nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Whois vs GDPR, latest news

From: JORDI PALET MARTINEZ via NANOG <nanog () nanog org>
Date: Sat, 26 May 2018 13:30:45 +0200
I don't think, in general the DPAs need to use lawsuits.

If they discover (by their own, or by means of a customer claim) that a company (never mind is from the EU or outside) 
is not following the GDPR, they will just fine it and the corresponding government authorities are the responsible to 
cash the fine, even with "bank account embargos". If the company is outside the EU, but there are agreements with that 
country, they can proceed to that via the third country authorities.

Same as when you don't pay a traffic fine in the EU and you are from non-EU countries (some allow the embargo, others 
not).

This has been happening, in most of the EU countries for a while. In recent months, the Spanish DPA has ordered fines 
of 600.000 euros (with the previous law, LOPD), to companies such as Facebook, Google, Whatsapp, and many others ...

Regards,
Jordi
 
 

-----Mensaje original-----
De: NANOG <nanog-bounces () nanog org> en nombre de Nick Hilliard <nick () foobar org>
Fecha: sábado, 26 de mayo de 2018, 11:29
Para: Seth Mattinen <sethm () rollernet us>
CC: <nanog () nanog org>
Asunto: Re: Whois vs GDPR, latest news

    Seth Mattinen wrote on 26/05/2018 08:41:
    > Good luck getting multiple millions worth of fines out of small 
    > businesses that never even touch a million a year in revenue, let alone 
    > the added expenses of trying to do all the crap GDPR thinks everyone can 
    > suddenly afford out of nowhere.
    
    You can put the straw man away - Europe isn't the US.  No Data 
    Protection Authority in Europe is going to sue a mom & pop business in 
    the US for millions because they haven't clarified their cookies policy. 
    The upper limits of the fines are aimed at the robber barons of the world.
    
    The DPAs in Europe are for the most part lawsuit-averse and engage with 
    companies to build alignment rather than taking the punitive approach 
    and liberally dishing out lawsuits and fines.  The emphasis on GDPR 
    compliance is aiming at reasonable steps rather than pretending that 
    every organisation is going to end up redesigning their entire existence 
    around GDPR on may 25.
    
    Nick
    



**********************************************
IPv4 is over
Are you ready for the new Internet ?
http://www.consulintel.es
The IPv6 Company

This electronic message contains information which may be privileged or confidential. The information is intended to be 
for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, 
distribution or use of the contents of this information, even if partially, including attached files, is strictly 
prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any 
disclosure, copying, distribution or use of the contents of this information, even if partially, including attached 
files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to 
inform about this communication and delete it.
Previous By Date Next
Previous By Thread Next

Current thread: