It shouldn't be. In 2006, the Commission proposed, and Parliament agreed on, the Data Retention Directive. It forced all ISPs to save all browsing data on everyone for 6-24 months.
The idea that the commission or Parliament in any way cares about privacy is nonsense.
I often take a pessimistic view to such good-looking things too.
But taking a look at your first link, it appears to already not be in force anymore? For the same reasons that the new recommendation is being drafted- government surveillance violates fundamental rights to privacy.
"On 8 April 2014, the Court of Justice of the European Union declared the Directive 2006/24/EC invalid for violating fundamental rights. The Council's Legal Services have been reported to have stated in closed session that paragraph 59 of the European Court of Justice's ruling "suggests that general and blanket data retention is no longer possible".[15] A legal opinion funded by the Greens/EFA Group in the European Parliament finds that the blanket retention data of unsuspicious persons generally violates the EU Charter of Fundamental Rights, both in regard to national telecommunications data retention laws and to similar EU data retention schemes (PNR, TFTP, TFTS, LEA access to EES, Eurodac, VIS)."
As such it seems this law makes sense but it also seems to do little about some other problems. I have started to think lately that what is best is a law to forbid espionage on people. Like, you cannot collect and/or store large portions of the peoples browser history. Also, it should be forbidden for the data of one service to be shared with another. Like the example of facebook and whatsapp sharing their data.
But privacy laws are pointless and should be repealed.
All this noise about cookie privacy, fingerprinting, FLoC, tracking, etc. --- what are the actual harms that make these things bad? Has anyone in the real world ever experienced a concrete harm arising from interest targeting? Doubtful.
The EU privacy regime imposes a heavy regulatory burden in exchange for nothing. Information is a non-rivalrous good. Further limiting its dissemination will increase friction all over the internet, impose new transaction costs on previously free interactions, and make the whole network less useful for everyone. And for what? Assuaging the paranoia of a tiny fragile and vocal minority of privacy activists? Sorry, but that's not worth breaking the internet.
All of these data-retention laws are not about protecting people from terrorism or child pornography. They are about big interests being able to better manage their information. So that less of it can leak out and damage the institution.
No doubt that all sorts of quasi-government organisations and big businesses are going to use this to ensure that no bad information will leak out.
I'm feeling really manipulated by the media here. So if I am understanding this correctly, this is what ISPs have already been doing forever, and it will continue. There was a new rule put in place to increase privacy protections, but it wasn't in effect yet, and that rule is what is being rescinded.
So the status quo is being maintained, Telecommunications Act already makes it illegal to sell personally identifiable information, and there is no browser history apocalypse coming.
There is no other way to say this: that is a simplistic non-solution.
This is akin to saying: if you desire privacy, you can just clear your cookies.
There will always be a way to find these "name reset" folks - the privacy policies if services will have sentences like "to combat fraud..." "to protect the service..."
This will seem reasonable because one person desiring privacy shouldn't be able to skip out on a utility bill!
Without regulation - strong regulation - this won't change anything. Unfortunately it seems like anti-business regulation rarely works - if bills progress, they are defanged at the last minute.
The reason the EU has these laws is they remember people being put to death, even with minimal data collected in the pen-and-paper era.
Even though the US had pearl harbor, they haven't had their data pearl harbor moment.
I worry that we might have passed a "point of no dissent", where groups and even individuals in favor of privacy regulation can be surgically removed from dissent.
It is not unreasonable, I agree. However, the privacy laws passed by government are mostly intended to play performative and punitive role, and actual interest of the people in balancing their privacy and usability concerns are tertiary at best. The politicians pass those laws to look good on one side, and to attack the companies on the other. User concerns are mostly ignored.
Seems they will reconsider this after the elections. So there is time, depressing as it is. As has been said here before : every country will eat away at privacy every few years with similar proposals that failed a few years before. Until they succeed.
We wanted data protection, we got data protection. The commission is losing in court with its idea to give data away (e.g. privacy shield invented by commission, stopped by the court).
To me, this is like requiring auto makers to install GPS in their cars to track driving data. Sure, it's not just given to the government. The automakers hold on to that data. That way, if there is any suspicion of criminal activity, a warrant for the whereabouts of a particular person can be retrieved. "It's for the children!"
How can such a bill be legal? The government can't search my computer records without a warrant being issued for reasonable cause. They're attempting to bypass this by mandating the ISP intermediaries retain said records for 1.5 years. I don't know. It just seems way to grey-area.
I'm just tired, to be honest. Even if we prevent this exact law (proposal), a few years down the line there probably will be another attempt. And again, and again. Just like it happend with the mandatory data retention laws for ISPs.
I really try to stay optimistic on this topic, but it's really hard. :/
That particular piece of legislation is just annoying. Some of the other privacy legislation is very good, though, as is the extension of consumer protection laws to online shops.
Just because the FCC is 15 years behind the times on this doesn't make it a bad idea.
Google, Facebook, and advertising networks with over a certain percentage of the market should absolutely be subject to privacy regulation as well (and likely will be in another 15 years).
This is the EU, bad laws do get repealed, for example, the data retention directive was annulled for violating fundamental rights of privacy. It's not completely eradicated from national laws yet in every country but it's on its way.
While there certainly is room to improve privacy legislation, it must be done carefully. More legislation is not always better. For example, I'm strongly against forcing search engines to remove entries based on a single person's 'right to forget.'
Legislation will always lag behind reality here but if there was political will, you could still have privacy protected. It is not about regulating technicalities and more about legislating the ownership of data and how and if that ownership can be transferred. This would and should also impact trade with data and its market value that is hard to understand for most people.
The idea that the commission or Parliament in any way cares about privacy is nonsense.
reply