Europe's General Data Protection Regulation Makes Privacy Global



    May 6

I know I said I was done, but I can’t help myself.

I had made the same resolution, but I do feel very strongly that users deserve control of their personal information, and all this law does is make this easier for individuals. And I am someone who has been working extensively with market research data longer than I care to admit I am old, even before the Interwebs were a gleam in Tim Bernese-Lee’s eye.

Basically all the law requires is that a site gives people the right to decide if they want to be tracked or not, the right to be able to access the data, and delete data that has been accumulated about them, and to receive timely notification if their data might have been breached. Everything has to be in plain easy to understand language, and information easy to monitor and control.

You keep saying that you can block people. That’s explicitly and intentionally made not possible by the rules. The link I posted above that nobody has bothered to click explains this in detail.

I have read a ton of information otherwise. There are probably billions and billions of firewalled and walled garden pages being served in the EU every minute.

Re: PCI: 1. That had nothing to do with Equifax. 2. My whole point is that it’s security theater, not actual security.

Not even remotely true, and the Equifax data leaks was one of the many reasons why the law got off the ground. It’s also Facebook, Tinder, etc., etc., etc. It is 100% about security and privacy.

And as to this:

This has nothing to do with GDPR.

You sure? Because this site says that cookie popups are going to be heavily affected by GDPR.

This is like trying to explain that the TSA isn’t there to make you secure, it’s there to make you feel secure. It’s the same with this law.

Even if it saved stopped one incident, I think the TSA is worth it. I was on my way to work in Manhattan when 9/11 hit and I know people whose lives were dramatically affected. And I am eternally grateful for the TSA whenever I don’t have to remove my shoes, etc. before entering a gate. Hallelujah.



Kreme is correct, another law that preceded the GDPR covered cookies.

(Dennis Swaney) #44

I agree. We don’t need those Brussels bureaucrats trying to tell U.S. citizens what to do within the borders of these United States. The U.S. Constitution is the supreme law here, not the E.U. regulations. Kudos to the U.K. for wising up and telling the E.U. goodbye.

(Dennis Swaney) #45

Hah! We routinely hear about how TSA screeners miss obvious firearms, and other proscribed items.

(Joseph) #46

If you read the link I posted, it might be good if you pointed out what they got wrong, rather than simply denying it.

Everybody knows that there was a former law that made a bunch of sites put up a bunch of irritating cookie notifications. Now they are saying that GDPR is making even more changes.

(David Stamp) #47

An excellent and well written overview about the GDPR. As an EU citizen, plus an Apple, Amazon, Google, Facebook, Twitter and TidBits user or subscriber, I have a right to know that my personal data is being correctly stored and used only for the reasons that I agree to.

As Adam has commented already, these basic personal data rights will be positive also for U.S. and other none EU citizens.

Businesses of all sizes who make money from me and/or my data must ensure that I give this data with my knowledge and explicit agreement.

Non-profits, charities and similar only need to show that individuals have explicitly given permission for such groups to keep basic contact details for just that - an email list (say) for an emailed newsletter.

Well done TidBits!

(Enrico Franconi) #48

Well, “those Brussels bureaucrats” have jurisdiction on EU citizens, and protect their rights. If an internet US-based company deals with EU customers, then it should be prepared to be sued if it does not respect the rules of the customers’ country. It has always been this way. This is why Adam had to pay VAT according to the rules of the customers’ country; this applies even across US states.


(Jolin Warren) #49

You are aware that countries enforce their laws in foreign territories (and on foreign citizens) all the time, right? It obviously requires cooperation of the foreign territory, but given the interconnected nature of the world these days, there are many reasons why countries cooperate or are coerced into cooperation. This is obviously sometimes good, sometimes bad, and we could argue from a philosophical standpoint whether it’s right at all, but in practical terms it’s the reality we live in.

(Joseph) #50

Nope. It doesn’t.

(Dennis Swaney) #51

Jolin, since I lived in Germany for 12 years, I’m well aware of non-citizens being subject to the laws of the country they are physically in. However, the EU is trying to enforce their regulations on UNITED STATES CITIZENS who are PHYSICALLY in these United States! Now this is not the same as for serious crimes like murder, kidnapping, and so on where the country where the crime was committed can ask the country where the suspect is living for extradition of said suspect.

(Dennis Swaney) #52

Could someone please tell me how to quote a poster on this new system? I’ve tried to find a Quote button in posts but must be looking in the wrong place(s). Thanks in advance.

(Enrico Franconi) #53


May 8

This is why Adam had to pay VAT according to the rules of the customers’ country; this applies even across US states.

Nope. It doesn’t.

It seems to me that the link you provides states the opposite:

What sales tax rate should you use when selling online or out-of-state?

This is the tricky part. If you’ve determined that your business must add on a sales tax charge for transactions in certain states (and the customer does not have tax exempt status), you’ll need to determine which sales tax rate to charge.

Sound overwhelming? Yes, it can be. With thousands of sales tax jurisdictions in the U.S., determining which sales tax rate to charge can be a challenge. If you operate an online business, it’s worth investing in online shopping cart services to handle sales transactions, many of which will automatically calculate sales tax rates for you. More comprehensive online sales tax solutions can also take care of the end-to-end process of calculating, collecting and filing sales tax return on your behalf.



(Jolin Warren) #54

As I understand it, the EU is enforcing these regulations on US businesses/organisations who are serving EU citizens. It’s entirely within their right to do this, just like the US government could (and does) enforce regulations on European organisations doing business with US citizens (e.g. financial reporting regulations), even if the organisation has no presence in the US.

Obviously, enforcement can be an issue, but as Simon describes, there are pretty well established mechanisms for this between the EU and US given the highly interconnected nature of trade and relationships between the regions.

(Joseph) #55

Ummm. Nope. Notice the “if you’ve determined” in what you quoted. How do you determine?

Here’s what you need to know:

  • If your business has a physical presence in a state (also known as a “nexus”), whether it’s a store, office, warehouse, employees, or other criteria established by your state, then you MUST collect sales tax from customers in that state.
  • If you don’t have a presence in a state , then you are NOT required to collect sales taxes.

(Emphasis is in the original, so… it should have stood out.)

(Joseph) #56

Just select the text you want to quote and a little gray quote button will show that you can click.

(Joseph) #57

By the way, this tax issue is well known.

You, as a consumer in your state, owe taxes on purchases that you’ve made even when the business you bought it from did not collect taxes, (not being required to obey the laws of your state.)

Most states ask you a question when you file your taxes about purchases that you made out of state or online. Then they calculate the additional tax you owe based on those purchases. Of course, most people lie and claim they didn’t buy anything, so the state is never able to collect it. So there is a big push among the states and even Congress to come to some sort of agreement on how to make up for this loss of revenue from out of state online purchases.

In the meantime, that question on your tax return is the only way your state can collect that tax, because you are the only party to the transaction that they have any right to tell what to do.

(Dennis Swaney) #58

Here in California, an out-of-state business does NOT have to charge the CA sales tax (but nothing says they can’t do it voluntarily) UNLESS they have a PHYSICAL presence in California, like a store, warehouse, etc. However, it is up to the recipient to pay a “Use Tax” equal to the sales tax as part of their Income Tax filing.

(Geoff Duncan) #59

It depends what the cookies contain and how they’re used. There are many ways of using cookies that would need to be changed to comply with the GDPR; similarly, there are many ways of using cookies that do not require changes to comply with the GDPR. There is no absolute line that “if you use cookies, the GDPR automatically impacts you.” Evaluating these cases is some of what companies and organizations have been doing to prepare for the GDPR.

(Adam Engst) #60

I think it’s easy to miss the forest for the trees here. Personal privacy is one of those resources that is just sitting there, waiting to be exploited, and it seems clear that market forces aren’t sufficient to prevent abuses. Yes, the GDPR is going to be a pain for a lot of businesses, and particularly for us small businesses who have no desire or plans to exploit our users’ personal data. But you know what? Many larger businesses spend a huge amount of time, effort, and money on ever “better” ways of using hoovered-up personal data. That’s why I think things like the GDPR are a good first step, and a model that other governments can look to. Otherwise, it will be all Facebook, ad-trackers, and security breaches for the rest of time.

(Joseph) #61

Then how about we pass laws that are decent privacy protections, starting with abolishing the Patriot Act.

All this talk about how this is going to protect privacy is just a sad joke.