Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Data Protection: US vs EU

Marcus Bointon
May 26, 2016
Technology
0
180

Data Protection: US vs EU

Since Edward Snowden's revelations about U.S. security agencies, data protection and privacy regulations in the EU have come under scrutiny. The collapse of the safe harbour agreement caused major upset, and further EU judgments are likely. Some are campaigning for more access for security services, while others want greater protection for civil rights. What does this mean for developers? What should U.S. companies do to ensure compliance with EU regulations and your users' rights?

This talk was given on May 26th 2016 at PHP Tek 2016 in St Louis, MO, USA.

Please give feedback at https://joind.in/talk/60faa

Marcus Bointon

May 26, 2016
Tweet

More Decks by Marcus Bointon

See All by Marcus Bointon
Hansel & Gretel do TLS - PHPSW 2020
synchro
0
36
It's new, it's shiny, it's... email?
synchro
0
140
Understanding Privacy By Design – ConFoo 2020
synchro
0
190
Hansel & Gretel do TLS - PHPBenelux 2020
synchro
0
150
What's new in TLS 1.3 (ConFoo 2019)
synchro
0
48
Practical privacy - GDPR explained (ConFoo Montreal 2019)
synchro
0
200
Deploying IPv6 (IPC Munich 2018)
synchro
0
130
Crypto for everyone - libsodium in PHP 7.2
synchro
0
290
Tales from the wrong end - life as an open-source maintainer
synchro
0
42

Other Decks in Technology

See All in Technology
上流工程に挑戦!「俺の考えた最強サーバレス構成」が一瞬で敗北した件
kentosuzuki
2
140
Code Review Challenge: An example of a solution
line_developers
PRO
1
230
Microservices - Where are my Transactions and my Consitency????
ewolff
2
150
勘に頼らず原因を⾒つけるためのオブザーバビリティ
sansantech
PRO
4
1.2k
Case Studies: Modern Development Practices In Highly Regulated Environments
charity
2
1.2k
Amazon FSx for NetApp ONTAPを 利用するときに気をつけることn選 〜移行プロセスを添えて〜 #devio2023
non97
0
150
監視とオブザーバビリティ 〜 悩む前に確認しておくべきこと / 20230926-ssmjp-monitoring-and-observability
opelab
9
1.3k
ChatGPTの10ヶ月と開発トレンドの現在地
hirosatogamo
15
8.5k
Customer-Centricity Unleashed: Transforming Businesses with LINE Tech
linedevth
1
170
信頼性目標とシステムアーキテクチャー / Reliability Objective and System Architecture
ymotongpoo
3
920
Oracle Cloud Infrastructure データベース・クラウド:各バージョンのサポート期間
oracle4engineer
PRO
6
4.2k
Jagu'e'r Tech Writers Meetup #1
yamahiro
0
150

Featured

See All Featured
Optimising Largest Contentful Paint
csswizardry
6
1.8k
Embracing the Ebb and Flow
colly
77
3.8k
Designing with Data
zakiwarfel
93
4.5k
Easily Structure & Communicate Ideas using Wireframe
afnizarnur
184
15k
Raft: Consensus for Rubyists
vanstee
130
5.9k
Automating Front-end Workflow
addyosmani
1354
200k
GraphQLの誤解/rethinking-graphql
sonatard
44
8.5k
The Art of Programming - Codeland 2020
erikaheidi
39
12k
Code Reviewing Like a Champion
maltzj
510
38k
ParisWeb 2013: Learning to Love: Crash Course in Emotional UX Design
dotmariusz
101
6.4k
Designing for humans not robots
tammielis
246
24k
How STYLIGHT went responsive
nonsquared
89
4.4k

Transcript

  1. Data Protection: EU vs US
    Marcus Bointon
    Technical director,
    Synchromedia Limited &
    Smartmessages.net

    View Slide

  2. Marcus Bointon: Data protection
    IANAL
    ̣I Am Not A Lawyer
    ̣If you’re concerned about a data
    protection matter,

    get proper legal advice

    View Slide

  3. Marcus Bointon: Data protection
    What is data protection?
    ̣The aggregate of laws and regulations that
    protect the collection, storage and transmission
    of data relating to citizens of a country
    ̣Typically concerns what data is collected &
    stored, to whom it may be revealed, how it may
    be stored, where, for how long, how it must be
    protected, etc
    ̣It applies to everybody

    View Slide

  4. Marcus Bointon: Data protection
    What data to protect?
    ̣Much data is boring and uninteresting
    ̣but it’s still your data
    ̣Name, email, address, date of birth, sex, employer
    ̣IP address, geolocation, internet traffic metadata
    ̣Race, gender, sexual orientation, political
    opinions, health, religion, criminal record
    ̣Applies to all media, not just text

    View Slide

  5. Marcus Bointon: Data protection
    US Federal Regulations
    ̣No overriding national data protection law
    ̣Patchwork of federal and state laws
    ̣Federal Trade Commission
    ̣COPPA
    ̣HIPAA
    ̣CAN-SPAM
    ̣CPPA

    View Slide

  6. Marcus Bointon: Data protection
    US State Regulations
    ̣Very patchy coverage
    ̣Nearly all are remedial - declarations and
    penalties for breaches
    ̣Few states have privacy protection offices
    ̣MA and CA leading the way on
    prevention

    View Slide

  7. Marcus Bointon: Data protection
    EU Regulations
    ̣Data Protection Directive 1995/46/EC
    ̣Implemented by each member state
    ̣UK Data Protection Act 1998
    ̣e-Privacy Directive 2002/58/EC
    ̣Updated by 2009/136/EC “Cookie law”
    ̣General Data Protection Regulation 2018

    View Slide

  8. Marcus Bointon: Data protection
    EU Data Protection Principles
    ̣Notice - must inform that data is collected, how used, who by
    ̣Choice - must be able to opt out of collection and transfer
    ̣Onward Transfer - only to other orgs following same principles
    ̣Security - Prevent loss or unauth access of collected data
    ̣Integrity - Data must be accurate, relevant and reliable
    ̣Access - Individuals must be able to access data about them
    ̣Enforcement - These rules must be effectively enforced

    View Slide

  9. Marcus Bointon: Data protection
    Safe Harbour - The Rise
    ̣Basic premise that US regulations were
    not as good as EU
    ̣2000 agreement that EU data could be
    stored in the US under EU principles
    ̣Required that US companies self-certify
    compliance

    View Slide

  10. Marcus Bointon: Data protection
    Safe Harbour - The Fall
    ̣Edward Snowden’s PRISM revelations
    ̣Max Schrems sued Facebook in Ireland…
    ̣and won
    ̣Safe Harbour struck down October 2015

    View Slide

  11. Marcus Bointon: Data protection
    What now for EU - US data?
    ̣It’s currently illegal to store EU data in the US under SH!
    ̣Privacy Shield - Safe Harbour 2.0
    ̣Stronger, but doesn’t solve the problem
    ̣US Government not helping
    ̣Suing Microsoft in Ireland
    ̣Companies fighting back - Apple, Microsoft
    ̣Write to your Congressperson!

    View Slide

  12. Marcus Bointon: Data protection
    Practical steps
    ̣Use EU data centres / zones
    ̣Look at it from the user’s POV - foster trust
    ̣i.e. don’t do what ad companies do
    ̣Minimise risk in advance
    ̣Encrypt, isolate, salt, use testing services
    ̣Minimize impact of a breach
    ̣Employ a Chief Privacy Officer
    ̣Operate with integrity

    View Slide

  13. Marcus Bointon: Data protection
    Questions

    View Slide

  14. Marcus Bointon: Data protection
    Thank you!
    ̣Marcus Bointon
    ̣[email protected]
    ̣@SynchroM
    ̣Synchro on GitHub & Stack Exchange
    ̣https://joind.in/talk/60faa

    View Slide

  15. View Slide