tag:blogger.com,1999:blog-6974997875021040765.post6291141891320881723..comments2024-03-12T12:04:59.304+01:00Comments on Peter Fleischer: Privacy...?: Which privacy laws should apply on the global Internet?Anonymoushttp://www.blogger.com/profile/09908660263905877338noreply@blogger.comBlogger3125tag:blogger.com,1999:blog-6974997875021040765.post-10028346091343940662010-08-13T15:49:00.983+01:002010-08-13T15:49:00.983+01:00At least the EU has recognised that data is global...At least the EU has recognised that data is global - hence the Binding Corporate Rules approach which effectively allows a corporation to set rules for its global operation. Using the cloud does not present a problem if the corporation has a BCR in place and has adopted a technology that protects the data while it is floating in the cloud - such as strong encryption. There is a debate in fact that if data is encrypted then it ceases to be data in the context of data protection, in which case it no longer matters - provide decryption only occurs within the EU!<br /><br />Tim Beadle<br />Privacy Consultant<br />www.atriumgroup.comTim Beadlehttp://www.atriumgroup.comnoreply@blogger.comtag:blogger.com,1999:blog-6974997875021040765.post-76392393059590252992010-06-11T09:50:17.082+01:002010-06-11T09:50:17.082+01:00Dear Peter,
This is indeed a very good reflection...Dear Peter,<br /><br />This is indeed a very good reflection of the current issue, which I believe steems from nationally driven data privacy concerns. And I very much like your ideas about how to possibly overcome the various problems! <br /><br />Now, if you look for example at the situation within the EU I would have thought that with implementing the Data Privacy Directive there should have been an opportunity to allow for ease of compliance. <br /><br />Why, so my thoughts, is it not possible, that an international business operating in the EU can achieve compliance by adhering to the rules of one EU country only (e.g. where the HQ is located), get certified by the local authorities and as a consequence of such certification all other EU countries are bound by the initial certification thus resulting in the business being compliant in all of the EU automatically. <br /><br />I really don't understand why we did not learn from the long struggle concerning acceptance of nationally obtained university grades or other degrees. In today's society it is unthinkable that you are not allowed to work in a French business because you only have a German business degree. <br /><br />Why can we not simply copy that principle for data privacy? How simple could it be for multinational businesses and how much more certainty could we offer to the customer. <br /><br />In addition there will be a competition btw countries to run the most efficient data protection regime in Europe, whithout necessarily lowering the level of protection. <br /><br />I would even argue that today's complexity of data privacy laws - making it practically impossible to comply - is a far greater risk...Mara Boonoreply@blogger.comtag:blogger.com,1999:blog-6974997875021040765.post-57733991665745150782010-06-07T15:58:26.688+01:002010-06-07T15:58:26.688+01:00I like your summary of the jurisdictional problem,...I like your summary of the jurisdictional problem, but I think the weakness is in your title. You assume the continued existence of a unitary "global internet". It's my opinion that such a concept is either already dead, or in the process of dying.Robhttps://www.blogger.com/profile/00107011578907925139noreply@blogger.com