Comments

I totally agree with the last line "do with others’ data as you would have others do with your own private data." and would add to that family and friends as on both side of the pond, there will be an increased focus on "youth" and how data might harm our next generations.

I would however like to draw a word of caution regarding using the UK as a test market: UK legislation is based on common law, which is not the same system as other European countries. The very long discussion about how the ePrivacy Directive has been transposed in the UK is a good reminder of that. Today, what might be ok for the Information Commissioner's Office, the ICO, might not fly with French CNIL or Spanish AEPD. The European Data Protection Regulation is coming (end of 2015 or beginning of 2016) and let's see how homogeneous it is across countries.

Having said that and as a convinced European (yes, I know, naïve!), I find US legislation just as confusing with sectorial, and on top of that, federal vs. state based legislation. The very definition of PII for starters varies per state.

While the legislators figure it out, let's just focus as you also mention on our customers and their expectations of Privacy. More should clearly be done in terms of understanding and education, while we all hedge for current and future data risks.

My basis line is usually the Fair Information Practice Principles (FIPPs), on top of now also the 7 Privacy by Design principles. And then drill down per country to determine risk and act accordingly.

Pan European not for profit &/or consumer associations might be a good idea as well: to foster united and unified voices, making this kind of initiative slightly more ... efficient and representative?

Dutch government may appeal, see http://www.rijksoverheid.nl/ministeries/venj/nieuws/2015/03/11/reactie-van-het-ministerie-van-veiligheid-en-justitie-op-het-vonnis-van-de-kortgedingrechter-inzake-de-bewaarplicht.html. To be continued

Isn't Jimmy Wales, founder of Wikipedia, also part of some Google expert group, touring Europe to fight against the bad, bad, bad, bad, bad RTBF ruling by the ECJ? see https://www.google.com/advisorycouncil/

It all comes back in waves, doesn't it?

the Cookie Directive was utterly stupid as I recall some 9 years ago now yet it did bring us to reflect upon what tools we are actually use to optimize the digital & mobile experiences and how we're sharing this data with 3rd parties.

Is the ECJ ruling perfect? of course not and dust will slowly but surely settle at some point. In the mean time, the PR battles continue