On Thursday, the EU reached a compromise for a new General Data Protection Regulation. I would like to offer two short comments.
First, the timing is interesting: One day later, a new law came into force that introduces increased surveillance of German internet users, and the US is also about implement a law that subjects American citizen to increased surveillance. (See my last blog post for more context.)
Secondly, the EU claims that the new data protection will allow “data portability”: It will be easier for users to access their own data and to migrate with their data to a different company / service. For this to work, the law needs to be well-written (not clear yet); it needs to be efficiently enforced (doubtful given the current attitudes to privacy law violations); and the law needs to come into effect (definitely not earlier than 2018).
Anyway, I am happy that KDE signed the User Data Manifesto 2.0 a few months ago. Why wait for official legislation when we can do the right thing right now?