From what I've heard, Germany has some very strong privacy laws. It keeps them from being able to use products that many others around the world can use. And I'm not talking about social media- it affects basic things like timekeeping software. And German workers expect that level of privacy; they don't think it's excessive.
While I'm all for privacy, when much of the rest of the world isn't like that, it makes it significantly harder to do business with other countries.
But, I actually think it wouldn't be a terrible thing if strict laws on privacy were enacted worldwide, as long as they had more benefit to people than annoyance and didn't significantly restrict personal freedom. There is too much data right now.
On the other hand, I'm tired of signing HIPAA forms, and the bureaucracy around it. I just wish that the legal system was more common sense. Maybe an amendment to the U.S. Constitution something to the effect of "Information about a citizen shall not be collected and stored against the will of the citizen." Then get rid of HIPAA, etc. and just let the citizen take businesses to court if they find that the business was responsible for out-of-control personal data collection. But, I'm sure there are valid reasons to get specific.
> From what I've heard, Germany has some very strong privacy laws. It keeps them from being able to use products that many others around the world can use.
> And I'm not talking about social media- it affects basic things like timekeeping software. And German workers expect that level of privacy; they don't think it's excessive.
Time tracking (Stechuhren) is commonplace, so I rather doubt this.
So I would really like to know what services are actually inhibited by these "very strong" privacy laws. The only related example that comes to mind would be Google Street View. Mind you, it wasn't forbidden or anything, Google just didn't feel like providing the necessary opt-out possibilities to residents.
> While I'm all for privacy, when much of the rest of the world isn't like that, it makes it significantly harder to do business with other countries.
And again I ask you to provide actual examples here.
Your post sounds heavily influenced by the public out speak of lobbyists in Germany who mainly work on behalf of data dealers and related companies. Actual industry isn't affected at all.
> Time tracking (Stechuhren) is commonplace, so I rather doubt this.
When trying to rollout a SAAS app in Germany that ties individuals to the time to track workflow and time they spent on individual tasks, it was pushed back on because it was "illegal". It was only used for auditing purposes; if there were a problem, auditing data would indicate who was involved so that we could have a talk with them to ensure the process could be changed if needed to avoid the problem in the future. But, the Germans said that tracking time like this could be used to track employees in a way or for a purpose that would break privacy laws/regulations.
Also, the HR software that we are using for time and attendance was not registered in Germany and had to go through several months of certification due to the laws there. I don't know how much of that is specifically due to privacy laws/regulations, though.
> When trying to rollout a SAAS app in Germany that ties individuals to the time to track workflow and time they spent on individual tasks, it was pushed back on because it was "illegal".
I doubt that this was the real reason, project and time management software with the same functionality is widespread. There is likely more to this. (I'm not saying you're not truthful, just that I don't think this was really the reason why it was pushed back by those that did).
It could be, for example, that the application due to it's SaaS nature did not fully comply with some regulations regarding safe harbour. These might have required the SaaS to be hosted in specific countries. Or management decided otherwise, or any other reason.
> When trying to rollout a SAAS app in Germany that ties individuals to the time to track workflow and time they spent on individual tasks, it was pushed back on because it was "illegal".
> I just wish that the legal system was more common sense.
I doubt that it's possible. Law is a bit complicated for a reason: it tries to be as specific, and as general, as possible. It abhors ambiguity, or unintended consequences.
Example:
> "Information about a citizen shall not be collected and stored against the will of the citizen."
Sounds great – and it's pretty much the law in Germany. But – as a business – how do you prove the citizen has agreed to you storing their information? Yeah: a form, or a EU cookie banner -> and we're back at square one.
> … how do you prove the citizen has agreed to you storing their information?
By having participated in an actual business transaction, which usually leaves an (electronic) paper trail.
Take note that simply visiting a website can not be interpreted as a business transaction. If anything this is accounted for as browsing the displays of a street vendor.
I was going to mention this but add the HIPAA includes other worth while regulations around reporting of breach in security etc.
I'm not 100% sure but I think the repeated signing of HIPPA is less the law and more the Doctor's office covering themselves legally. That is to say legally I think once is enough, but it's easier to just have the front office staff always ask instead of track who has signed one.
>> "Don't collect information without letting people control it."
That would be great for data clearing houses. Google would jump at that law. Such an approach places responsibility with the data subject. The individual becomes the defacto privacy officer. I rather see laws that places default limits on collection and use. I shouldn't have to supervise how Google collects and uses data about me. I'd rather them not be allowed to collect it without my permission... which I have no plan to give.
There has been an unspoken freedom of privacy for thousands of years. We could go in our caves or homes and protect them via a fist, rock, spear, or gun such that we could live alone outside of prying eyes.
Now when we go online or go shop in a store, we are partially losing the ability to live privately. Eventually, our government could put cameras everywhere in our home to ensure that we behave, and some could abuse that. To prevent that, we need to solidify that freedom of privacy, rather than continue to consider it a privilege.
I also think that we should allow the government some amount of freedom to protect us. However, there needs to be a line drawn that shouldn't be crossed whether it's Target, the F.B.I., or an individual, and I think we should all be aware of data collection.
> Eventually, our government could put cameras everywhere in our home
I actually don't think that the government will have to do this, because as consumers we do it already for them:
Have a notebook in your house? Nice, your camera may already be watching you and the mic listening to you.
Have a mobile phone? Nice, you are now under surveillance 24 hours a day. The 2 cameras can see, the mic (and now apparently even the speaker) can listen, your location is 100% tracked, the gyro can let hackers know via your current vibration profile if you're in a bus, train or car, etc.
All this could be partially prevented by hardware switches for each sensor. Are we consumers out on the street fighting against this and/or voting with our $$$ to prevent the loss of privacy?
>All this could be partially prevented by hardware switches for each sensor.
Do you know of anyone besides Bunnie Huang who is working on a project like this or something similar? Bunnie's concept is kind of similar with a hardware intercept on the device.
> All this could be partially prevented by hardware switches for each sensor.
A few easy hacks for best-effort protection without destroying your hardware are a piece of tape over the camera and setting your sound input to something quiet, like Soundflower in macOS or one of these for Windows or Linux: http://alternativeto.net/software/soundflower/
>we need to solidify that freedom of privacy, rather than continue to consider it a privilege.
When I posted that, I actually saw it the other way around: privacy as a principle, and riches as privilege.
>I also think that we should allow the government some amount of freedom to protect us
I agree. I'm lean a little bit libertarian, but even a staunch libertarian holds this belief. Actually that's kind of the point, that government's main purpose is to protect the people and enforce the rule of law. There's some argument right now that government in America is not upholding that obligation (for example, laws are applied unequally depending on race and income, police overstepping their authority and police brutality, etc.).
One of the most interesting German privacy protections that I've come across is the decentralisation of residential registration records.
By law, every citizen is required to register where they live at the Stadtamt (town hall records office).
Each Bundesland (state) holds its own records. If someone moves between states, the records must be securely and electronically transferred. They cannot be held in two states simultaneously.
While I'm all for privacy, when much of the rest of the world isn't like that, it makes it significantly harder to do business with other countries.
But, I actually think it wouldn't be a terrible thing if strict laws on privacy were enacted worldwide, as long as they had more benefit to people than annoyance and didn't significantly restrict personal freedom. There is too much data right now.
On the other hand, I'm tired of signing HIPAA forms, and the bureaucracy around it. I just wish that the legal system was more common sense. Maybe an amendment to the U.S. Constitution something to the effect of "Information about a citizen shall not be collected and stored against the will of the citizen." Then get rid of HIPAA, etc. and just let the citizen take businesses to court if they find that the business was responsible for out-of-control personal data collection. But, I'm sure there are valid reasons to get specific.