Will LindenLab comply with the RGPD ?

[Innula Zenovka]

10 minutes ago, lavalois said:

the EU does have the power to order SecondLife to be blocked by all European Internet providers

Do they?   Could you please refer me the law that gives the EU the power to do this in the UK?   

[Phil Deakins]

I just don't get why some can't understand the simple fact that one country cannot make laws that must be adhered to in another country. - unless the other country says so. It's too plain.

What if I pass my personal data to a company in, say, Russia, or N.Korea (I don't want to offend anyone). Would businesses in those countries have to comply with the laws in my country? Of course not. And this is no different.

[samuel22200 Naxos]

16 minutes ago, Phil Deakins said:

I just don't get why some can't understand the simple fact that one country cannot make laws that must be adhered to in another country. - unless the other country says so. It's too plain.

What if I pass my personal data to a company in, say, Russia, or N.Korea (I don't want to offend anyone). Would businesses in those countries have to comply with the laws in my country? Of course not. And this is no different.

So why LL plans to comply if they don't have to ?   Please tell me I'm very interested

Edited May 9, 2018 by samuel22200 Naxos

[Louise Fyrewik]

14 minutes ago, Phil Deakins said:

I just don't get why some can't understand the simple fact that one country cannot make laws that must be adhered to in another country. - unless the other country says so. It's too plain.

What if I pass my personal data to a company in, say, Russia, or N.Korea (I don't want to offend anyone). Would businesses in those countries have to comply with the laws in my country? Of course not. And this is no different.

They would have to comply with the laws that protect this data, yes. Whether they do, is something else. Whether someone whose data is on a sever in N.Korea would complain is something else. But in principle they still have to comply, because it's European data. If they do not want to comply, they should block European data, as by accepting European data they accept the responsibility of having to comply. It's the same as when you decide not to accept ToS. of Secondlife. If you click no at the bottom of ToS you cannot get into Second Life. If you click yes, and decide not to comply and break ToS, you will have to face the concequences.

20 minutes ago, Innula Zenovka said:

Do they?   Could you please refer me the law that gives the EU the power to do this in the UK?   

In the Netherlands the court ordered all Dutch ISP to block the Pirate Bay. If something is possible just in the Netherlands, I would imagine it's certainly possible in the EU.

[Louise Fyrewik]

3 minutes ago, samuel22200 Naxos said:

So why LL plans to comply if they don't have to ?   Please tell me I'm very interested

They do have to. They handle European data, so they have to comply or face sanctions.

And really, this law is made much bigger than it is, most of the rules in the law were in place already. The new things in the law are mainly contingency plans for when a data leak occurs, Being able to explain why they keep the data on file. And needing explicit permission to store data. Basically all the SL Residents will notice is a new line in ToS, nothing more.

[samuel22200 Naxos]

27 minutes ago, Innula Zenovka said:

Do they?   Could you please refer me the law that gives the EU the power to do this in the UK?   

EU law is above all EU members country law. (except constitution)

Edited May 9, 2018 by samuel22200 Naxos

[Innula Zenovka]

19 minutes ago, Phil Deakins said:

I just don't get why some can't understand the simple fact that one country cannot make laws that must be adhered to in another country. - unless the other country says so. It's too plain.

What if I pass my personal data to a company in, say, Russia, or N.Korea (I don't want to offend anyone). Would businesses in those countries have to comply with the laws in my country? Of course not. And this is no different.

The simple fact is the countries can, and do, make such laws.   There's nothing new about that.   Examples that spring to mind where British courts have, at least in some circumstances,  jurisdiction over offences committed abroad would include various forms of fraud and money laundering, sexual offences involving minors, and war crimes and torture.    

[Innula Zenovka]

20 minutes ago, lavalois said:

In the Netherlands the court ordered all Dutch ISP to block the Pirate Bay. If something is possible just in the Netherlands, I would imagine it's certainly possible in the EU.

Yes, British courts have made similar orders, but that was not because the EU told them to but because various British IP holders complained that Pirate Bay and their users in the UK were breaking UK law by uploading and downloading materials belonging to them, contrary to British IP legislation.   The Briktish courts are able to make such orders because they have the power to, under section 97A of the Copyright, Designs and Patents Act 1988 http://www.legislation.gov.uk/ukpga/1988/48/section/97A.    Presumably there is similar legislation in The Netherdlands.

The UK's Data Protection Act, which gives force to the EU directive, contains various procedures the Information Commissioner make take to enforce decisions, but nowhere that I can see does it, nor Directive 95/46/EC (https://eur-lex.europa.eu/legal-content/en/TXT/?uri=CELEX%3A31995L0046) say anything about blocking access to particular websites.

 

Edited May 9, 2018 by Innula Zenovka

[Louise Fyrewik]

I'm not saying that is exactly in the law, but I am just saying that the EU would have the power to do so.

[Innula Zenovka]

18 minutes ago, samuel22200 Naxos said:

EU law is above all EU members country law. (except constitution)

Yes, yes, I know that.   Now please direct me to the appropriate EU law, or the national law in a particular jurisdiction,  that gives a court the power to direct ISPs to block access to US websites that are in breach of Directive 95/46/EC (the EU directive under discussion).

[Innula Zenovka]

1 minute ago, lavalois said:

I'm not saying that is exactly in the law, but I am just saying that the EU would have the power to do so.

The British Act of Parliament that gives force to EU directives on Data Protection is the Data Protection Act 1998 (as amended since then, obviously): https://www.legislation.gov.uk/ukpga/1998/29/contents.   It is overseen by the Information Commissioner's Office in the UK: https://ico.org.uk

Please tell me where the Data Protection Act, or the explanatory material on the ICO's site, or any EU law come to that, says anything about blocking access to websites outside the EEA.

[Phil Deakins]

2 hours ago, samuel22200 Naxos said:

So why LL plans to comply if they don't have to ?   Please tell me I'm very interested

I've no idea if LL is going to comply or not, but, if they do it'll be for one of two reasons:- (1) they simply choose to, and (2) the U.S. and the EU have agreed that certain EU laws will be alhered to in the U.S. and, presumably, written it into U.S. law. And vice versa, of course.

Why is it so difficult to understand that one country cannot make laws that apply to another country's people in their own country, unless their own country has laws to make it so? That's all this aspect of the discussion is about. It has nothing whatsoever to do with data of any kind. It is entirely to do with law, and who has to obey who's laws.

Edited May 9, 2018 by Phil Deakins

[Phil Deakins]

2 hours ago, Innula Zenovka said:

The simple fact is the countries can, and do, make such laws.   There's nothing new about that.   Examples that spring to mind where British courts have, at least in some circumstances,  jurisdiction over offences committed abroad would include various forms of fraud and money laundering, sexual offences involving minors, and war crimes and torture.    

But British courts don't have such jurisdiction, Innula. What they can do is try someone in Britain for offenses commited in Britain, even though the offender is in another country. They can apply for extradition in such cases too. What they can't do is try someone in Britian for an offense commited in another country, UNLESS it is against the British law for such acts to be commited in other countries.

It's really very simple - one country cannot make laws that people in other coutries have to obey - unless the laws in the other countries say they have to obey them. I can't fathom why anyone would argue against that statement.

[samuel22200 Naxos]

51 minutes ago, Phil Deakins said:

I've no idea if LL is going to comply or not, but, if they do it'll be for one of two reasons:- (1) they simply choose to, and (2) the U.S. and the EU have agreed that certain EU laws will be alhered to in the U.S. and, presumably, written it into U.S. law. And vice versa, of course.

Why is it so difficult to understand that one country cannot make laws that apply to another country's people in their own country, unless their own country has laws to make it so? That's all this aspect of the discussion is about. It has nothing whatsoever to do with data of any kind. It is entirely to do with law, and who has to obey who's laws.

Yes they will https://strawberrysingh.com/2018/05/04/gdpr/ . otherwise they will be sanctionned. That's why all internet services which aim europeans users are (1) complying (2) closing their service to europeans users. example

I think you have a too childish vision of the law.

 

http://www.businessminds.com/2018/03/09/what-countries-need-to-know-gdpr/

Quote

[...] It also applies to companies who either control or process data regarding an EU citizen.

It’s important to note that under GDPR, both processors and controllers are accountable for the handling of EU citizens’ personal data (processors – process data on behalf of another company which are the controllers).

All companies that fall under those categories must be compliant with all GDPR requirements. That is why it is important – even for non-EU companies – to understand and prepare for this.

 

[Linden Lab]

We have just published a blog on this that you can read in full here.

 

[Buttacwup Float]

12 minutes ago, Linden Lab said:

We have just published a blog on this that you can read in full here.

 

I was wondering about the verification process since so many people use alias's in SL it only makes sense they would need to verify first. 

[Phil Deakins]

53 minutes ago, samuel22200 Naxos said:

I think you have a too childish vision of the law.

No I don't. It's you who doesn't seem to undestand the simple fact about the way the world works. Either that, or, for some reason that I can't fathom, you're intent on complicating the simplicity of the fact that I wrote. I won't repeat the simple fact because it would be pointless.

[Coffee Pancake]

[Innula Zenovka]

6 hours ago, Phil Deakins said:

But British courts don't have such jurisdiction, Innula. What they can do is try someone in Britain for offenses commited in Britain, even though the offender is in another country. They can apply for extradition in such cases too. What they can't do is try someone in Britian for an offense commited in another country, UNLESS it is against the British law for such acts to be commited in other countries.

It's really very simple - one country cannot make laws that people in other coutries have to obey - unless the laws in the other countries say they have to obey them. I can't fathom why anyone would argue against that statement.

The House of Commons library would argue against it, I think, because a few years ago they published a long list of statutes which do allow the prosecution of acts committed abroad: https://publications.parliament.uk/pa/cm201213/cmselect/cmquad/419/41920.htm

That was all well before the EU regulation 2016/679 https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679&from=EN which, being a regulation rather than a directive, is apparently directly applicable in national law (though presumably it requires some sort of statutory instrument or order in council to bring it into effect in the UK).  The relevent bit is Article 3.2:

Quote

2.   This Regulation applies to the processing of personal data of data subjects who are in the Union by a controller or processor not established in the Union, where the processing activities are related to:

(a)the offering of goods or services, irrespective of whether a payment of the data subject is required, to such data subjects in the Union; or

(b)the monitoring of their behaviour as far as their behaviour takes place within the Union.

 

 

 

 

 

[Callum Meriman]

7 hours ago, Phil Deakins said:

Why is it so difficult to understand that one country cannot make laws that apply to another country's people in their own country, unless their own country has laws to make it so?

Kim Dotcom would disagree with you. As would any number of people who have suffered rendition at the hands of the USA.

[CheriColette]

3 hours ago, Callum Meriman said:

Kim Dotcom would disagree with you. As would any number of people who have suffered rendition at the hands of the USA.

And New Zealand law.

[CheriColette]

15 hours ago, lavalois said:

I'm not saying that is exactly in the law, but I am just saying that the EU would have the power to do so.

If China (The Great Firewall of China)  can do it to its citizens, why would the EU and other countries not try the same - all in the name of protection, of course.

Edited May 10, 2018 by CheriColette

[CheriColette]

NB...  this might all be irrelevant in a few months time for Britain uses....The UK has voted to leave the European Union. It is scheduled to depart at 2300hrs UK time on Friday 29 March, 2019.

[ChinRey]

13 hours ago, CheriColette said:

NB...  this might all be irrelevant in a few months time for Britain uses

Two insteresting allbeit rather longish articles about that:

https://blogdroiteuropeen.com/2017/03/09/brexit-implications-for-data-protection-in-the-uk-by-karen-mac-cullagh/

https://blogdroiteuropeen.com/2017/03/09/how-the-gdpr-rules-will-apply-to-the-uk-after-the-brexit-by-olivia-tambou-part-2/

 

 

Edited May 10, 2018 by ChinRey

[Callum Meriman]

2 hours ago, CheriColette said:

And New Zealand law.

In terms of Mr Dotcom, It's been proven in court already that it was not NZ law that allowed seizure and destruction of property by the US government, but it was in fact underhanded US influence used to subvert NZ laws. Similar actions happened from the French against Greenpeace last century.

Kim Dotcom and CIA rendition are both perfect examples of one country applying it's own laws into others where such laws would not hold water.