GDPR

Several weeks, ago, Austria declared Google Analytics to be non-compliant with its data protection legislation.

Now France has followed suit.

This is just silly. We own dozens of domain names and we manage a handful for friends and family because it's convenient, we can include them on our data protection system and deal with domain admin within our own processes rather than them have to do it. As a result, we get a lot of correspondence from domain hosts and domain registrars, especially as we are moving all the domains and websites, in batches, from one unsatisfactory host to a far better one. In addition, we also get notices from ICANN which really hasn't got a grip on this GDPR thing at all.

On 5th July 2018, a UK company, Gin Festival Limited, went into administration and its website www.ginfestival.com was taken down .. So, what's this, then...?

The UK's Information Commissioner's Office has ordered Facebook to pay a penalty (it's not a fine because there has been no criminal prosecution and only the Crown, via the Criminal Courts, can levy fines) of GBP500,000. The amount will not trouble Facebook - it's less than the annual tax the company doesn't pay the UK as a result of its cross-border arrangements. But the principle should send shock waves through the raft of American companies that operate in Europe and think they can do as they please. Four letters are at the heart of the grenade that the ICO just sent across the pond: GDPR. The next fine will hurt - and it will hurt over and over again.

It hasn't taken long. The General Data Protection Regulation came into force across the EU only on Friday. By Sunday evening, "Dejan Marinkovic" of "The Resort Group Global" had, apparently, decided that the way around it is simple: just put the name of the company in the body of the e-mail and, thereby, establishing that, as business correspondence, the mail fell outside the GDPR. His premise? That, if the addressee (who, incidentally, is personally identifiable from the e-mail address) clicks on a link, there will be benefits. But then it becomes even more strange.

The European General Data Protection Regulation is a fantastically complex piece of legislation but it is not an "Act" or, as Acts are called in the EU, a Directive.

It has been brought into law across the EU (and beyond) and will come into force on 25th May 2018.

Most importantly, it proves how domestic law in member states can be written by Europe outside the democratic process.

On several occasions recently, our filters have picked up e-mail from a company promoting itself as "5mins" and, as is common, offering directory services. But this one is a little different. No matter what, the target is in a lose-lose situation, which is odd because on so many levels, the mail appears to be acting both properly and legally. But there is just enough that isn't right to raise suspicions - and the UK's Information Commissioner's Office, which is responsible for the implementation of the new GPDR regime and is already having a hard time handling the scaremongering that's almost as bad as Y2K.