Data Protection: US vs EU

Transcript

1. Data Protection: EU vs US Marcus Bointon Technical director, Synchromedia

   Limited & Smartmessages.net

2. Marcus Bointon: Data protection IANAL ̣I Am Not A Lawyer

   ̣If you’re concerned about a data protection matter,
 get proper legal advice

3. Marcus Bointon: Data protection What is data protection? ̣The aggregate

   of laws and regulations that protect the collection, storage and transmission of data relating to citizens of a country ̣Typically concerns what data is collected & stored, to whom it may be revealed, how it may be stored, where, for how long, how it must be protected, etc ̣It applies to everybody

4. Marcus Bointon: Data protection What data to protect? ̣Much data

   is boring and uninteresting ̣but it’s still your data ̣Name, email, address, date of birth, sex, employer ̣IP address, geolocation, internet traffic metadata ̣Race, gender, sexual orientation, political opinions, health, religion, criminal record ̣Applies to all media, not just text

5. Marcus Bointon: Data protection US Federal Regulations ̣No overriding national

   data protection law ̣Patchwork of federal and state laws ̣Federal Trade Commission ̣COPPA ̣HIPAA ̣CAN-SPAM ̣CPPA

6. Marcus Bointon: Data protection US State Regulations ̣Very patchy coverage

   ̣Nearly all are remedial - declarations and penalties for breaches ̣Few states have privacy protection offices ̣MA and CA leading the way on prevention

7. Marcus Bointon: Data protection EU Regulations ̣Data Protection Directive 1995/46/EC

   ̣Implemented by each member state ̣UK Data Protection Act 1998 ̣e-Privacy Directive 2002/58/EC ̣Updated by 2009/136/EC “Cookie law” ̣General Data Protection Regulation 2018

8. Marcus Bointon: Data protection EU Data Protection Principles ̣Notice -

   must inform that data is collected, how used, who by ̣Choice - must be able to opt out of collection and transfer ̣Onward Transfer - only to other orgs following same principles ̣Security - Prevent loss or unauth access of collected data ̣Integrity - Data must be accurate, relevant and reliable ̣Access - Individuals must be able to access data about them ̣Enforcement - These rules must be effectively enforced

9. Marcus Bointon: Data protection Safe Harbour - The Rise ̣Basic

   premise that US regulations were not as good as EU ̣2000 agreement that EU data could be stored in the US under EU principles ̣Required that US companies self-certify compliance

10. Marcus Bointon: Data protection Safe Harbour - The Fall ̣Edward

    Snowden’s PRISM revelations ̣Max Schrems sued Facebook in Ireland… ̣and won ̣Safe Harbour struck down October 2015

11. Marcus Bointon: Data protection What now for EU - US

    data? ̣It’s currently illegal to store EU data in the US under SH! ̣Privacy Shield - Safe Harbour 2.0 ̣Stronger, but doesn’t solve the problem ̣US Government not helping ̣Suing Microsoft in Ireland ̣Companies fighting back - Apple, Microsoft ̣Write to your Congressperson!

12. Marcus Bointon: Data protection Practical steps ̣Use EU data centres

    / zones ̣Look at it from the user’s POV - foster trust ̣i.e. don’t do what ad companies do ̣Minimise risk in advance ̣Encrypt, isolate, salt, use testing services ̣Minimize impact of a breach ̣Employ a Chief Privacy Officer ̣Operate with integrity

13. Marcus Bointon: Data protection Questions

14. Marcus Bointon: Data protection Thank you! ̣Marcus Bointon ̣[email protected] ̣@SynchroM

    ̣Synchro on GitHub & Stack Exchange ̣https://joind.in/talk/60faa
15. None