Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 18 submissions in the queue.

GDPR Forgive Us, It's Been One Month Since You Were Enforced…

posted by mrpg on Tuesday June 26 2018, @02:12AM   Printer-friendly
from the much-ado-about-nothing dept.

Arthur T Knackerbracket has found the following story:

A month after the enforcement date of the General Data Protection Regulation – a law that businesses had two years to prepare for – many websites are still locking out users in the European Union as a method of compliance.

[...] Another retailer that failed to get its house in order is posh homeware store Pottery Barn, whose notice says that "due to technical challenges caused by new regulations in Europe" it can't accept orders from the EU.

"The pace of global regulations is hard to predict," the shop complains about the legislation, which was adopted on 14 April 2016. "But we have the ultimate goal of being able to offer our products everywhere."

Original Submission

 
This discussion has been archived. No new comments can be posted.
GDPR Forgive Us, It's Been One Month Since You Were Enforced… | Log In/Create an Account | Top | 58 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 3, Informative) by Pino P on Tuesday June 26 2018, @01:34PM

    by Pino P (4721) on Tuesday June 26 2018, @01:34PM (#698741) Journal

    The difference between the status quo prior to GDPR and GDPR is that GDPR also applies to foreign businesses. And some provisions of GDPR, such as Article 27 of the GDPR [privacy-regulation.eu], are protectionist against even those foreign businesses that collect and process only the absolute minimum of data.

    Right now, if a business outside the EU wants to sell into the EU, Article 27 requires it to either pay thousands of USD per year [verasafe.com] to a business on EU soil to act as its representative for privacy inquiries or qualify for an exemption pursuant to 27(3)(a). This exemption requires processing of personal data to meet three requirements:

    1. processing "is occasional", whatever that means;
    2. no large scale processing of protected class membership or criminal convictions; and
    3. processing is unlikely to harm the data subject's rights.

    For example, is it "occasional" for a web-based toy store to process personal data 1. when an EU places an order, 2. when the order ships, and 3. if and when a return arrives? Some businesses have withdrawn from the EU market with plans to reenter once EU courts agree on a definition of "occasional". Perhaps if the GDPR had actually defined "occasional", some businesses might not have had to withdraw from the EU market.

    Starting Score:    1  point
    Moderation   +1  
       Informative=1, Total=1
    Extra 'Informative' Modifier   0  
    Karma-Bonus Modifier   +1  
    Total Score:   3