WetCanvas
Home Member Services Content Areas Tools Info Center WC Partners Shop Help
Channels:
Search for:
in:

Welcome to the WetCanvas forums. You are currently viewing our boards as a guest which gives you limited access to view most discussions, articles and access our other FREE features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload your own photos and access many other special features. Registration is fast, simple and absolutely free so please, join our community today!

If you have any problems with the registration process or your account login, please visit our help center.

Go Back   WetCanvas > The Art Business Center > General Art Business > Legal Corner
User Name
Password
Register Mark Forums Read

Salute to our Partners
WC! Sponsors

Our Sponsors
Reply  
 
Thread Tools Display Modes
  #1   Report Bad Post  
Old 02-25-2018, 07:54 AM
zardoz71 zardoz71 is offline
Member
 
Join Date: Jan 2017
Posts: 92
 
Hails from Germany
On May,General Data Protection Regulation (GDPR) a EU law will take effect worldwide

Well I am in the process to redesign my webpage and that seems the right time to read into all the new regulations that this new law GDPR or DSGVO how we call it in Germany will unleash on us at May 25, 2018. This is a EU law that will effect anyone that does business and/or store data with EU citizens and it dosen't matter if you are in the US or elsewhere in the world.

So even if you don't sell any kind of paintings to the EU and that moment where your webpage store data like via cookies, use google analytics or send out newsletters you need to follow some rules and considering this law is not toothless, because you can get fines up to 20 million € or 4% annual global turnover, it's a good idea to follow it.

So if you are in the EU it's time to work on it and if you are outside you should do the same because even if you are not an easy target(I count on it that Germany lawyers will go after Germans first ), nobody likes to get e.g. the Paypal account frozen just because you have never heard about this and breached some EU law in California.

For more indeepth read more articles e.g.

Quote:
Of course, an EU-based company or multinational corporation that does business in the EU is, we hope, well on the way to complying with the GDPR. But what about U.S. companies that have no direct business operations in any one of the 28 member states of the European Union. They have nothing to worry about, right?

Not true.

Any U.S. company that has a Web presence (and who doesn’t?) and markets their products over the Web will have some homework to do.

https://www.forbes.com/sites/forbest.../#2905142f6ff2

Quote:
If you’ve been following the headlines, you know that a day doesn’t pass without a reference to the “GDPR”. On May 25, 2018, the European Union (EU) General Data Protection Regulation (GDPR) will take effect, marking the most significant change to European data privacy and security in over 20 years. Most multinational companies, and of course EU-based companies should be in the process of ensuring GDPR compliance by May 2018. But what about if you are a US-based company with no direct operations in the EU? Do you think you are free of the GDPR’s reach? Think again!

In short, the GDPR aims to protect the “personal data” of EU citizens – including how the data is collected, stored, processed and destroyed. The meaning of “personal data” under the GDPR goes far beyond what you might expect considering how similar terms are defined in the U.S. Under the GDPR, “personal data” means information relating to an identified or identifiable natural person. A person can be identified from information such as name, ID number, location data, online identifier or other factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person. This even includes IP addresses, cookie strings, social media posts, online contacts and mobile device IDs.

https://www.lexology.com/library/det...1-cbddb41bbce3

Quote:
Misconception #1: ‘Legitimate interest‘ allows marketing uses of personal data without user consent. While there is a “legitimate interest” exception in GDPR, it is always weighed against personal data rights. Podnar said a company could, for instance, utilize data without consent under legitimate interest if it were under court order to do so, or if the data were needed to protect some vital interest like human rights, or if I needed your Social Security number after you’d already agreed to buy a car. But otherwise, consent is needed, and it’s not enough that a user has agreed to receive marketing info.

Misconception #2: Small businesses are exempt. There is no exclusion under current GDPR for businesses with only a few employees. “GDPR doesn’t care” about your firm’s size, Podnar told me.
https://martechtoday.com/9-misconceptions-gdpr-210436


Quote:
Peter Osborne, the director of London-*based gallery Osborne Samuel, says his main concern is how the gallery can use historic data after May: “Can we carry on selectively emailing and mailing our people or do we have to get their formal consent first? Slad think we should be OK; I do hope this is the case.” He fears that if the gallery has to contact everyone on its existing lists to get them to opt in, only a small percentage will respond and “the people we most want to contact (VIPs and top clients) are just the kind of time-poor people who may not reply.”

Portals, aggregators, online auction platforms and the major auction houses appear to have been more active than the trade so far.

https://www.theartnewspaper.com/news...ng-eu-data-law



The big tech firms working on updates

Quote:
To prepare for GDPR, Microsoft made its Compliance Manager generally available for Azure, Office 365, and more apps in the public cloud.
Microsoft is offering a Compliance Score for Office 365 customers and the general availability of Azure Information Protection scanner to address GDPR compliance.

https://www.techrepublic.com/article...dpr-compliant/


More under https://www.eugdpr.org/
Reply With Quote
  #2   Report Bad Post  
Old 02-27-2018, 03:59 PM
contumacious contumacious is offline
Lord of the Arts
 
Join Date: Dec 2016
Posts: 2,084
 
Re: On May,General Data Protection Regulation (GDPR) a EU law will take effect worldwide

Wow. That is massive.

I guess I will have to just block all sales to the EU on my website. The small number of sales to the EU don't justify the work needed to implement the requirements.

I am curious as to which party is the liable one for fines that might be levied against a site like Etsy if they don't comply - the artist or the site owners, or both?
Reply With Quote
  #3   Report Bad Post  
Old 02-28-2018, 05:21 AM
zardoz71 zardoz71 is offline
Member
 
Join Date: Jan 2017
Posts: 92
 
Hails from Germany
Re: On May,General Data Protection Regulation (GDPR) a EU law will take effect worldwide

Quote:
Originally Posted by contumacious
Wow. That is massive.

I guess I will have to just block all sales to the EU on my website. The small number of sales to the EU don't justify the work needed to implement the requirements.

I am curious as to which party is the liable one for fines that might be levied against a site like Etsy if they don't comply - the artist or the site owners, or both?

Depands where the issue is, there is more then one layer. As an example Etsy set cookies or stores the private data for the login process any error there would be the problem of the company and I am sure the know it because in the past the did have a few jobs open for a data protection officer.

Quote:
Etsy is seeking an experienced data protection, privacy & compliance professional to fill the role of Data Protection, Privacy & Compliance Officer. You will help build and oversee a data protection and privacy compliance program to ensure that Etsy handles personal data safely and responsibly and complies with all applicable data protection and privacy laws, including the EU General Data Protection Regulation (“GDPR”), oversight of international compliance regulations, and assisting teams with data security issues.....

I am sure the reworking the "Privacy Policy" and "Terms of Use" in the next few month. Same goes for other sites like Squarespace for the websites the host.


However if you use a Etsy store you have to follow the same GDPR law in May because you store data like the buyers name & address that would be personal data or if someone would hack your computer and stole data from e.g. your business accounting software you would follow the personal data breach notification rules that are listed in the GDPR.

So if the privacy policy of Etsy would break the law I am sure the will get into problems very fast but I doub't the will make a error in it, because big companys have usually good legal teams and do the homework if the work international.

The problem is small business, depanding on your location, you could get faster into trouble. In Germany it's a sport to issue warning letters to others in the same field if the breaking law because the competition regulations allow this and this can cost you a few hundred euros.

Now the question is, if you are in the USA and have only a Ebay and Etsy shop and breaking the EU law will the come after you, well technically the could but don't ask me what the chances are, but will you take the risk?



Here is another link, this time from the UK Government: https://ico.org.uk/for-organisations/

edit: Just one thought. I would read the new terms of services when the release it, not that the close shops that are in breach of the law because the could get fined for it.....

Last edited by zardoz71 : 02-28-2018 at 05:36 AM.
Reply With Quote
  #4   Report Bad Post  
Old 04-12-2018, 08:52 AM
zardoz71 zardoz71 is offline
Member
 
Join Date: Jan 2017
Posts: 92
 
Hails from Germany
Re: On May,General Data Protection Regulation (GDPR) a EU law will take effect worldwide

So after tomorrow the law will be in effect in 6 weeks on May 25. My own solution is, that I will simple outsource this and be done with it.


In case you need still more information. Katherine Tyrrell did gather some information about english resources for GDPR law that you can
find on her blog https://makingamark.blogspot.de/2018...bout-GDPR.html


Some sites that offer webspace did release some information like Squarespace: https://support.squarespace.com/hc/e...nd-Squarespace or Wix https://support.wix.com/en/article/g...egulation-gdpr

Seller platforms like Etsy have updated the list for selling to EU Buyers: https://www.etsy.com/legal/policy/se...s/239965962014



If you have access to the FT (paywall) https://www.ft.com/content/f8fba768-...5-1ba1f72c2c11 there is a interesting article how GDPR will effect the art world. I hope you still have a old filofax somewhere


By now you can find daily articles/news that run circles around this topic like today https://www.washingtonpost.com/busin...?noredirect=on


So I hope you are prepared for it.
Reply With Quote
  #5   Report Bad Post  
Old 06-04-2018, 06:13 AM
SowegaPainter's Avatar
SowegaPainter SowegaPainter is offline
Senior Member
 
Join Date: Dec 2017
Posts: 143
 
Hails from United States
Re: On May,General Data Protection Regulation (GDPR) a EU law will take effect worldwide

Fascinating thread. Not a little disturbing.
Reply With Quote
  #6   Report Bad Post  
Old 06-04-2018, 03:56 PM
webart webart is offline
Veteran Member
 
Join Date: Dec 2007
Posts: 792
 
Re: On May,General Data Protection Regulation (GDPR) a EU law will take effect worldwide

To me this sounds like they just want to go after the big guys like Facebook and Google.
__________________
www.StyleArtc.com
--------------------

Reply With Quote

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -4. The time now is 02:17 PM.


© 2014 F+W All rights reserved.