
Euro MPs back end-to-end encryption for all citizens - jkaljundi
http://www.bbc.com/news/technology-40326544
======
sctb
Previous discussion:
[https://news.ycombinator.com/item?id=14577828](https://news.ycombinator.com/item?id=14577828).

------
CyberThijs
Another big recent achievement of the European Parliament is the "General Data
Protection Regulation" (GDPR) [1], which comes into effect in May 2018 and
stipulates that companies can be fined up to 4% of their _worldwide turnover_
when they fail to protect/process the data of EU-based customers in a proper
manner.

For example: say that LinkedIn was to experience a new data breach, and they
fail to inform the authorities or their customers in time, then they can be
fined for up to 120 million USD (based on a revenue of 5 billion USD)!

I'm surprised that it's so little known here, as the impact will be massive.

[1]
[https://en.wikipedia.org/wiki/General_Data_Protection_Regula...](https://en.wikipedia.org/wiki/General_Data_Protection_Regulation)

~~~
halflings
Yep, and it does much more than that: it forces companies to _actually_
wipeout your data when you ask them to (not just flip some bit and still keep
that data, like facebook infamously does), and also set strict TTLs (Time To
Live) for any derivative data that the user cannot explicitly delete.

~~~
3pt14159
How do I follow conflicting laws? One country says "keep all data for 90 days
to aid law enforcement" the other says "delete it immediately" which is it?

~~~
kbart
_" How do I follow conflicting laws? One country says "keep all data for 90
days to aid law enforcement" the other says "delete it immediately" which is
it?"_

GDPR is EU wide regulation that trumps national privacy laws. It doesn't even
need to be approved by individual members, so when it goes into effect on 25
May 2018, it will be working EU-wide on the same day. Furthermore, it affects
companies _all over the world_ that serves EU citizens. There's much
skepticism on how EU will enforce this law worldwide, but for now it was quite
successful dealing with big companies, remember: Microsoft vs EU (paid €561
million fine), multiple cases of Google vs EU (right to be forgotten, Ireland
tax rulling, ongoing case vs Android), Facebook/WhatsApp vs EU (€110 million
fine) etc. To answer your question: no, there will be no conflicting laws - if
you serve EU citizens, you _must_ follow GDPR. From my personal perspective,
GDPR is one of those not-so-often moments that I'm proud of EU.

~~~
wav-part
> _Furthermore, it affects companies all over the world that serves EU
> citizens._

No gdpr applies if companies _target_ EU citizens [1][2]. My personal opinion
of the law is that its as useless as cookie law but way more costly and
unpredictable.

[1] (122), Pg 22,
[https://docs.google.com/viewer?url=http%3A%2F%2Fec.europa.eu...](https://docs.google.com/viewer?url=http%3A%2F%2Fec.europa.eu%2Fjustice%2Fdata-
protection%2Freform%2Ffiles%2Fregulation_oj_en.pdf)

[2] Pg 13,
[https://docs.google.com/viewer?url=http%3A%2F%2Fwww.linklate...](https://docs.google.com/viewer?url=http%3A%2F%2Fwww.linklaters.com%2Fpdfs%2Fmkt%2Flondon%2FTMT_DATA_Protection_Survival_Guide_Singles.pdf)

 _The mere accessibility of your website by individuals in the Union or use of
the languages of one of the Member States in the Union (if the same as the
language of your home state) should not by itself make you subject to the
Regulation. However, the following factors are a strong indication that you
are offering goods or services to individuals in the Union and so are subject
to the Regulation:_

 _> Language - You are using the language of a Member State and that language
is not relevant to customers in your home state (e.g. the use of Hungarian by
a US website)._

 _> Currency - You are using the currency of a Member State, and that currency
is not generally used in your home state (e.g. showing prices in Euros)._

 _> Domain name - Your website has a top level domain name of a Member State
(e.g. use of the .de top level domain)._

 _> Delivery to the Union - You will deliver your physical goods to a Member
State (e.g. sending products to a postal address in Spain)._

 _> Reference to citizens - You use references to individuals in a Member
State to promote your goods and services (e.g. if your website talks about
Swedish customers who use your products)._

 _> Customer base - You have a large proportion of customers based in the
Union._

 _> Targeted advertising - You are targeting advertising at individuals in a
Member State (e.g. paying for adverts in a newspaper)._

~~~
halflings
All the big (and smaller) players in tech are working hard to implement all
the requirements of this law (control over what data is stored, TTLs,
encryption).

How is this useless for end-users? It forces companies to encrypt this data at
rest, and allow users to delete it when they want.

------
drdaeman
Careful with this stuff. It looks nice, but it may bite.

The "states shall not impose any obligations" is a great thing, but "shall
ensure that ... guaranteed ..." isn't so much. Your Parliament basically tells
you how to write your software, and while this particular cause may be good[1]
- the general concept isn't healthy.

Granting governing bodies this level of control... that must require
exceptional levels of trust in those bodies and _all_ future ones that could
be their successors. I'd argue that it's better to have the very contrary
thing - a ruling that no governing body may ever dictate how one can secure
their communications and how they can't (or, in more general terms - how one
can write their software). Oh, and keep the "states shall not impose" clause,
of course.

Yes, that leaves data-miners with their messengers still vulnerable, but I
think it's less important than a general non-interference principle. And I'm
for having fines for calling non-E2E messengers "secure" if the wording may
confuse user into thinking it's E2E - that's basically misadvertising. The
issue is information gap and "clever" marketing - fix that and things will be
good.

_____

[1] It may be a problem for early prototypes, if they had started with UI/UX
and a simple insecure "TCP socket server"-level stub for the messaging layer.
Mandatory implementations are always a barrier.

~~~
splintercell
But isn't this the same issue with Net Neutrality regulations? We're asking
the state to enforce net neutrality, but it opens a can of worms. Tomorrow it
would be "all data should be treated equally, except for govt data which
should be prioritized above all." "All data should be treated equally, except
for terrorist data, which should be prioritized/blocked".

~~~
drdaeman
It is. And this is controversial statement but I'm really not sure how I feel
about Net Neutrality.

Where I'm from (Russia), we had (and still have, to a some extent) a lot of
competition in ISP space. This had happened just because government weren't
particularly looking at that direction at the time (90s and early 2000s).

If one ISP did some weird stuff that upset customers, the market had actually
worked and they lost profits, making them reconsider. This may sound weird,
but that really was like that - "power" users were vocal, and word of mouth
did spread fast. And absence of NN allowed ISPs to do things that were
actually beneficial to the customers, like routing specific traffic
differently so e.g. gaming would be smoother and files would download faster.
Just because content customers meant good reputation - a stable userbase with
steady growth. So I don't believe NN is a good idea if the market's right. It
only makes sense if it's bad, with a few giant telcos and no competition.

[Edit: ignore this paragraph, please. I'm keeping it, but indeed it's a long
stretch.] When the government decided they're going to get a grip on the
tubes, things immediately got worse. No NN here, though, just censorship - a
great pile of unsound kludges with mandatory monitoring and automatic fines if
something goes through. But NN here would've killed tiniest ISPs just as well.

That's just how I see things. It very well could be that I'm mistaken here.

~~~
bjelkeman-again
I don't think it is easy to compare how censorship works in Russia with how
Net Neutrality would work in the US (or some other country) it is comparing
apples to eggs.

~~~
drdaeman
Of course. Where they're comparable is that both are government-mandated
interventions. Censorship... Yes, now I think I shouldn't have mentioned that,
and omitted previous-to-last paragraph. Sorry about this.

My overall point was unrelated to what the current government does, though -
it was that absence of NN can be beneficial - but only if there is a lot of
competition, so when not being neutral doesn't help customers but hurts them,
there is a proper feedback loop that makes ISP either have losses or
reconsider.

------
r3bl
Here's a quote from the draft that I particularly like:

> The providers of electronic communications services shall ensure that there
> is sufficient protection in place against unauthorised access or alterations
> to the electronic communications data, and that the confidentiality and
> safety of the transmission are also guaranteed by the nature of the means of
> transmission used or by state-of-the-art end-to-end encryption of the
> electronic communications data. Furthermore, when encryption of electronic
> communications data is used, decryption, reverse engineering or monitoring
> of such communications shall be prohibited. Member States shall not impose
> any obligations on electronic communications service providers that would
> result in the weakening of the security and encryption of their networks and
> services.

~~~
josteink
> Furthermore, when encryption of electronic communications data is used,
> decryption, _reverse engineering or monitoring of such communications shall
> be prohibited_. Member States shall not impose any obligations on electronic
> communications service providers that would result in the weakening of the
> security and encryption of their networks and services.

If I'm going to play devil's advocate, this sounds like a European DMCA in the
sense that it will prohibit removal of DRM, and tools which assist such
removal.

~~~
derefr
Given that the next sentence is about "Member States", I think the sentence
before it is as well—it's the _member state_ ['s government, or any contractor
acting on its behalf] who is "prohibited" here from "reverse engineering or
monitoring" encrypted communications.

In other words, this would constitute a ban on domestic SIGINT operations ala
PRISM.

~~~
lloeki
Also, "when encryption of electronic communications data" would have to be
interpreted in a _very_ twisted way to apply to DRM of IP content (be it
software or art)

~~~
derefr
It would need to be twisted indeed to apply to DRMed games, sure. On the other
hand, I could see streaming video from Netflix being "encrypted
communication", where the "recipient" is your HDCP television, and breaking
the trusted media path between the two would count as "reverse engineering or
monitoring" the signal. If, of course, these lines were meant to apply to
something other than the Member States themselves. :)

~~~
Freak_NL
It would depend on the legal definition of _recipient_ used. If I — as a
natural person — am the recipient, than decrypting that stream would not be
unlawful. Even if my TV is the 'recipient', I, as its legal owner, am probably
still in the clear.

~~~
derefr
Actually, yeah, given that TVs are clearly private property. How about the
set-top box you're renting from your cable company, though?

~~~
Spearchucker
My guess is value. A set top box being the recipient is of no value to me, it,
or anyone else. If I (a person in meatspace) cannot see whatever was
encrypted, what's the point, even? Why would I pay money for it?

------
forgottenacc57
Why is it that European governments seem to act in the interests of their
citizens and just about all other governments default policy positions is to
act against the interests of the citizens?

~~~
secfirstmd
Parliamentary systems in general are more responsive than Presidential ones.

Also, most of us EU nationals don't see EU structures as very democratically
responsive. Fairly sure most of us only send the B Team to the EU parliament.
E.g retired national politicians, or people who couldn't get elected for
national parliaments. Also, it gets a lot less coverage than national
parliaments, so members are free to vote on random things without the same
amount of scrutiny.

~~~
jacquesm
> Fairly sure most of us only send the B Team to the EU parliament. E.g
> retired national politicians, or people who couldn't get elected for
> national parliaments.

I wouldn't call 'retired national politicians' the 'B' team, those are more
likely the 'A' team, no longer worried about their career they are much freer
to operate than their national counterparts, besides that they have lots of
experience.

A Dutch example:

[https://en.wikipedia.org/wiki/Neelie_Kroes](https://en.wikipedia.org/wiki/Neelie_Kroes)

~~~
gambiting
The current president of the European Council, Donald Tusk, used to be the
Polish Prime minister before he took the position in Brussels. Definitely not
B team.

~~~
secfirstmd
Yes the European Council and European Commission tend to get the more
experienced and capable former national politicians but the Parliament
generally doesn't...Certainly not in the European countries that I have lived,
worked and studied in/about.

~~~
mcv
MPs in national parliaments aren't all that great either. And some MEPs are
really good. Just not the backbenchers.

But the Europarliament does seem to get used as a training ground for national
MPs.

~~~
secfirstmd
Agreed

------
another-dave
This is welcome, but moves like this will only make a difference if the
legislation has teeth — will there be some ombudsman that I can appeal to, who
will investigate that a firm is using encryption (correctly), and issue a
hefty fine for breaches?

Or will it turn out like the cookie legislation: potentially good in theory —
that you should have an opt out to non-essential tracking cookies — but
because of vague hand-waving around implicit opt-ins and not forcing firms to
distinguish between essential & non-essential cookies, means the only outcome
is an annoying banner on every website and no real effect on end-user privacy.

------
moontear
Serious question:

If we had perfect encryption on all devices and no government would be able to
listen in on anything (spoken conversation, mails, whatever) we would be
pretty much back to where we were a couple of decades ago. I suppose the
government would need to employee more real people to monitor other real
people.

Is there any way we could have encryption / security with a state actor still
being able to decrypt the data if needed?

I'm not saying that I personally am for the state actor, but I'm just
imagining a scenario where all communications of bad actors would be via
encrypted channels. No possibility to gather chatter, no possibility for
rumors, everything encrypted and hidden. I mean this is the scenario state
actors are afraid of, and frankly I would be too.

How would we live in a world with perfect encryption? More anonymous, sure.
But safer? I'm really trying to see "the other side" (state) right now. Help
me out and tell me how we can have perfect encryption, but don't undermine
security / possibility of investigation.

~~~
princekolt
This is an honest fear to have, but it hides the real causes many of the
recent "bad actors" did what they did.

Most of the recent terrorist acts can be traced to different organizations
that only exist because of military/economical interventions that happened a
few years, or even decades ago. In a broader sense, many can even be traced to
the aftermath of the first world war and how the Ottoman empire was split, and
the interventions that followed.

What I'm trying to say is that this is not a "inherent" problem in western
society. They were created by misguided actions of the past (and current)
generations. The techniques and methods used by these actors are just details.
You could theoretically spy in everyone like the US or UK governments want,
but ultimately the criminals can easily be one step ahead of them if they want
and try just hard enough. They can switch to other method or just pay some
hacker group to create software for them if they were really organized.

Think of the prohibition in the US. Did it really stop alcohol consumption?
Not at all. And a few years later everyone realized how stupid that idea was
and the whole prohibition was scraped.

~~~
marcoperaza
I strongly disagree. You can't just blame terrorism on poor decision making by
Western powers. The world is complex and every country has to make difficult
decisions that will make winners of some and losers of others.

Ultra-conservative strains of Islam are big losers to the West's cultural
influence, even in the absence of Western military and diplomatic intervention
in the Muslim world. Western economic and cultural might is a threat to their
value system and way of life, and some are willing to kill to defend it.
Within the United States there has been left-wing terrorism (e.g. anarchists
in the early 20th century or the Weather Underground) and right-wing terrorism
(e.g. the Oklahoma City bombing).

We cannot always avoid arousing the ire of hardcore radicals.

> _but ultimately the criminals can easily be one step ahead of them if they
> want and try just hard enough. They can switch to other method or just pay
> some hacker group to create software for them if they were really
> organized._

They _can_ , but thankfully most people seeking to do us harm (and most people
in general) are incompetent. Even the most seasoned computer criminals get
careless and make mistakes.

~~~
k-mcgrady
>> They can, but thankfully most people seeking to do us harm (and most people
in general) are incompetent. Even the most seasoned computer criminals get
careless and make mistakes.

People wishing to do us harm don't need computers at all. Just look at the 3
attacks in London in the last few months (Westminster, London Bridge, Finsbury
Park). All that is required is a driving license to rent a van and the want to
drive it at people at speed. Any person willing to do harm can go out and do
it this afternoon without any planning. If we give up our freedoms so that the
government can spy more effectively the terrorists will just do more of the
above style of attacks.

------
stanislavb
Yeah, and now many UK citizens will regret leaving the EU even more...

~~~
ionised
I think (at least a lot of) those of us that voted remain knew there would be
a massive watering down of civil liberties and protections should we leave the
EU.

The UK has never suffered occupation under National Socialism or Soviet Union
like most of Europe did so we don't have the same fear of authority creep,
which is unfortunate because it absolutely is happening here.

People in the UK are infuriatingly trusting of their rulers.

~~~
Radim
That's an interesting read -- wasn't the main "leave" argument pretty much to
avoid Socialism, the new Soviet Union and creepy external authority (EU)?
Preserve freedom?

From the outside, hilariously, it looks like both sides claim the same
ultimate goal.

~~~
deepnet
Quite the opposite actually.

The UK is a mixed economy, we have both Capitalism and Socialism and we like
it - our safety-net welfare state and the NHS save lives everyday.

EU membership is a shield for former soviet satellite states to join the West
and escape Russian influence.

The main leave "argument" was £350,000,000 was being given to the EU and could
save the beloved NHS - this turned out to be a downright lie.

Many of the other popular arguments were equally false and fearmongery about
out of control EUrocrats legislating on the curvature of bannanas and attacks
on the British sausage and that farmers would be better off outside the common
market - all very jingoistic.

It has emerged that there was a lot of carefully crafted individually targeted
Facebook adverts that played on voters fears derived from personal data held
outside the UK (and outside UK data laws), sadly these went undocumented so we
may never know the extent of the falsehoods or their level of influence.

The UK electoral commission has expressed concern over this type of
campaigning as no-one knows what is being promised or how much was spent on
it.

There has been an effort to try to document these dark ads for the recent
election where they seem to have been much less effective.

Many Brits feel conned as the referendum was pitched as being only advisory
but is now being taken as iron-clad and a 4% majority of those who offered an
opinion is very little mandate to enact such major constitutional change.

As the realities for science funding, farming subsidies have kicked polls are
reporting many Brexiters have changed their tune. Goldman Sax's relocation to
Europe is a bellweather for the realities for the financial industry which is
close enough to Tory hearts that one hopes they'll snap out of their dreams of
Empire and Commonwealth.

Hopefully the staggering level of incompetence so far demonstrated by David
Davis' negotiating team will be the rope that hangs them and we'll get a
second real referendum.

The alternative Red White and Blue Hard Brexit promised by Teresa May is not
good for anyone in the UK unless they are shorting the pound.

~~~
nvarsj
I agree with a lot of what you said. But it's simply not true that "Many Brits
feel conned". The majority still wants to leave EU. That's why both Labour and
Conservative MPs are pro brexit. Only LibDems are pro-remain, and they only
got a handful of seats in the last general election. The brexiteers won,
unfortunately. The only question now is how bad it will be.

~~~
ionised
> The majority still wants to leave EU. That's why both Labour and
> Conservative MPs are pro brexit.

This is not really accurate.

Firstly, the majority that initially voted to leave was 37% of the population.
As far as I am aware that number has slightly decreased in terms of
supporters, but even if the opposite were true it is still less than half of
the population that actively support leaving.

Secondly, these MP's are only 'pro-Brexit' insofar as they know it has to
happen regardless of their own beliefs and coming out against it now would be
political suicide. No matter what you think here, in this last General
Election people did not vote for parties based on their Brexit stance. They
voted based on whether they wanted 5 more years of Tory rule. Tht issue was a
far higher priority than Brexit.

~~~
gadders
You're quite correct. The proper phrase "The majority of people that could be
bothered to vote still wants to leave the EU".

------
conradk
Ever since Brexit, I feel like the EU suddenly has plenty of good news for EU
citizens (myself included, which makes me happy). No backdoors, free roaming
and privacy law in 2018 most notably.

Anything else I might have missed that EU is doing to improve itself for
citizens lately ?

~~~
CM30
Part of me wonders whether that's deliberate. They realised there was a
growing discontent with the union, Brexit brought about the realisation that
countries would want to leave and now the MEPs and EU government officials and
what not have realised that making the EU a positive thing to be part of is
crucial to its future success.

~~~
k-mcgrady
With the exception of this news the other things OP mentioned have been being
worked on for several years. It's just that anytime this stuff is passed
member states are given a couple of years to implement it. Completely
unrelated to Brexit.

------
iuguy
I for one will be glad when we free ourselves of the yoke of EU tyranny and
can move Britain forward by banning crypto.</sarcasm>

Seriously, my country's going backwards. Is there a way to reboot it and see
if that fixes it?

~~~
rf15
"I'm not saying that we need a revolution driven by the left, but..." :D

~~~
iuguy
The problem is that the left seem to be just as supportive of a hard brexit as
the right. Labour have pledged to end free movement in their manifesto, which
is one of the EU's fundamental four freedoms.

 _le sigh_

------
EwanToo
This is just a proposal, from the European Parliament's Committee on Civil
Liberties, Justice, and Home Affairs.

It's not a law, and (unfortunately) I can't imagine the proposal will get
passed in it's current form.

~~~
uhnuhnuhn
Agreed. As the article states, this would have to be approved by the European
Council, i.e. all EU heads of state. They may not have such a positive view of
encryption and privacy.

~~~
mpeg
The UK will never approve that, so that's at least 2 years before it can even
pass let alone be implemented.

------
narrator
Here's some irony for you: a significant result of Brexit is that the U.K will
have a censored, tightly monitored Internet without encryption and Europe will
have data privacy and end-to-end encryption. The pro-freedom crowd will
benefit, but in the opposite way of what they were expecting: the control
freak British government is removed from EU politics. Nigel Farage is going to
be really confused.

~~~
rsynnott
Oh, Nigel Farage never cared about any of that freedom stuff. He's fairly
transparently using it as respectable cover for ethno-nationalism.

~~~
pbhjpbhj
How does that fit with having a family with an Irish wife, and later a German
wife. That would appear to limit the ethnicity to "European", which doesn't
fit well with his anti-European actions.

He comes across in the press, to me, as an English imperialist.

~~~
bjelkeman-again
To me there is no logic to it. Just someone who wants to be breaking down
rather than building up. Building is a lot harder.

------
0x0
I wish this forced Apple to move EU developer apps to an EU App Store and EU
iTunesConnect, so that those won't have to deal with the US export
classification nonsense anymore just for using the built-in HTTPS support in
NSURLSession.

------
microcolonel
Why enforced? Why can't they just let it be? Next they're going to tell you
that you have to use _their_ ciphers and protocols to be in compliance.

------
hellbanner
Contrast this to the UK (now out of the EU)'s approach to internet encryption:
[http://www.independent.co.uk/life-style/gadgets-and-
tech/new...](http://www.independent.co.uk/life-style/gadgets-and-
tech/news/theresa-may-regulating-internet-anti-terror-measures-extremism-
snoopers-charter-a7775566.html)

~~~
rf15
>now out of the EU

You still have a little less than two years left! Until then you can step back
any time you want from this silly idea.

------
thrillgore
It must be nice to live in a country where the politicians care about the
public.

------
amelius
But how are companies like Google and Facebook going to mine the data then? Or
are they mostly interested in the metadata anyway?

~~~
r3bl
To be honest, Facebook is the owner of WhatsApp (Signal's end-to-end
encryption) and they've incorporated end-to-end encryption in their core
product too (Messenger's "secret conversations"), albeit not by default.

If I didn't know any better, I would say that Facebook did make a line between
private and mining data, but there are countless examples beating that theory:
their experiments with crashing the apps, showing only sad news, mining data
from messages, WhatsApp and Messenger making web requests as you're _typing_
the URL...

~~~
amelius
Facebook has not finished integrating WhatsApp yet. Right now they have both
Messenger and WhatsApp, which is confusing. I guess we'll see what happens to
privacy once Facebook has made up their mind about the exact business model.

------
IsaacL
"End-to-end encryption means the company providing the service does not have
access to the key, meaning it cannot "listen in" to what is being shared -
giving the sender and recipient added confidence in the privacy of their
conversation.

"The principle of confidentiality should apply to current and future means of
communication, including calls, internet access, instant messaging
applications, email, internet phone calls and personal messaging provided
through social media," said a draft proposal from the European Parliament's
Committee on Civil Liberties, Justice, and Home Affairs."

How would this work in practice? Would any web service that includes a private
messaging feature need to ensure it is end-to-end encrypted? Would there be
fines or penalties for startups that included an unencrypted messaging feature
in their product?

~~~
nvarsj
The same as any other similar legislation, like requiring cookies notification
on every website, or the data protection requirements.

~~~
kuschku
Every site with the cookie notification violates the original cookie
regulation. The original regulation is clear, you only need to ask the user if
you want to track them, no matter how, but they have to be able to opt out of
tracking.

\- Login cookies? No notification required.

\- Tracking via fingerprinting? You need to ask.

\- User says no to the tracking? You have to allow them to continue using your
service.

It’s pure bullshit what most sites do, based on the UK interpretation of the
cookie law. Luckily, that’s gone soon (both due to the EU GDPR, and due to
Brexit)

------
adam-fn
Do we need to have a discussion on so many of the media outlets, including
ones which host pro-encryption / pro-user-privacy articles, either failing to
provide SSL, providing SSL but the certificate is from their hosting provider
or other affiliated company, or having it setup just to redirect users to
their http endpoint with prejudice, as is the case here?

    
    
      $ curl -I https://www.bbc.com/news/technology-40326544
      HTTP/1.1 301 Moved Permanently
      Content-Type: text/html
      Location: http://www.bbc.com/news/technology-40326544

------
mike-cardwell
So end to end encryption of email within the EU is going to become common?
Facebook messages? Sure.

Is there anybody here who actually believes that 1, this will happen, and 2,
will be effective?

~~~
devuo
1\. I'm not so sure. Due to the threat of terrorism and tax fraud Governments
would most probably not want, National Parliaments — if not controlled by a
governmental majority — however most probably would, as this would help paint
the acting government in a negative '1984' like light.

2\. Massive fines would hopefully act as a deterrent.

------
pulse7
Maybe they are just testing the ground... It sounds "too good to be true"...
although I would like to live in such legislation...

------
iDemonix
Is it too late to vote remain?

~~~
petre
You can always move and apply for residence in an EU country of your choice.

~~~
setq
This is actually my exit plan at the moment.

~~~
ue_
It's unfortunate that various European countries have similar limitations on
our freedom of expression and their attitude toward privacy isn't that much
better.

~~~
setq
I have a spreadsheet going - there are a few serious options available still.
I will publish it on here at some point.

~~~
wohlergehen
Would you mind sharing that? That would be super useful to me as well.

~~~
setq
I will share it in a couple of weeks if I get some time to finish it. It
aggregates a lot of info from climate, financial market status, things of
cultural interest, native languages, recruitment etc.

------
megous
> Data subjects have a right to receive a copy of their personal data in a
> commonly used machine-readable format.

Hopefully, this will work out better than the shit Facebook produces in its
data export. While their HTML is technically machine-readable, the intention
clearly was "here's your data, and fuck you for thinking of leaving, btw".
Little to no metadata for the wall posts, for example, makes it almost
useless.

------
hacksonx
What do laws like these for partner but not member states to the EU like
Turkey mean?

~~~
jacquesm
Turkey will never be part of the EU proper. 'Never' as in: not in a couple of
life times. Turkey has been given the runaround for the last 30 years or so
not because there ever was a serious push to integrate them into the EU but
because of the fear that Turkey would align with Russia.

So Turkey is as much out of the EU as they ever were and the EU laws will not
influence Turkey, _especially_ not laws that would make it harder for Erdogan
and his cabal to repress the intelligentsia of Turkey.

~~~
mercurial
> Turkey will never be part of the EU proper. 'Never' as in: not in a couple
> of life times. Turkey has been given the runaround for the last 30 years or
> so not because there ever was a serious push to integrate them into the EU
> but because of the fear that Turkey would align with Russia.

Yeah, even with a secular democratic party in power they would not have a
chance (a 80 million people country, mostly Muslim, at the time where there is
an islamist terrorist attack every month in Europe? Never mind the number of
terrorists with a Turkish background, nobody would agree to that, and that's
not even talking about its own stability problem and the neighbours Europe
would acquire). With a proto-islamic dictator like Erdogan, forget about it.

------
medalist
And once again, Britain is going a different, worse, direction on its own.

------
vectorEQ
this only apply to citizens.. they will just revoke this status from you and
call you a criminal if it comes to it..

~~~
Strom
Unlikely. For example the Estonian constitution explicitly forbids revoking
citizenship obtained via birth. There may be ways to revoke some other rights
like encryption, but my citizenship can't be lawfully removed, unless the
constitution is changed, which is extremely unlikely.

------
andreasgonewild
Guarantee this, prohibit that. Meanwhile, no one gives a crap since the
state/EU/CIA, whatever you want to call them; have already proven beyond doubt
where they stand on these issues. You either encrypt everything yourself or
you're potentially in trouble.

[https://github.com/andreas-gone-wild/snackis](https://github.com/andreas-
gone-wild/snackis)

