What happens next - do patents and copyrights have owner’s right to be forgotten?
If so, then who do you sue for stealing your copyright?
The intent is good - let me be clear about that. But the implementation is having second order affects that are going to f* with things in a big way because it wasn’t thought through as thoroughly as it should have been. *
* Key thought here is that it might be extremely difficult to think through all the second order effects, which suggests to me that a better phase in process should have been implemented.
EDIT - Not sure why this is being voted down. If i’m Not clear here, then please see my follow-on comment for (hopefully) a more clear view of my position. I’m not saying Whois is stupid - I’m saying GDPR is (due to the lack of thinking around second-order effects).
I don't understand how any of those are remotely related to whois being removed. It's not like it represented anyone that could feasibly be sued before, just a whoisguard service, usually
WHOIS will not be permanently offline, it will be temporarily offline while the ICANN and others work out how to give access to people who have legitimate interest in the data, ie people looking for a legal contact, sysadmins looking to notify someone, registrars themselves, etc.
I don't think the US patent database will go offline, the EU one might hide personal information like name and address unless you request access under legitimate interest.
> how to give access to people who have legitimate interest in the data, ie people looking for a legal contact, sysadmins looking to notify someone, registrars themselves, etc.
That is, anyone but the public. Oh, EU, you've done it again.
Not a lawyer, but I don't think it will affect these kinds of sites. The personal information collected in patents is collected due to government regulation. This is one of the lawful bases for using the data. The data is public information (as a result of that regulation). Affected people will have to be notified when creating a patent that their information will be used in that way -- something I think patent offices already do.
There are lots things that fall under that category, but I haven't really looked into it deeply because in my work we don't have any data collected due to government regulations.
If so, then who do you sue for stealing your copyright?
I don't even understand the question. Why would anyone "stealing" your copyright or patent register themselves in those databases? The purpose of those databases is to let the legitimate inventor/author inform everyone else that they "own" the thing, not to catch infringers.
Yikes - I worded that poorly! What I’m trying to say is that now proving ownership of something is more expensive. I can’t just say, “here’s the link to my patent” because no names will be attached.
So somebody’s random claim would look just as real as mine.
Sure, lawyers will have access to this, but now you have to talk with a lawyer to see if that job candidate really does own the patent.
The GDPR doesn't have a blanket ban on publishing personal data! The problem with the WHOIS database is that it's forced upon individuals. The EU has no problem with a WHOIS database that allows people to freely opt-in to publish their data (Whois "privacy" services don't count - privacy must be the default, and you certainly can't be forced to pay for it).
The reason the database is going dark is that ICANN has completely bungled this process, failing to address the GDPR in time (it was adopted two years ago!), and so now they have no choice but to take it down until they can fix it. And it might be that the future WHOIS database won't let you publish data, but that's ICANN's decision, not the EU's.
So to take it to the patent database, all that means is that the patent database must ask consent from the patent author and owner (assuming it's an individual) to show their personal data.
--
But let's assume they actually couldn't show names at all (which, again, is not the case). All you'd have to do with to get a (digitally signed) certificate from the patent office saying that you're the author, and then you'd send a copy of that to whoever you want. Hardly a terrible thing.
As a one-off, no, it's not terrible. But factor in the millions of little things, and all the time spent by all those people, and this ends up being a big waste.
I'll say it again - people are underestimating the unintended consequences. And I believe they are severely underestimating it as well.
And with state-sanctioned things like patents, the creator or rights-holder being published could always be a legal requirement (not sure if it is, wouldn't surprise me though)
The GDPR was proposed in 2012 and has been heavily discussed since then. It was adopted in 2016 and as of 25 May 2018 will be enforceable.
Anyone who uses the data of EU citizens should have known about it. They certainly had plenty of time to consider the effects of it on their own operations.
ICANN is a US company. Technically, the rules don’t apply to them, because it is an EU law, not a global one.
However, the maliciousness that the EU is proposing to go after any company, whether they operate in the EU or not, is going to break things in ways they have not thought of.
So regardless of how long ago it came out (and trust me, 2 years is nothing for dealing with something like this), it still wasn’t well thought thru.
For what it’s worth, this law affects my company, as we have clients that are EU citizens. But only those that live in the US with a social security number. (I work in finance). My company has one office with just a few people. I never heard about GDPR until earlier this year. So my question is what happens if someone files a GDPR issue with my company? My clients information is available all over the world via login to our staff. We travel to various places. So what happens now? Some law in a place I’ve not been in a decade (exempting EU-controlled islands in the Caribbean) has just put my company in a strange legal position. Am I going to spend tens of thousands of dollars with lawyers and consultants to figure it out? No. Why? Because it would put me out of business. Plus, as a financial company, I have a requirement for saving information for 7 years. All data? Hard to say, as the IS law leaves that discretion to my company (as it should be).
So this law was horribly thought thru. I’ll probably get downvotes for this, but wait a couple years and see how crazy fines affect companies large and small for innocent issues, and I’ll be proven right.
If the laws didn't apply to them, they would just ignore them. The fact that they haven't proves otherwise.
The GDPR has been discussed for well over 2 years. It came out in 2012. Before then, it was being discussed publicly. Its predecessor, the Data Protection Directive, has been around for a long time.
You really have no justification for calling it horribly thought through. Laws like this don't appear overnight and without wide consultation. In any case, if the requirement was to apply the law out every scenario before implementing it, pretty much no law would ever be implemented.
The aim of the GDPR is to make organisations treat personal information properly, not to penalise them for every little infringement. I very much doubt there will be enough capacity to deal with every minor offence; it's more likely that large companies or those with many complaints against them will be the first targets.
Ultimately, if you're not sure about something, you most likely aren't the only one. Things will become clearer as regulations and guidelines appear, and the first complaints are dealt with. If you believe you're behaving fairly, you're probably fine or at least that's something you can argue.
> However, the maliciousness that the EU is proposing to go after any company, whether they operate in the EU or not, is going to break things in ways they have not thought of.
Hmm, so you're saying the US doesn't do anything like this? DCMA, FBAR & FATCA, etc, etc.
The only reason Americans are complaining about this one is that they're the ones having to comply with a very sane law. Or because they haven't read it, and have no fucking clue how it or privacy works.
> are EU citizens. But only those that live in the US with a social security number. [...] So my question is what happens if someone files a GDPR issue with my company?
Read the GDPR. Only companies outside the EU that specifically go after EU residents are in scope. It has nothing to do with e.g. EU nationals residing abroad.
So enough of this "woe is us" bollocks. It happens every post about GDPR, and I'm sick of the FUD tactics.
Not a FUD tactic on my part, so please don't put "woe is me" on me.
For what it's worth, FATCA, DCMA , et al really suck too, and I think those have terrible unintended consequences. But this post was about GDPR because that's what the topic of the oringinal post is.
And no, I'm not complaining about it - I'm saying it's poorly implemented.
And before you go off on Americans having to comply with a law OUTSIDE OUR JURISDICTION, how about we hold all of our crappy laws over your head. And fine you 4% of revenues for one of our bullshit laws? You wouldn't like it either, WHICH IS MY POINT - it's a poorly implemented law.
My company has a (damn good) privacy policy. We take privacy very seriously. But fuck all if some other country wants to put a regulation on MY interaction with someone from their country in my hometown. (And I have the same opinion if the US wants to regulate some American doing something in another country - the US should fuck-off then as well).
You seem super supportive of this law, but what will your position be when China "improves" their Social Credit system to require anybody in any country who deals with a Chinese national to report their information/conversation/etc to the Chinese govt within 24 hours of gathering the data? Will you support that because the Chinese have the noble goal of social stability? Or will you decide that in this particular case, and because you don't like their extra-territorial law, that "they can't do it." ?
I have no intention of reading the GDPR because IT'S NOT MY LAW ! Does that not resonate with you? I don't expect you to read the DMCA, FATCA, Patriot Act, etc, so why do you expect me to read yours? It has nothing to do with me (except for those unintended consequences that I'm trying to explain above).
For what it's worth, FATCA, DCMA , et al really suck too, and I think those have terrible unintended consequences. But this post was about GDPR because that's what the topic of the oringinal post is.
And before you go off on Americans having to comply with a law OUTSIDE OUR JURISDICTION, how about we hold all of our crappy laws over your head. And fine you 4% of revenues for one of our bullshit laws?
Kind of hard to reconcile those two positions, given that the former is just a perfect example of the latter.
You need to reread my post. Those two comments are perfectly in line.
My point is that GDPR sucks (as does DMCA, etc). Extra-territorial laws have wide ranging unintended consequences, and hence should be avoided. That's why we have treaties.
What happens next - do patents and copyrights have owner’s right to be forgotten?
If so, then who do you sue for stealing your copyright?
The intent is good - let me be clear about that. But the implementation is having second order affects that are going to f* with things in a big way because it wasn’t thought through as thoroughly as it should have been. *
* Key thought here is that it might be extremely difficult to think through all the second order effects, which suggests to me that a better phase in process should have been implemented.
EDIT - Not sure why this is being voted down. If i’m Not clear here, then please see my follow-on comment for (hopefully) a more clear view of my position. I’m not saying Whois is stupid - I’m saying GDPR is (due to the lack of thinking around second-order effects).