australia, GDPR applies.
It's exactly the same principle as the Cloud act: Doesn't matter where the servers are if it's a company that operates in the US.
Enforcing is indeed a legal mess, but hey, tit for tat...-
I don't think that is correct. If you are an EU citizen in Australia you are under Australian laws. However, if you are an EU citizen whose data is transferred outside the EU then the entities transferring it have to add the GDPRs standard contractual clauses to the contracts to give you the same rights as if the data was still inside the EU.
-
The GDPR protects the data of EU citizens, regardless of where the data is or where the EU citizen is. The question of enforcement is a bit more difficult and there the geolocation of the citizen plays a role.
-
-
-
It is illegal if a US company does it too. The GDPR is not geographically restricted. In fact, the question of legal enforcement of the GDPR in the US for data belonging to EU citizens is the main Argument behind Schrems II and why sending or processing such data in the US is currently of very questionable legality.
-
-
The EU privacy laws are no doubt a good idea, but enforcing them is virtually impossible. A company can simply shift its data to some other juristiction that european authorities have no access to and good luck to said authorities proving anything one way or the other.
A company may well *say* its deleted your data and no longer serve it up to you, but it'll more than likely still be somewhere on a backup disk/tape even if its been deleted from the main storage (which is frankly probably hasn't anyway).
-
They work well enough to shrink the problem. Most companies that do business in the EU just comply and it’s certainly enough to change the outcome of a risk analysis.
-
Indeed. And the GDPR is not actually aimed at stamping all misuse out. For example, the GDPR does not have personal punishments and gives offenders second chances. It is aimed to keep the abuses low and non-default and to give people subject to abuse legal redress. And that actually works reasonably well already and is bound to get better.
-
-
Within limits. If a company shifts PII outside of the EU, it stays liable for what happens with that data. If it has an EU representation, punishments can be applied to it (based on their overall, global size). It has happened and it will continue to happen. Obviously, GDPR enforcement is in its infancy, but there already have been some harsh fines, data-transfer to the US was already close to being made illegal in general (the "Schrems II" ruling) and some companies in the EU have been essentially shutter
-
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK