Calling Brussels: What Is Happening With GDPR?

GDPR has been in effect for a month today. Lawsuits have been filed, surveys have been done, and the UK has taken some action. But in Brussels there is only silence. 

The last announcement on the EU’s data protection site was on May 31. Either the entire world is in compliance or the EU’s data police are out of the office.

Where are those ruinous fines the EU has warned us about? 

Meanwhile, confusion reigns. For example, The Register reports that many non-EU websites are locking out non-EU users. Pottery Barn says on its site that “due to technical challenges caused by new regulations in Europe,” it is not accepting orders from the EU. 

Some media sites, like Tronc, are also blocking EU residents, The Register continues.

This is an iffy game, considering that GDPR requires that EU citizens who live elsewhere are also protected by the law.

"The GDPR gives rights based on location not citizenship," says Alexander Stern,  Alexander Stern, an attorney and CEO of Attorney IO, LLC. "When an EU citizen moves elsewhere, they keep the rights they had over data transmitted while in the EU. However, new data they transmit is not covered. So if Pottery Barn never had any of these people's data while they were in the EU, the argument would be that the GDPR does not apply to them at all."



Stern adds, however, that there is a corollary that companies such as Pottery Barn seem to underestimate: 

"Companies that think they are safe by merely blocking EU IP addresses are engaging in wishful thinking. Many people use VPNs (virtual private networks) which change the IP address of the user. So, it is common for people to be in the EU yet have their IP addresses appear to be somewhere else in the world. These users have the same GDPR rights as those not using a VPN."

Then there is the confusion that still seems to exist about differing laws — for example, over the potential conflict between GDPR and the EU’s PSD2 (Revised Payment Service Directive). This rule opens up financial payments to third parties like Facebook and Google, and it requires that banks share information with them. 

Amit Dua, global head of client operations for SunTec, speculates that GDPR and PSD2 contradict each other. “How can businesses possibly juggle the two seemingly contradictory regulations?” he asks on ITProPortal.  

Dua concludes that while the two laws seem to be contradictory, they will lead to “a much needed acceleration of their digital transformation process by placing the customer in the centre.”

As for the lack of comment from iBrussels, Stern says that there has been "a significant but expected silence from regulators since the GDPR went live. We are now at the phase of a new law where complaints are filed and slowly processed. Major US technology companies have been hit with lawsuits seeking billions of dollars. The legal system will take these cases very seriously, which means a ton of time needs to be spent on them. It could be years before the first major judgment is issued. In a few years it may look like out of nowhere the EU is issuing billion dollar fines. That is only because the nuances of these lawsuits may not be of interest to the general public before there is a judgment"

We will see. But it proves again that consumers themselves will suffer the most under GDPR if companies can't figure these things out.

In perhaps the worst piece of absurdity to date, a man complains that he was locked out of his hotel room because of a “GDPR update on the door system,” the Register notes.



2 comments about "Calling Brussels: What Is Happening With GDPR?".
Check to receive email when comments are posted.
  1. Robin Caller from LOLA GROVE, June 26, 2018 at 3:26 a.m.

    No offence to Pottery Barn, but I don't think they're going to be the bellwether for consumer suffering! 

  2. Robin Caller from LOLA GROVE, June 26, 2018 at 3:26 a.m.

    No offence to Pottery Barn, but I don't think they're going to be the bellwether for consumer suffering! 

Next story loading loading..