EU Explores Making GDPR Apply To EU Government Bodies... But With Much Lower Fines

from the good-for-the-goose,-not-so-good-for-the-gander dept

We recently wrote how various parts of the EU governing bodies were in violation of the GDPR, to which they noted that the GDPR doesn't actually apply to them for "legal reasons." In most of the articles about this, however, EU officials were quick to explain that there would be new similar regulations that did apply to EU governing bodies. Jason Smith at the site Indivigital, who kicked off much of this discussion by discovering loads of personal info on people hosted on EU servers, has a new post up looking at the proposals to apply GDPR-like regulations on the EU governing bodies itself.

There are two interesting points here. First, when this was initially proposed last year, the plan was to have it come into effect on the very same day as the GDPR went into effect: May 25, 2018, and that it was "essential" that the public understand that the EU itself was complying with the same rules as everyone else.

Essential however, from the perspective of the individual, is that the common principles throughout the EU data protection framework be applied consistently irrespective of who happens to be the data controller. It is also essential that the whole framework applies at the same time, that is, in May 2018, deadline for GDPR to be fully applicable.

Guess what didn't happen? Everything in the paragraph above. The EU forced everyone else to comply by May of this year. But gave itself extra time -- time in which it is not complying with the rules and brushing it off as no big deal, while simultaneously telling everyone else that it's easy to comply.

Also, while the GDPR puts incredible fines on those who fail to comply... the fines for if the EU doesn't comply (if this rule ever actually goes into effect) are much more limited. Under the GDPR, companies can be fined 20 million euros or 4% of revenue, whichever is higher, meaning that any smaller company can be put out of business, but the plan for the EU itself is for fines to top out at €50,000 per mistake, with a cap of €500,000 per year.

Must be nice when you're the government and can make different rules for yourself, while mocking anyone who thinks that the rules for everyone else are a bit too aggressive and onerous.

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: double standards, eu, eu commission, eu parliament, gdpr, high court, low court


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • icon
    That One Guy (profile), 12 Jun 2018 @ 3:14am

    Not helping your image here

    Under the GDPR, companies can be fined 20 million euros or 4% of revenue, whichever is higher, meaning that any smaller company can be put out of business, but the plan for the EU itself is for fines to top out at €50,000 per mistake, with a cap of €500,000 per year.

    So privacy violations are worth 20 million at a minimum when non-government groups engage in them, but when the government does it the maximum is half a million. The EU, the very ones pushing the law, could violate that same law ten times and face a penalty a fraction of the size anyone else would face for a single violation, with further violations carrying no penalty whatsoever.

    They couldn't have made it more clear that they believe themselves above the laws they demand everyone else follow if they'd flat out stated such.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 12 Jun 2018 @ 3:47am

      Re: Not helping your image here

      The other point to remember is that the government fining itself just moves the money into a different government budget, while harming the people the government is meant to serve.

      link to this | view in chronology ]

    • identicon
      Yes, I know I'm commenting anonymously, 12 Jun 2018 @ 3:51am

      Re: Not helping your image here

      Imagine this: an unaccountable, appointed committee that has the decisive vote on any new laws.
      I think they already have made it more clear...

      link to this | view in chronology ]

    • identicon
      tdlawyer, 12 Jun 2018 @ 9:02am

      Re: Not helping your image here

      Those aren't minimums — the law is worded in a funny way.

      The sentence starts "up to..." meaning that the maximum possible penalty is the higher of 10/20mn or 2/4% of revenue (depending on the violation type).

      So the EU (or specifically a local data protection agency) can decide to fine less than that amount, especially for smaller / good faith violations.

      link to this | view in chronology ]

      • identicon
        Anonymous Coward, 12 Jun 2018 @ 8:09pm

        Re: Re: Not helping your image here

        So the EU (or specifically a local data protection agency) can decide to fine less than that amount, especially for smaller / good faith violations.

        Or for political friends.

        link to this | view in chronology ]

    • icon
      Ninja (profile), 12 Jun 2018 @ 12:07pm

      Re: Not helping your image here

      "They couldn't have made it more clear that they believe themselves above the laws they demand everyone else follow if they'd flat out stated such."

      Or they are making it clear that they, the ones who came up with the law, can't guarantee they will always manage to follow it so they will cap the fines. Of course this considerin there was no ill intent when enacting the law.

      link to this | view in chronology ]

      • identicon
        Wendy Cockcroft, 13 Jun 2018 @ 7:12am

        Re: Re: Not helping your image here

        That's the EU Commission for you. Every Brexiter ever will complain that this is why they voted out but they either forget or flat out don't realise that the EU Commission (unelected) and EU Parliament (elected) are different things.

        That said, as Ninja pointed out, being colossal hypocrites who think they are above the law is not a good look.

        link to this | view in chronology ]

  • identicon
    Anonymous Coward, 12 Jun 2018 @ 4:53am

    "Legal reasons"

    Although it's an insufficient explanation by those concerned, it's probably best not to mock the "legal reasons" argument directly.
    Nobody's filed a murder charge against me for legal reasons. Those reasons being that I've not murdered anyone.

    "For legal reasons" is a commonly used shorthand in a lot of British reporting for well-known laws that aren't worth going over in the moment of reporting, for example, the prohibition against reporting the names of underaged defendants is usually explained as "cannot be named for legal reasons".

    It's particularly crap in this case, but it's definitely a well-worn phrase over on this side of the pond.

    link to this | view in chronology ]

    • icon
      JoeCool (profile), 12 Jun 2018 @ 5:18am

      Re: "Legal reasons"

      No, it's well worth mocking. Maybe it's old hat to those in Europe, but to those of us elsewhere being targeted and threatened by the law, a law not from our own governments, it's essentially "because fuck you, that's why."

      link to this | view in chronology ]

      • identicon
        Anonymous Coward, 12 Jun 2018 @ 5:53am

        Re: Re: "Legal reasons"

        but to those of us elsewhere being targeted and threatened by the law, a law not from our own governments, it's essentially "because fuck you, that's why."

        Exactly, why should I comply with DMCA and CFAA when I'm not a US citizen, and face criminal charges if I violate them, even if I've never visited or done business in the US? Oh, wait, you're talking about an EU regulation that only applies if you do business with EU citizens and the worst it can do is fine you. Yeah, that's so terrible. Carry on.

        link to this | view in chronology ]

        • icon
          JoeCool (profile), 12 Jun 2018 @ 7:58am

          Re: Re: Re: "Legal reasons"

          Nice bit of "what-about-ism". I'm fully against the CFAA and anything else hypocritical the US does. It still doesn't mean we don't have a right to complain about the EU's hypocrisy.

          link to this | view in chronology ]

    • icon
      crade (profile), 12 Jun 2018 @ 7:59am

      Re: "Legal reasons"

      just because it's commonly used doesn't mean it is the least bit valid. "because legal reasons" is as good and no better than "because reasons".

      link to this | view in chronology ]

  • icon
    That Anonymous Coward (profile), 12 Jun 2018 @ 5:01am

    Never question your betters peasants.
    They told you this was really easy & simple to comply with... and gave themselves more time & lower fines than they enforce on everyone else...

    Stay in your place, we know what is best... and what is best is making rules for you not us.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 12 Jun 2018 @ 5:34am

    since when do any rules that apply to everyone else ever apply to the rich, the famous (and their friends) to politicians or, of course, to governments? the way the whole world is being transformed now is into one that is controlled completely by the powerful with absolutely every 'right' being removed from us, the ordinary people! we are being spied on 24/7 and even the slightest of indiscretions are punished far beyond what is just or necessary, but done simply to 'keep us in line'!

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 12 Jun 2018 @ 6:36am

    Why is it that...

    the rich always seem to pay less?

    link to this | view in chronology ]

  • identicon
    Adrian Lopez, 12 Jun 2018 @ 5:31pm

    It's good to be the king.

    link to this | view in chronology ]

  • icon
    oliver (profile), 13 Jun 2018 @ 3:39am

    How about no?

    What was that Twisted Sister song again, "We're no longer take it..."
    That's what has to happen. Wide-spread EU-wide civil disobedience against this stupid law.
    I for on, do NOT welcome our new overlords!!

    GDPR delenda est!!!!

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 13 Jun 2018 @ 6:09pm

    In my country, deputies' working time doubles in comparison with the plebs' working time, meaning that deputies retire sooner with a great salary and then can get a new job at any company they helped crush the plebs, who have shitty salaries.

    It's great to be a polititian, isn't?

    link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.