Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Data Protection: US vs EU

Data Protection: US vs EU

Since Edward Snowden's revelations about U.S. security agencies, data protection and privacy regulations in the EU have come under scrutiny. The collapse of the safe harbour agreement caused major upset, and further EU judgments are likely. Some are campaigning for more access for security services, while others want greater protection for civil rights. What does this mean for developers? What should U.S. companies do to ensure compliance with EU regulations and your users' rights?

This talk was given on May 26th 2016 at PHP Tek 2016 in St Louis, MO, USA.

Please give feedback at https://joind.in/talk/60faa

Marcus Bointon

May 26, 2016

More Decks by Marcus Bointon

Other Decks in Technology


  1. Marcus Bointon: Data protection IANAL ̣I Am Not A Lawyer

    ̣If you’re concerned about a data protection matter,
 get proper legal advice
  2. Marcus Bointon: Data protection What is data protection? ̣The aggregate

    of laws and regulations that protect the collection, storage and transmission of data relating to citizens of a country ̣Typically concerns what data is collected & stored, to whom it may be revealed, how it may be stored, where, for how long, how it must be protected, etc ̣It applies to everybody
  3. Marcus Bointon: Data protection What data to protect? ̣Much data

    is boring and uninteresting ̣but it’s still your data ̣Name, email, address, date of birth, sex, employer ̣IP address, geolocation, internet traffic metadata ̣Race, gender, sexual orientation, political opinions, health, religion, criminal record ̣Applies to all media, not just text
  4. Marcus Bointon: Data protection US Federal Regulations ̣No overriding national

    data protection law ̣Patchwork of federal and state laws ̣Federal Trade Commission ̣COPPA ̣HIPAA ̣CAN-SPAM ̣CPPA
  5. Marcus Bointon: Data protection US State Regulations ̣Very patchy coverage

    ̣Nearly all are remedial - declarations and penalties for breaches ̣Few states have privacy protection offices ̣MA and CA leading the way on prevention
  6. Marcus Bointon: Data protection EU Regulations ̣Data Protection Directive 1995/46/EC

    ̣Implemented by each member state ̣UK Data Protection Act 1998 ̣e-Privacy Directive 2002/58/EC ̣Updated by 2009/136/EC “Cookie law” ̣General Data Protection Regulation 2018
  7. Marcus Bointon: Data protection EU Data Protection Principles ̣Notice -

    must inform that data is collected, how used, who by ̣Choice - must be able to opt out of collection and transfer ̣Onward Transfer - only to other orgs following same principles ̣Security - Prevent loss or unauth access of collected data ̣Integrity - Data must be accurate, relevant and reliable ̣Access - Individuals must be able to access data about them ̣Enforcement - These rules must be effectively enforced
  8. Marcus Bointon: Data protection Safe Harbour - The Rise ̣Basic

    premise that US regulations were not as good as EU ̣2000 agreement that EU data could be stored in the US under EU principles ̣Required that US companies self-certify compliance
  9. Marcus Bointon: Data protection Safe Harbour - The Fall ̣Edward

    Snowden’s PRISM revelations ̣Max Schrems sued Facebook in Ireland… ̣and won ̣Safe Harbour struck down October 2015
  10. Marcus Bointon: Data protection What now for EU - US

    data? ̣It’s currently illegal to store EU data in the US under SH! ̣Privacy Shield - Safe Harbour 2.0 ̣Stronger, but doesn’t solve the problem ̣US Government not helping ̣Suing Microsoft in Ireland ̣Companies fighting back - Apple, Microsoft ̣Write to your Congressperson!
  11. Marcus Bointon: Data protection Practical steps ̣Use EU data centres

    / zones ̣Look at it from the user’s POV - foster trust ̣i.e. don’t do what ad companies do ̣Minimise risk in advance ̣Encrypt, isolate, salt, use testing services ̣Minimize impact of a breach ̣Employ a Chief Privacy Officer ̣Operate with integrity
  12. Marcus Bointon: Data protection Thank you! ̣Marcus Bointon ̣[email protected] ̣@SynchroM

    ̣Synchro on GitHub & Stack Exchange ̣https://joind.in/talk/60faa