Home Forums The Art Business Center General Art Business Legal Corner On May,General Data Protection Regulation (GDPR) a EU law will take effect worldwide

Viewing 6 posts - 1 through 6 (of 6 total)
  • Author
    Posts
  • #451965
    zardoz71
    Default

        Well I am in the process to redesign my webpage and that seems the right time to read into all the new regulations that this new law GDPR or DSGVO how we call it in Germany will unleash on us at May 25, 2018. This is a EU law that will effect anyone that does business and/or store data with EU citizens and it dosen’t matter if you are in the US or elsewhere in the world.

        So even if you don’t sell any kind of paintings to the EU and that moment where your webpage store data like via cookies, use google analytics or send out newsletters you need to follow some rules and considering this law is not toothless, because you can get fines up to 20 million € or 4% annual global turnover, it’s a good idea to follow it.

        So if you are in the EU it’s time to work on it and if you are outside you should do the same because even if you are not an easy target(I count on it that Germany lawyers will go after Germans first :evil: ), nobody likes to get e.g. the Paypal account frozen just because you have never heard about this and breached some EU law in California.

        For more indeepth read more articles e.g.

        Of course, an EU-based company or multinational corporation that does business in the EU is, we hope, well on the way to complying with the GDPR. But what about U.S. companies that have no direct business operations in any one of the 28 member states of the European Union. They have nothing to worry about, right?

        Not true.

        Any U.S. company that has a Web presence (and who doesn’t?) and markets their products over the Web will have some homework to do.

        https://www.forbes.com/sites/forbestechcouncil/2017/12/04/yes-the-gdpr-will-affect-your-u-s-based-business/#2905142f6ff2

        If you’ve been following the headlines, you know that a day doesn’t pass without a reference to the “GDPR”. On May 25, 2018, the European Union (EU) General Data Protection Regulation (GDPR) will take effect, marking the most significant change to European data privacy and security in over 20 years. Most multinational companies, and of course EU-based companies should be in the process of ensuring GDPR compliance by May 2018. But what about if you are a US-based company with no direct operations in the EU? Do you think you are free of the GDPR’s reach? Think again!

        In short, the GDPR aims to protect the “personal data” of EU citizens – including how the data is collected, stored, processed and destroyed. The meaning of “personal data” under the GDPR goes far beyond what you might expect considering how similar terms are defined in the U.S. Under the GDPR, “personal data” means information relating to an identified or identifiable natural person. A person can be identified from information such as name, ID number, location data, online identifier or other factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person. This even includes IP addresses, cookie strings, social media posts, online contacts and mobile device IDs.

        https://www.lexology.com/library/detail.aspx?g=3a02f14c-828b-47ba-bb91-cbddb41bbce3

        Misconception #1: ‘Legitimate interest‘ allows marketing uses of personal data without user consent. While there is a “legitimate interest” exception in GDPR, it is always weighed against personal data rights. Podnar said a company could, for instance, utilize data without consent under legitimate interest if it were under court order to do so, or if the data were needed to protect some vital interest like human rights, or if I needed your Social Security number after you’d already agreed to buy a car. But otherwise, consent is needed, and it’s not enough that a user has agreed to receive marketing info.

        Misconception #2: Small businesses are exempt. There is no exclusion under current GDPR for businesses with only a few employees. “GDPR doesn’t care” about your firm’s size, Podnar told me.

        https://martechtoday.com/9-misconceptions-gdpr-210436

        Peter Osborne, the director of London-*based gallery Osborne Samuel, says his main concern is how the gallery can use historic data after May: “Can we carry on selectively emailing and mailing our people or do we have to get their formal consent first? Slad think we should be OK; I do hope this is the case.” He fears that if the gallery has to contact everyone on its existing lists to get them to opt in, only a small percentage will respond and “the people we most want to contact (VIPs and top clients) are just the kind of time-poor people who may not reply.”

        Portals, aggregators, online auction platforms and the major auction houses appear to have been more active than the trade so far.

        https://www.theartnewspaper.com/news/ill-prepared-galleries-could-face-fines-under-looming-eu-data-law

        The big tech firms working on updates

        To prepare for GDPR, Microsoft made its Compliance Manager generally available for Azure, Office 365, and more apps in the public cloud.
        Microsoft is offering a Compliance Score for Office 365 customers and the general availability of Azure Information Protection scanner to address GDPR compliance.

        https://www.techrepublic.com/article/microsoft-365-adds-data-protection-tools-to-help-customers-remain-gdpr-compliant/

        More under https://www.eugdpr.org/

        #572581
        contumacious
        Default

            Wow. That is massive.

            I guess I will have to just block all sales to the EU on my website. The small number of sales to the EU don’t justify the work needed to implement the requirements.

            I am curious as to which party is the liable one for fines that might be levied against a site like Etsy if they don’t comply – the artist or the site owners, or both?

            #572582
            zardoz71
            Default

                Wow. That is massive.

                I guess I will have to just block all sales to the EU on my website. The small number of sales to the EU don’t justify the work needed to implement the requirements.

                I am curious as to which party is the liable one for fines that might be levied against a site like Etsy if they don’t comply – the artist or the site owners, or both?

                Depands where the issue is, there is more then one layer. As an example Etsy set cookies or stores the private data for the login process any error there would be the problem of the company and I am sure the know it because in the past the did have a few jobs open for a data protection officer.

                Etsy is seeking an experienced data protection, privacy & compliance professional to fill the role of Data Protection, Privacy & Compliance Officer. You will help build and oversee a data protection and privacy compliance program to ensure that Etsy handles personal data safely and responsibly and complies with all applicable data protection and privacy laws, including the EU General Data Protection Regulation (“GDPR”), oversight of international compliance regulations, and assisting teams with data security issues…..

                I am sure the reworking the “Privacy Policy” and “Terms of Use” in the next few month. Same goes for other sites like Squarespace for the websites the host.

                However if you use a Etsy store you have to follow the same GDPR law in May because you store data like the buyers name & address that would be personal data or if someone would hack your computer and stole data from e.g. your business accounting software you would follow the personal data breach notification rules that are listed in the GDPR.

                So if the privacy policy of Etsy would break the law I am sure the will get into problems very fast but I doub’t the will make a error in it, because big companys have usually good legal teams and do the homework if the work international.

                The problem is small business, depanding on your location, you could get faster into trouble. In Germany it’s a sport to issue warning letters to others in the same field if the breaking law because the competition regulations allow this and this can cost you a few hundred euros.

                Now the question is, if you are in the USA and have only a Ebay and Etsy shop and breaking the EU law will the come after you, well technically the could but don’t ask me what the chances are, but will you take the risk?

                Here is another link, this time from the UK Government: https://ico.org.uk/for-organisations/

                edit: Just one thought. I would read the new terms of services when the release it, not that the close shops that are in breach of the law because the could get fined for it…..

                #572583
                zardoz71
                Default

                    So after tomorrow the law will be in effect in 6 weeks on May 25. My own solution is, that I will simple outsource this and be done with it.

                    In case you need still more information. Katherine Tyrrell did gather some information about english resources for GDPR law that you can
                    find on her blog https://makingamark.blogspot.de/2018/03/10-things-artists-need-to-know-about-GDPR.html

                    Some sites that offer webspace did release some information like Squarespace: https://support.squarespace.com/hc/en-us/articles/360000851908-GDPR-and-Squarespace or Wix https://support.wix.com/en/article/general-data-protection-regulation-gdpr

                    Seller platforms like Etsy have updated the list for selling to EU Buyers: https://www.etsy.com/legal/policy/selling-to-eu-buyers/239965962014

                    If you have access to the FT (paywall) https://www.ft.com/content/f8fba768-2136-11e8-a895-1ba1f72c2c11 there is a interesting article how GDPR will effect the art world. I hope you still have a old filofax somewhere ;)

                    By now you can find daily articles/news that run circles around this topic like today https://www.washingtonpost.com/business/gdpr-or-why-privacy-will-be-stronger-in-eu-than-us-quicktake/2018/04/10/6690e9b0-3cca-11e8-955b-7d2e19b79966_story.html?noredirect=on

                    So I hope you are prepared for it.

                    #572584
                    Anonymous

                        Fascinating thread. Not a little disturbing.

                        #572580
                        Liz
                        Default

                            To me this sounds like they just want to go after the big guys like Facebook and Google.

                            My Art
                            --------------------

                          Viewing 6 posts - 1 through 6 (of 6 total)
                          • You must be logged in to reply to this topic.