GDPR fines are increasing

Hi list,

I came across to the following article:

Looks like the GDPR is getting traction.

It is also interesting to see the list of fines given. Only one single fine in Italy. And to a political party. Italy seems to be much to political...

But the fact that fines are given could have a positive effect on data privacy management by companies.

Do you agree?

Patrick

attachment.htm (563 Bytes)

Hi list,

I came across to the following article:

https://www.cledara.com/blog/gdpr-fines-and-lessons-for-startups

Looks like the GDPR is getting traction.

It is also interesting to see the list of fines given. Only one single
fine in Italy. And to a political party. Italy seems to be much to
political...

Hahahahah to the movimento 5 stelle. Well lets say they asked for it...
The "platform" is closed source and there is no way to check how they
are handling the people's data...

But the fact that fines are given could have a positive effect on data
privacy management by companies.

Do you agree?

Yes!

In a second thought it looks reeeeaaaaallllyyy suspicious that in Italy
seems that _only_ a political party does not comply with GDPR.
That seems to me just impossible.

Hahahahah to the movimento 5 stelle. Well lets say they asked
for it...
The "platform" is closed source and there is no way to check how
they are handling the people's data...

In a second thought it looks reeeeaaaaallllyyy suspicious that in
Italy seems that _only_ a political party does not comply with GDPR.
That seems to me just impossible.

Patrick's data source ist very incomplete.

There have been a number of fines. Also, a lot higher than the mentioned one.

The biggest fine in Italy I found after a 30 seconds of online search is about
a call center fined EUR 2 018 000:

https://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/9116053

Bye,
Chris.

PS: why do we write in English?

I'm curios about how many of this fines will be effectively payed. Will
such data be available?
diego

attachment.htm (1.67 KB)

Because I do not understand German?
Because it is neutral between German and Italian?
Do you prefer Esperanto?
Ni povas paroli esperanton se vi vere volas ĝin! Ĉu ne? :wink:

Hi list,

I came across to the following article:

https://www.cledara.com/blog/gdpr-fines-and-lessons-for-startups

Looks like the GDPR is getting traction.

It is also interesting to see the list of fines given. Only one
single fine in Italy. And to a political party. Italy seems to be
much to political...

But the fact that fines are given could have a positive effect on
data privacy management by companies.

Do you agree?

Patrick

Hi,

well, your data source is not at all exhaustive. It looks like a quick shot
at an ad by someone...

About the GDPR: I think there is indeed a problem and a law is required.

However, I don't think the GDPR is a particularly well made law.

First of all the scope looks way too broad. Why isn't there some sort of
lower limit, so small orgs or small companies (in unrelated industries)
can be exempted?

Then, the definition of "personal data" is also too broad. Why should a
name, a street address or an IP address be personal data (disclaimer:
I know IP addresses were added by the EU court, not the GDPR text).
There used to be these things called phone books...

Finally, everything related to transferring data outside the EU is a complete
mess. Basically it says "Ok, don't move the data outside, unless the new
place has this adeguatezza thing, that we - the law makers - can change at
a moment's notice" [*].

I'm afraid this can be easily abused. Too me, this looks like legal infrastructure
to quickly be able to raise a great firewall of China here in the EU too.

There is also a chilling effect: people will opt to host data here for no
other reason than uncertainty.

It reminds me of the Netzwerkdurchsetzungsgesetz in Germany, which
has a similar problem ("you're required to remove hate speech, where
hate speech is defined by who ever happens to control government right
now"). Seen German (or Italian, or European, for that matter) history,
this might not end well :confused:

Bye,
Chris.

[*] https://www.garanteprivacy.it/home/provvedimenti-normativa/normativa/normativa-comunitaria-e-intenazionale/trasferimento-dei-dati-verso-paesi-terzi

I'm curios about how many of this fines will be effectively payed.
Will such data be available?
diego

Good question.

The big players will likely curse and pay up. The small ones (SRLs) probably
will just shut down. Entities with personal liability might be hit hardest...

I guess there are some statistics around on the site of the Garante...

Bye,
Chris.

PS: why do we write in English?

Because I do not understand German?
Because it is neutral between German and Italian?
Do you prefer Esperanto?

As a shot in the dark, I'd guess of the subscribers to this list:

- 95% could follow a discussion in Italian.

- 60% in German.

- 30% in English.

- < 5% in any other language.

So English looks like a bad choice...

We could make a poll? Any volunteers?

Bye,
Chris.

Guardato sul sito del Garante

ma trovato solo qualche relazione annuale non recente

attachment.htm (1.56 KB)

Hi Chris,

well, your data source is not at all exhaustive. It looks like a quick shot
at an ad by someone...

Well, I agree the article is a kind of product placement, but I find the
content interesting.

At least to start a discussion about an evaluation of the GDPR effects
on privacy.

I miss-interpreted the lack of more data as a limitation of fines given.
This was a mistake. Thank you for pointing this out.

About the GDPR: I think there is indeed a problem and a law is required.

However, I don't think the GDPR is a particularly well made law.

First of all the scope looks way too broad. Why isn't there some sort of
lower limit, so small orgs or small companies (in unrelated industries)
can be exempted?

I have seen you comment about the California rule, which frees small
companies and orgs from the obligations. I am curious to see, if big
companies will be able to exploit such regulations as a sort of loophole.

If not, than the EU could update the GDPR as well.

Then, the definition of "personal data" is also too broad. Why should a
name, a street address or an IP address be personal data (disclaimer:
I know IP addresses were added by the EU court, not the GDPR text).
There used to be these things called phone books...

Yes, but every citizen had the right to not be included in the phone book.

I think the GDPR is ideal for the citizen but it is probably too much a
challenge to be implemented correctly by most orgs/companies.

Finally, everything related to transferring data outside the EU is a complete
mess. Basically it says "Ok, don't move the data outside, unless the new
place has this adeguatezza thing, that we - the law makers - can change at
a moment's notice" [*].

I'm afraid this can be easily abused. Too me, this looks like legal infrastructure
to quickly be able to raise a great firewall of China here in the EU too.

Can you elaborate on this? How does this help to implement a great firewall?

There is also a chilling effect: people will opt to host data here for no
other reason than uncertainty.

Do you have data about this?

It reminds me of the Netzwerkdurchsetzungsgesetz in Germany, which
has a similar problem ("you're required to remove hate speech, where
hate speech is defined by who ever happens to control government right
now"). Seen German (or Italian, or European, for that matter) history,
this might not end well :confused:

I think this opens a completely different topic.

But if I get your point right, you are afraid about definitions defined
by governments, because they can be adopted to political needs. Well
maybe international organizations like the UN, where multiple
governments have to reach a common consensus, could be used to define
the definitions like what is "hate speech" and what is not. But as I
wrote, this opens a completely different discussion.

Best,
Patrick

attachment.htm (4.28 KB)

Ciao a tutto

Non ho approfondito fino in fondo, e penso neanche tutti gli altri, ma
c'è il decreto 101/2018 del 10 agosto 2018: "Disposizioni per
l’adeguamento della normativa nazionale alle disposizioni del
regolamento (UE) 2016/679 ..."

 http://www.gazzettaufficiale.it/eli/gu/2018/09/04/205/sg/pdf

Dopo tutta la discussione sul GDPR è passato un pò nascosto o senza la
neccessaria attenzione questo decreto. Forse qualcuno sa più di me?

~ Karl

Un inciso OT sulle indicazioni date da G.U. in copertina:

*"Al fine di ottimizzare la procedura di pubblicazione degli atti in
Gazzetta Ufficiale, le Amministrazionisono pregate di inviare,
contemporaneamente e parallelamente alla trasmissione su carta, come da
norma,anche copia telematica dei medesimi (in formato word) al seguente
indirizzo..."*

Qualche osservazione in merito?

diego

attachment.htm (3.23 KB)

La versione aggiornata del D.L. 30.06.2003 n.196, adeguata (2017) al GDPR,
è disponibile in:
https://www.normattiva.it/atto/caricaDettaglioAtto?atto.dataPubblicazioneGazzetta=2003-07-29&atto.codiceRedazionale=003G0218&queryString=%3FmeseProvvedimento%3D%26formType%3Dricerca_semplice%26numeroArticolo%3D%26numeroProvvedimento%3D196%26testo%3D%26giornoProvvedimento%3D%26annoProvvedimento%3D2003&currentPage=1

diego

attachment.htm (3.54 KB)

Sounds interesting enough...
any poll tool opensource installed somewhere?
I suggest LimeSurvey, it's on any decent Linux distro...

> Finally, everything related to transferring data outside the EU is a complete
> mess. Basically it says "Ok, don't move the data outside, unless the new
> place has this adeguatezza thing, that we - the law makers - can change at
> a moment's notice" [*].
>
> I'm afraid this can be easily abused. Too me, this looks like legal infrastructure
> to quickly be able to raise a great firewall of China here in the EU too.

Can you elaborate on this? How does this help to implement a great firewall?

Well, think about services.

Take email, for instance. To disallow EU companies to use, say, Hushmail (based
in Canada) or ProtonMail (based in Switzerland) all it would take is to declare
those countries to be not "adequate" any more. I think this "disallowed
unless white listed" approach is dangerous.

As a reference: https://en.wikipedia.org/wiki/Great_Firewall

> There is also a chilling effect: people will opt to host data here for no
> other reason than uncertainty.

Do you have data about this?

I have only anecdotal evidence. A number of people that asked me about
service providers mentioned they wanted to be hosted in the EU specifically.
Also, service provider that are EU based stress this fact a lot in their ads.

> It reminds me of the Netzwerkdurchsetzungsgesetz in Germany, [...]

I think this opens a completely different topic.

Yeah, you're right.

Bye,
Chris.

Una ... (una bestemmia) ...

che dite, facciamo uno scherzetto didattico?

... lo si spedisce in formato Word 1.0?

:slight_smile: