back to article GDPR USA? 'A year ago, hell no ... More people are open to it now' – House Rep says EU-like law may be mulled

The rash of high-profile IT security breaches, data thefts, and other hacks that have erupted over the last year or so may push US legislators to consider laws similar to Europe's privacy-protecting GDPR. This is according to Representative Will Hurd (R-TX), who told attendees at the Aspen Cyber Summit in San Francisco today …

  1. Anonymous Coward
    Anonymous Coward

    I don't care what they do

    Anything would be an improvement over the wild west we have over here now!

    1. wolfetone Silver badge

      Re: I don't care what they do

      "Anything would be an improvement over the wild west we have over here now!"

      You say that like it's never been the wild west over there?

    2. Anonymous Coward
      Anonymous Coward

      "A year ago, the answer would have been not 'no,' but 'hell no."

      Anything would be an improvement, but that statement show how much unfit for the role they are - all the issues were on the table and easy to see - but they didn't dare to touch big campaign donors until citizen were actually hurt in a big way. Time will tell if they really changed opinion, or will just put lipstick on the pig to calm down outrage until the next big breach....

    3. veti Silver badge

      Re: I don't care what they do

      "Anything" would be an improvement?

      I've learned never to say that. People tend to take it as a challenge.

  2. fluffybunnyuk
    Devil

    It'll be like homeopathy. 1 drop of GDPR in an ocean of vested interests. Any observable effect would need a quantum tunneling microscope to see it.

    1. andifox@rogers.com

      Go fluffybunnyukdemon

      LOL in the panopticon - thanks

  3. Barrie Shepherd

    All I have seen the GDPR do is litter my mailbox with companies wanting me to confirm that I agree to them continuing to send me junk, and that they can collect all sorts of data from me not relevant to their business together with web pages wanting the same with little or no option to opt out of the tracking and info snooping they bury in their page. It has not stopped anything as far as I can see only legitimatised it.

    My life is not simpler with the GDPR nor do I consider I am safer from unnecessary tracking and snooping, just that it's all done 'legally'.

    1. Anonymous Coward
      Anonymous Coward

      Re: All I have seen the GDPR do...

      Prezactly.

      I have a web site. I ought to put a cookie policy on it.

      "This site does not use store or indeed keep any personal information about its visitors for any purpose whatsoever, and cookies are - unless you use the donation page - entirely superfluous to its operation"

      If you are not happy with this policy, you are probably trying to make money out of suckers, and you are that which rhymes with them, so suck off."

      1. andifox@rogers.com

        A.Coward-YES, DO THAT

        Posilutely, no joke. Are you joking? I see the occasional site with such a notice. Like a tap-dancing Pope giving money away- a glimpse of a better world.

    2. Mr Han

      I see still see many UK sites with opt-in or excessive clicking to 'confirm' you haven't opted-in. I'm hoping that fines will eventually start to roll in and this will change, but I'm not holding my breath.

      Incidentally, if you're interested, the ICO has a survey to collect views on privacy for children. It's open until 5th December. However, when I clicked the link on the ICO homepage it said I'd already completed the survey. I had to go to the survey homepage and click on the surevy from there.

      It's a long survey, I think about 30 minutes if you take your time, but well worth doing.

      1. Barrie Shepherd

        "Incidentally, if you're interested, the ICO has a survey to collect views on privacy for children."

        Why single children out ?- lets us all have the same level of privacy.

    3. 0laf

      GDPR is certainly moving businesses and processes in the background even if you're not seeing it. Big companies are very scared by GDPR. What you might be seeing now is the initial overreaction which will likely calm down.

    4. ToddRundgrensUtopia

      @Barrie Shepherd

      You will be safer Barrie because companies will be forced to improve, both security and the ability to identify records after a breach. This will happen as companies really are scared of massive fines.

      1. Charles 9

        But it'll be interesting to see if some firms, especially big ones, find it easier to lawyer their way out of it. I've yet to see a method which is totally lawyer-proof.

      2. This post has been deleted by its author

      3. Anonymous Coward
        Anonymous Coward

        This will happen as companies really are scared of massive fines.

        The sarcasm is strong in this one.

      4. andifox@rogers.com

        Todd Rundgren to@Barrie Shepherd: Big Data scared of fines: ya think?

        Todd- Big "companies really are scared of massive fines?" Hope so; but the record in the USA is NOT.

        Since 2007-8 economic meltdown, U.S. DOJ & SEC have not got a criminal conviction against a single one of the big insurers, mortgage co.s, finance co.s, &other corp.s or their execs that helped make it happen & ruined hundreds of millions of people globally. In every case, they have "settled."In plainspeak that's a big fine, w/no criminal charge or record. This was never the case before -e.g. in the bubbles-&-busts of the S&Ls (80s), the M&As (90s), the tech bubble (00)s. All issued in prosecutions, criminal charges & jail for at least the most visible & egregious criminals. THAT scared them. The BO Admin was the 1st to score 0 criminal charges & convictions, , in this, the worst bust s ince the big one 1920s-30s - & one that is set to repeat, according to many uneasy investors. The Trump Admin seems to be following suit. These executive gangsters have set aside billions in invested funds as a "cost of doing business," to cover now-regular giant govt. fines. They continue to defraud customers & violate laws REGULARLY, in what financial papers are obliged to euphemize w/terms like "mismanagement." I expect big data firms to do the same going forward. Too plush to fail, these golden geese? -unlike the p opulations they've ravaged. // Eschew spyware media & INFOTAINMENT. Read the Financial Times, WSJ, biz sections of papers: follow the money- there's the genuine news.

      5. Barrie Shepherd

        Will I be safer?

        As I see it rather than limit the data and tracking collected about us the GDPR has just allowed organisations to 'legitimately' hold that data. When a data breech occurs yes there may be large fines BUT our data has been swiped - a large fine does not help the individual. It may focus the minds of companies but they will balance the potential fine against cost of Lawyers to avoid the fine.

        What we needed was the GDPR to STOP irrelevant data collection and tracking. I should have the ability to say NO you don't need my DOB to sell me a camera NO I don't want your tracking cookies on my computer, I don't ant my browsing experience 'enhanced' as I don't want to receive targeted advertising and the like.

        1. Charles 9

          "What we needed was the GDPR to STOP irrelevant data collection and tracking."

          Laws won't stop that. Companies are big enough and shrewd enough to lawyer their way around them. Nol the only solution is to Fix Stupid and make it so that a sizeable number of people (enough to seriously affect their bottom line) make it a non-starter: threaten to turn everything into a cash-and-carry transaction unless websites start allowing the same: no exceptions. Until then, you're decidedly in the minority, and your money just doesn't speak loud enough.

        2. jeremylloyd

          To some extent you are missing the point. GDPR hasn't legitimised something which previously wasn't legitimate.

          In the first instance GDPR requires companies to be transparent as to their operations. Now you can make a valued choice as to whether to use a particular supplier or not based on the information they now have to provide. Before you had no idea how your data was being used. If they don't provide the information you expect, don't use that supplier.

          Next, GDPR does fundamentally require companies to minimise the data they collect, how long it is kept for and to protect the confidentiality, integrity and availability of that data.

          Next, companies that don't perform are (1) going to get wrist slapped then fined; (2) lose business as customers will start switching to suppliers who are more enlightened about the protection of their customer's data.

          This problem was never going to be fixed like turning on a light switch, but it is a big step forwards.

          1. Charles 9

            "This problem was never going to be fixed like turning on a light switch, but it is a big step forwards."

            No, unless it IS light-switch no-wiggle-room, they'll just find ways around it. That's always been the thing with business, especially BIG business: they' like sovereign entities unto themselves who just work their way around any obstacle. After all, they can play sovereignty against countries.

  4. Doctor Syntax Silver badge

    I'm not sure the analogy with dropping babies is a good one. I've never been aware of the implied right way to drop one.

    1. Anonymous Coward
      Anonymous Coward

      Re:: baby dropping

      In true Socialist countries, every baby is stamped on its head 'this way up' as the indoctrinated parents simply did not know this before and had to be told.,

    2. veti Silver badge

      If you take every reasonable precaution but still get wrongfooted by something you couldn't have foreseen, then that's not exactly a right way to drop them, but at least you haven't done anything wrong.

      Accidit stercore, as the legal doctrine has it.

      1. Charles 9

        IOW, making something foolproof only leads to better fools coming along, able to do things so audacious it boggles the mind. And as a comedian said, You Can't Fix Stupid.

  5. Jamie Jones Silver badge
    Happy

    Kudos to him

    I've never heard of Representative Will Hurd (R-TX), but it's refreshing for a politician to have an open mind, admit they've changed their mind, and may even be wrong.

    That's the sort of speaking that raises my confidence in such people

    1. pɹɐʍoɔ snoɯʎuouɐ

      Re: Kudos to him

      but it's refreshing for a politician to have an open mind, admit they've changed their mind, and may even be wrong.

      That's the sort of speaking that raises my confidence in such people

      its that sort of talk that makes me worry what the real motive is....

      1. Eddy Ito

        Re: Kudos to him

        I believe it's called "reaching across the aisle". It also won't hurt his potential influence to be seen as someone willing to be an intermediary in such contentious times especially since his road trip with Beto.

        P.S. I'd put money on him being a presidential candidates in the near future, 2024 perhaps.

        1. Charles 9

          Re: Kudos to him

          Reaching Across the Aisle...or Consorting with The Enemy?

  6. Anonymous Coward
    Anonymous Coward

    Inquiring minds

    What happens if the US does enact a privacy statute and it doesn't match the EU version? Is tougher better, or weaker? Is there any chance the EU could modify theirs to compromise, assuming that's needed?

    1. Saruman the White Silver badge

      Re: Inquiring minds

      Brussels will never agree to weaken GDPR, that could be seen as an admission that they might have got something wrong, and hence is completely against their standard dogma.

      I very much doubt that Washington will enact something as tough as GDPR since there will be too many "interested" parties who will be busy buying the votes of Congress/Senate critters to let anything through like that.

    2. Spazturtle Silver badge

      Re: Inquiring minds

      If the US wanted something as tough as GDRP they could just adopt GDPR and become a GDPR compliant nation.

      If they do introduce a data protection law it will likely be weaker.

    3. ToddRundgrensUtopia

      Re: Inquiring minds

      Big John

      Why should they change it? There is no reason why all privacy regimes should be the same.

      1. Charles 9

        Re: Inquiring minds

        Yes there is: rights clash.

        Suppose something is illegal in the US while its OPPOSITE is illegal in the EU? Puts you in a real bind, doesn't it?

        1. codejunky Silver badge

          Re: Inquiring minds

          @ Charles 9

          "Suppose something is illegal in the US while its OPPOSITE is illegal in the EU? Puts you in a real bind, doesn't it?"

          Only when a nation doesnt realise where its border is. Unfortunately we are talking about the US and EU so that could confuse them.

          1. Eddy Ito

            Re: Inquiring minds

            I think I see the problem between the EU and US. I'm pretty sure it's the common letter that causes the confusion. Let's see if I can explain graphically.

            EU-----US > EU---US > EU-US > EUUS > EUS!!!

            See, it's really hard to determine where one ends and the other starts.

            Granted, both do it with the entire world and in a much less direct way than Russia and China do with actual land grabs but the principle is the same.

          2. Carpet Deal 'em
            Holmes

            Re: Inquiring minds

            "Only when a nation doesnt realise where its border is."

            What about companies whose platform is global? In the US, there are "town square" laws that demand that everybody be given their soapbox in places of public congregation(the details vary, but California in particular has some strong protections in its constitution); these haven't yet been applied to the online world, but doing so would be in direct conflict with various European laws demanding Facebook, Twitter, etc take down posts the government deems "extremist". Not privacy-related, but a decent example of how direct conflicts can exist.

            1. codejunky Silver badge

              Re: Inquiring minds

              @ Carpet Deal 'em

              "Not privacy-related, but a decent example of how direct conflicts can exist."

              You are right conflicts can exist. The internet was considered free (from interference) at one point and people were proud of that. As time has gone on the legitimately concerned got dangerous things censored and now with the beigists wanting everything banned it is going daft. But it is up to each country what their restrictions are and even if they wish to block stuff.

              Access to online content can be and is different in various countries (yes I know VPN gets around it) so a nations borders are at its borders. Aka if it is legal in one but not the other, neither has the right to dictate even if that concept is beyond some politicians.

              1. Charles 9

                Re: Inquiring minds

                But now you can have a sovereignty conflict. Suppose a site based in one country with NO laws regarding online behavior has to cater to users from one country where their laws REQUIRE you allow their content AND those from another country that FORBIDS the same content?

                Whose policy applies, as each country is sovereign and has skin in the matter (one is hosting, the other two's citizens are involved)?

        2. Spanners Silver badge
          Flame

          Re: Inquiring minds

          I suppose that this is what has got our spooks in trouble.

          US law seems to be that (some types of) torture is legal. Other countries have laws that say that torture is illegal. This seem to have got UK intelligence in trouble for allowing torture by the USA,

          Yes, they are in a real bind but not as big as the poor sods being tortured!

    4. Anonymous Coward
      Anonymous Coward

      Re: Inquiring minds

      Is there any chance the EU could modify theirs to compromise, assuming that's needed?

      You think weaker data protection might be needed? Wow.

  7. a_yank_lurker

    Chinese Option

    One item that will not be in any law is the Chinese option for the C-suites - execution. I am dubious that a GPDR like law will have all that much effect on the real miscreants as it is only talking fines. Wyden's idea of prison terms might have an effect on the few C-suites that can spell ethics let alone have any. The others will some sterner persuasion - the Chinese option. But I doubt it would pass muster with the Nine Seniles as would prison terms also not pass muster with them. So we are left with fines that again might not pass muster with the Nine Seniles.

    1. Charles 9

      Re: Chinese Option

      "One item that will not be in any law is the Chinese option for the C-suites - execution."

      Besides, I would think savvy Western execs already have the answer to the Chinese solution: preplanned scapegoats.

  8. Potemkine! Silver badge

    GDPR is a good thing

    Among other things, It forced many companies to have a look on the data they store, and a lot of personal data were wiped to conform to the Law. A big enhancement in security: lots of data waiting to be stolen have now vanished.

    GDPR isn't perfect - nothing is - but it's a good law, it gives at last some power to the citizens to protect themselves against the invasive actions of greedy corporations.

    1. Anonymous Coward
      Anonymous Coward

      Re: GDPR is a good thing

      The data wasn't just wiped. It was simply sold to an Indian corporation and THEN wiped.

      I know this because they phoned me yesterday about the accident that wasn't my fault.

      I agreed that the EU was an accident and not my fault, but they didn't hold out much hope for a settlement.

  9. Anonymous Coward
    Anonymous Coward

    The o;ld adage

    If it moves, salute it

    If it doesn't paint it

    If it's information, control it.

    Politics is the last refuge of the psychopath.

  10. James 51
    Big Brother

    Anyone else read the subheading as Mega-hacks nude Congress to consider privacy standard...Anyone got any strong mind bleach handy?

  11. Anonymous Coward
    Anonymous Coward

    Keep the politics out please

    "a Democrat-controlled House begins its next session in January. For the next two months, Republicans still hold "

    Sorry to inform you, but thinking that there is a difference in policies between the two corporate puppets is ridicules. The seats change bodies, but the bribes and blackmail come from the same people/companies. The presentation is different, one in a dress screaming, the other in a suit rumbling, but the exact same wars, corruption, and policies happen no matter what color their shirt is.

    However, more laws is what they want, and I'm sure they are figuring out how to make a profit off of GDPR type laws. Just watch for that twist and exceptions that make it the opposite of the presented intent - just like the Patriot Act.

    1. Charles 9

      Re: Keep the politics out please

      So you're basically saying human society as a whole is doomed...

  12. Gnosis_Carmot

    The real problem is

    most of the worst offenders have based their entire business on doing the exact opposite of GDPR. This would kill them.

    1. Charles 9

      Re: The real problem is

      Or they'll get smart enough to worm or lawyer their way out of it.

  13. Anonymous Coward
    Anonymous Coward

    In other words ...

    ... members of Congress are gearing up to shake down digital-information companies for bigger campaign contributions, positive media buzz, better side-door payoffs to their relatives, and more generous revolving-door payoffs for themselves. Oh, and more of those juicy insider stock tips, too. After all, you can't use public service to get even richer if you only rely on your federal salary and expense account.

  14. pikushabeer

    GDPR is positively moving organizations and cycles behind the scenes regardless of whether you're not seeing it. Enormous organizations are exceptionally terrified by GDPR. What you may be seeing presently is the underlying overcompensation which will probably quiet down https://seersco.com/articles/gdpr-policy-template/

    1. Charles 9

      It is really moving them in a positive direction...or are they just trying to find ways to wiggle out of the law?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like