Picking Apart the EU’s Right to Be Forgotten

Posted by on Sep 11, 2013

International enterprises that rely on European businesses are stuck in a sticky situation. As the Continent turns towards debating digital privacy rights in the wake of the NSA PRISM program leaks, conflicting opinions on how to protect users have left the European Union in a messy hodgepodge of pending legislation. If enacted, such governmental legal protections might make some users more relaxed about using online services, but they still don’t offer true protection from hacking and legal snooping. The only way for enterprises to navigate this murky legal territory is to proactively guard their data, rather than relying on potential legislation. For enterprises of all sizes, SpiderOak Blue offers a range of flexible secure cloud services, from storage to infrastructure.

EU Parliament

The European Union is anything but united when it comes to what should be done regarding citizen digital privacy rights. One MEP had harsh words for America’s violation of international law in spying on the UN (as revealed through the PRISM leaks). MEP Amelia Andersdotter of the Swedish Pirate Party recently said, “I hope that they [EU nations] will have the courage to react very strongly against these revelations because ultimately damaging to the trust free market in the world that the United States is acting like this.” In reaction to such concerns, European nations and businesses are pushing for diverse solutions to the problem of digital privacy rights. One potential solution is in new EU regulations that require ISPs and telecom services to notify the government within a day of detecting a data breach. According to Ross Brewer, vice president of international markets at LogRhythm, “The barrage of data breaches that we are seeing points to an urgent need for organizations to up the ante on data protection. When these regulations were first discussed following the EC’s draft proposals in 2012, many people considered the suggested penalties and timeframes too severe. Perhaps those organizations should have seen this as a warning, and used the last 12 months to really get their ducks – or cyber defenses – in a row. Unfortunately, it seems that this did not happen.”

MEP Amelia Andersdotter

Enterprises that operate in Europe should know that strict financial penalties await those companies that refuse to cooperate with the new disclosure law. According to LogRhythm’s Ross Brewer, “As with any ongoing crisis, there comes a time when less talk and more action is needed – and it may be the case that this impending regulation will be the final call to action for those organizations still lagging behind with lax security policies, Given the well-documented sophistication and readiness of today’s cybercriminals, organizations can no longer sit idly and assume that they are immune to attack. As the risk of reputational damage and customer churn clearly aren’t persuasive enough, maybe the threat of severe, perhaps debilitating, financial penalties will do the trick. While the new regulations are fairly limited at the moment, it is only a matter of time before a universal set of rules is not just proposed, but enforced.”

Unfortunately, there still is no universal standard that enterprises can rely on. Instead, international corporations must navigate different laws that require differing levels of security and disclosure, creating the confused legal mess that many enterprises find themselves in today.

Ross Brewer of LogRhythm

Pending legislation that would enact strict new protections for EU citizen data has recently been stalled in the EU parliament until October, leaving no safeguards in place from continued programs like PRISM. Called, the Data Protection Regulation, this proposal was introduced in 2012 with the addition of a Right to Be Forgotten clause. The bill is currently being debated as some elements have raised concerns over the potential for abuse through censorship. European Union member states currently each adopt some version of a 1995 bill that protects data and online privacy. But without being updated to take into account international citizen espionage programs like PRISM, this outdated legislation does little to actually keep EU nations safe.

Staying Safe With SpiderOak

For most enterprises, finding a truly protected third party cloud service can be a challenge as many “secure” services on the market have security gaps that leave sensitive corporate and customer data wide open to third party attacks, leaks, or hacking. One cloud storage and sync service that sets itself apart from the rest of the market is SpiderOak Blue. This service provides enterprises with fully private cloud storage and syncing, featuring all of the benefits of the cloud along with 100% data privacy. SpiderOak is available with onsite deployment and private servers or outsourced deployment through a private and secured public cloud server, so that businesses can tailor the service to fit their needs.

SpiderOak Blue protects sensitive corporate data with strong encryption so that files and passwords stay private. Authorized accounts and network devices can store and sync sensitive data with complete privacy, because this cloud service has absolutely “zero-knowledge” of user passwords or data. And all plaintext encryption keys are exclusively stored on approved devices because SpiderOak never hosts any plaintext data whatsoever. This way, even if programs like NSA’s PRISM continue to stand unchallenged, enterprises can rest easy knowing that their data is truly protected while earning diehard customer loyalty. SpiderOak’s cross-platform private cloud services are available for enterprises on Windows, Mac, and Linux platforms, along with Android and iOS mobile devices, allowing for full flexibility and enabling a mobile workforce.

Leave a Reply