EU GDPR Helpful Resources

As a follow up to my earlier post about EU General Data Protection Regulation, here are a few helpful resources:

EU General Data Protection Regulation (GDPR)

Here are a few things to get you started with European Union General Data Protection Regulation (GDPR).  First is a little introduction:

After four years of preparation and debate the GDPR was finally approved by the EU Parliament on 14 April 2016. It will enter in force 20 days after its publication in the EU Official Journal and will be directly application in all members states two years after this date. Enforcement date: 25 May 2018 – at which time those organizations in non-compliance will face heavy fines.

The EU General Data Protection Regulation (GDPR) replaces the Data Protection Directive 95/46/EC and was designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organizations across the region approach data privacy.

And now a few key points from the Frequently Asked Questions page:

Who does the GDPR affect?
The GDPR not only applies to organisations located within the EU but it will also apply to organisations located outside of the EU if they offer goods or services to, or monitor the behaviour of, EU data subjects. It applies to all companies processing and holding the personal data of data subjects residing in the European Union, regardless of the company’s location.

What are the penalties for non-compliance?
Organizations can be fined up to 4% of annual global turnover for breaching GDPR or €20 Million. This is the maximum fine that can be imposed for the most serious infringements e.g.not having sufficient customer consent to process data or violating the core of Privacy by Design concepts. There is a tiered approach to fines e.g. a company can be fined 2% for not having their records in order (article 28), not notifying the supervising authority and data subject about a breach or not conducting impact assessment. It is important to note that these rules apply to both controllers and processors — meaning ‘clouds’ will not be exempt from GDPR enforcement.

What constitutes personal data?
Any information related to a natural person or ‘Data Subject’, that can be used to directly or indirectly identify the person. It can be anything from a name, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer IP address.

Interesting, right? Have a nice day now.

Is VPN Legal in Your Country?

TheBestVPN.com published a study of whether or not VPNs are legal in 196 countries around the world.  There is a summary for each, and some links to details of the research.

VPNs are legal, generally.

It depends largely on the country you’re physically sitting in while using a VPN. But even then, their laws and restrictions are often opaque.  What’s legal vs. illegal is not always clear.  Some activities, while frowned upon, are still shrouded in grey area.  In this research we fact-checked 196 countries laws and their opinions on VPNs.

VPNs are illegal in: China, Turkey, Iraq, United Arab Emirates, Belarus, Oman.

VPNs are some-what illegal in: Iran, North-Korea, Turkmenistan.

P.S.: If you can’t access the links above, VPN is probably illegal (or at least blocked) in your country or region.

Open Source Lawyer as a Career

OpenSource.com runs this article on “What to know before jumping into a career as an open source lawyer“.  Whether or not you are planning to take that path, the article has a few interesting links and quotes.

Recently, at work, we’ve been trying to get a hold of a lawyer with Open Source experience.  Just for the consultation or two.  I wasn’t very optimistic about it, as I had a feeling those are rare beasts.  My suspicion was confirmed to a degree.  But this article reaffirms it even further:

Only a few dozen new grads a year are hired to do anything even vaguely involving open source. Only a few dozen lawyers in the entire world dedicate more than a quarter of their time to open source. Only a lucky handful, like those at Software Freedom Law Center (SFLC) and Software Freedom Conservancy (SFC), work primarily directly for communities and volunteer developers.

The article also links to a couple of books on the subject, which I’m pretty sure I’ll need to buy and read soon, unless we find somebody who is actually a lawyer and has done some work in Open Source space.

The first one is “The Tech Contracts Handbook: Cloud Computing Agreements, Software Licenses, and Other IT Contracts for Lawyers and Businesspeople“.

The Tech Contracts Handbook is a practical, user-friendly reference manual and training guide on cloud computing agreements, software licenses, and other IT contracts. It’s a clause-by-clause “how to” resource, covering the issues at stake and offering negotiation tips and sample contract language.

The Handbook is for both lawyers and businesspeople — including contract managers, procurement officers, in-house and outside counsel, salespeople, and anyone else responsible for getting IT deals done. Perhaps, most important, it uses clear, simple English, like a good contract.

Topics covered include:

  • Software-as-a-service (SaaS) subscriptions
  • Warranties and service level agreements (SLA’s)
  • Data security and privacy
  • Indemnities
  • Disaster recovery (DR)
  • Non-competes
  • Limitations of liability
  • Clickwraps
  • Open source software
  • Nondisclosure agreements (NDA’s) and confidentiality
  • Technology escrow
  • Copyright and other intellectual property (IP) licensing
  • Internet and e-commerce contracts
  • And much more …

The second one is “A Primer on Intellectual Property Licensing“.

A PRIMER ON INTELLECTUAL PROPERTY LICENSING (Second Edition) is a compact, practical guide to one of the most dynamic and popular areas of legal practice today-intellectual property licensing. Developed by an attorney in private practice who specializes in Silicon Valley technology licensing, this guide presents the basic rules of law you need to know for a licensing practice, along with helpful examples of contractual language, practice tips, and insights on custom and practice in the industry. This textbook is appropriate for a law school or business school seminar, or for practicing attorneys who wish to expand their practice into this exciting field. Individual chapters from this text are also available for seminars and CLE presentations (in electronic format).

GPL defense issues

A friend sent me a link to this email from Linus Torvalds to the Kernel Summit Discussion mailing list.  The subject of the conversation is the General Public License (GPL) and whether or not it should be enforced in courts.  Read the whole thing – it’s quite interesting.  Here are a few snippets just to get you started:

Let’s be clear about this: lawsuits destroy. They don’t “protect”.

Lawsuits destroy community. They destroy trust. They would destroy all the goodwill we’ve built up over the years by being nice.

And then this:

Because lawsuits – and even threats of lawsuits – makes companies way less likely to see you as a good guy. Even when you’re threatening
somebody else, everybody else around the target starts getting really
really antsy.

I talked to an Oracle lawyer a few months ago, and told him their
lawsuit just makes Oracle look bad. The lawyer was dismissive, and
tried to explain how it’s silly how people take lawsuits personally,
and talked about how layers _understand_ that lawsuits aren’t
personal, and that they are still friends outside the court.

I’m sure a lawyer can “understand” how lawsuits aren’t actually
something personal at all, but lawyers really seem to be the *only*
people who “understand” that.

The fact is, lawsuits (and threats of lawsuits) do not make for
friends. You just look like a bully.