Pages in topic:   [1 2] >
EU Regulation 2016/679 of 27 April 2016 on data protection – should we worry?
Thread poster: Thomas T. Frost
Thomas T. Frost
Thomas T. Frost  Identity Verified
Portugal
Local time: 14:22
Danish to English
+ ...
Jan 21, 2018

Ref.: REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL
of 27 April 2016
on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)... See more
Ref.: REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL
of 27 April 2016
on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)

http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex:32016R0679

This Regulation shall apply from 25 May 2018.

Does anybody know if this will apply to freelance translation?

Article 2 says: "This Regulation applies to the processing of personal data wholly or partly by automated means and to the processing other than by automated means of personal data which form part of a filing system or are intended to form part of a filing system."

There are no definitions of the terms "automated means" and "filing system" in the Regulation. When does the use of IT become "automated" for the purpose of this Regulation? If a translator has folders that contain documents that contain personal data, is such personal data then part of a filing system?

If this Regulation does apply to our profession, then what exactly do we have to do to comply? There are 88 pages of legal yada yada to decipher.

Does anyone have any concrete knowledge about how to deal with this, and whether or not we can just forget about it?
Collapse


 
Jean Lachaud
Jean Lachaud  Identity Verified
United States
Local time: 10:22
English to French
+ ...
good question Jan 21, 2018

I wouldn't worry too much: France's CNIL law, dating back to the late seventies, makes it mandatory to request authorisation from CNIL about any automated (read: computer-based) storage of personal data. That regulation, literally speaking, technically applies to any smart phone and any PC-based contact list.
Still, I have been wondering about that very issue since I created my first Apple II-based phone book, way back in 1981.


 
Kay-Viktor Stegemann
Kay-Viktor Stegemann
Germany
Local time: 15:22
English to German
In memoriam
EU regulation does not apply to private address books Jan 21, 2018

JL01 wrote:

I wouldn't worry too much: France's CNIL law, dating back to the late seventies, makes it mandatory to request authorisation from CNIL about any automated (read: computer-based) storage of personal data. That regulation, literally speaking, technically applies to any smart phone and any PC-based contact list.
Still, I have been wondering about that very issue since I created my first Apple II-based phone book, way back in 1981.


Just to cut in here, the General Data Protection Regulation (GDPR) does not apply to private address collections. In point 18 of the preamble it says:

This Regulation does not apply to the processing of personal data by a natural person in the course of a purely personal or household activity and thus with no connection to a professional or commercial activity. Personal or household activities could include correspondence and the holding of addresses, or social networking and online activity undertaken within the context of such activities. However, this Regulation applies to controllers or processors which provide the means for processing personal data for such personal or household activities.

Having said that, of course the regulation applies to professional processing of personal data, which applies to freelance translators as well. And this would be worth looking into.

What kind of personal data do we store and process? Obviously, a freelance translator will store contact information of clients, and translation content can also contain personal data. Anything else?

Is it legal to store and process these data? In article 6 the regulation says:

1. Processing shall be lawful only if and to the extent that at least one of the following applies:
(a) the data subject has given consent to the processing of his or her personal data for one or more specific purposes;
(b) processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract; …


Therefore, we should have no problem when we process the personal data of our clients. But if the translation content contains personal data of third parties, this might become a problem.

Then, we should look into the rules how those data may be stored and processed. The basic rules for that are covered in article 5.

I believe that our obligations towards this EU regulation will not much exceed the obligations we already have towards our clients to keep their information confidential, protected and only use it for the intended purpose. What the EU regulation additionally requires is that we delete these data as soon as they are no longer needed for the intended purpose.

I'm not an expert on the subject (I just stumbled upon the subject when I had to translate content dealing with it) and I found this info in the Wikipedia. Did I miss something?


 
Henry Dotterer
Henry Dotterer
Local time: 10:22
SITE FOUNDER
Almost certainly "yes" (it will affect) Jan 22, 2018

> Does anybody know if this will apply to freelance translation?

I would say it is pretty unlikely that GDPR will not affect freelancer translators. For one thing, the law could be interpreted to call for a more secure handling of freelancers' own private data by clients, and it is likely that at least some companies will take steps accordingly. Behind the
... See more
> Does anybody know if this will apply to freelance translation?

I would say it is pretty unlikely that GDPR will not affect freelancer translators. For one thing, the law could be interpreted to call for a more secure handling of freelancers' own private data by clients, and it is likely that at least some companies will take steps accordingly. Behind the scenes, your data may be a little bit more secure. Maybe it will feel like clients are getting more organized.

And by the same token -- given that freelance translators are part of a supply chain to which private data is sometimes entrusted -- it is almost certain that freelancers will be asked (by at least some clients) to take further steps to ensure data security.

To put it differently, I don't know how end clients are going to be able to ensure data security to individuals without making sure that data is handled securely throughout their entire supply chains, including their freelancer networks.

By the way, the SecurePRO program launched by ProZ.com is not, strictly speaking, a response to GDPR (since we started working on it a few years ago, before we heard about GDPR.) But it is part of the same trend, and is designed to support freelancers in working together with clients to comply with increasing security requirements such as these. (And also increasing security requirements in industry.)
Collapse


 
Thomas T. Frost
Thomas T. Frost  Identity Verified
Portugal
Local time: 14:22
Danish to English
+ ...
TOPIC STARTER
Various Jan 22, 2018

Henry Dotterer wrote:

> Does anybody know if this will apply to freelance translation?

I would say it is pretty unlikely that GDPR will not affect freelancer translators. For one thing, the law could be interpreted to call for a more secure handling of freelancers' own private data by clients, and it is likely that at least some companies will take steps accordingly. Behind the scenes, your data may be a little bit more secure. Maybe it will feel like clients are getting more organized.

And by the same token -- given that freelance translators are part of a supply chain to which private data is sometimes entrusted -- it is almost certain that freelancers will be asked (by at least some clients) to take further steps to ensure data security.

To put it differently, I don't know how end clients are going to be able to ensure data security to individuals without making sure that data is handled securely throughout their entire supply chains, including their freelancer networks.

By the way, the SecurePRO program launched by ProZ.com is not, strictly speaking, a response to GDPR (since we started working on it a few years ago, before we heard about GDPR.) But it is part of the same trend, and is designed to support freelancers in working together with clients to comply with increasing security requirements such as these. (And also increasing security requirements in industry.)


The article you linked doesn't even discuss if the Regulation applies to our profession, based on Article 2:

"This Regulation applies to the processing of personal data wholly or partly by automated means and to the processing other than by automated means of personal data which form part of a filing system or are intended to form part of a filing system."

You could say that anything involving IT is "automated", because we don't manually carry a document bit by bit in a wheelbarrow, but is that what they mean? If only a document is sent and translated on paper then it isn't "automated", but if it is sent by email or downloaded then it is "automated"? Is that what they mean? If I organise my folders by client and job, do they then constitute a "filing system"? And if I just dump all the files in the download folder, so there is no system in it, is it then no longer a "filing system"?

We need more than guesswork. I have sent a question to the EU's SOLVIT service about it, but I have no idea what sort of reply I will receive.

There is obviously a need for better privacy and security, but it shouldn't come at the price of freelancers' own privacy in the form of having their private homes invaded by auditors. I certainly will not accept that, and judging by other forums, I’m not the only one.

A possibility that I haven't seen discussed is to replace identifying personal information by placeholders before outsourcers send the texts to freelancers. This could dramatically increase their administrative burden, of course.


 
Tom in London
Tom in London
United Kingdom
Local time: 14:22
Member (2008)
Italian to English
should we worry? Jan 22, 2018

the question reminds me of the old Jewish joke:

Q. What does a Jewish telegram say?
A. START WORRYING. DETAILS TO FOLLOW


 
Henry Dotterer
Henry Dotterer
Local time: 10:22
SITE FOUNDER
Right on, Tom Jan 22, 2018

Tom in London wrote:

the question reminds me of the old Jewish joke:

Q. What does a Jewish telegram say?
A. START WORRYING. DETAILS TO FOLLOW

Very apropos.


 
Tom in London
Tom in London
United Kingdom
Local time: 14:22
Member (2008)
Italian to English
:) Jan 22, 2018

Henry Dotterer wrote:

Tom in London wrote:

the question reminds me of the old Jewish joke:

Q. What does a Jewish telegram say?
A. START WORRYING. DETAILS TO FOLLOW

Very apropos.


Thanks Henry


 
Christopher Schröder
Christopher Schröder
United Kingdom
Member (2011)
Swedish to English
+ ...
:-o Jan 22, 2018

Racist stereotypes aside, it's hard to see much to worry about when a regulation that would seem to apply to all businesses has been in force for two years without anybody knowing about it!

 
Tom in London
Tom in London
United Kingdom
Local time: 14:22
Member (2008)
Italian to English
PC gone mad Jan 22, 2018

No racist stereotypes were involved. It's a Jewish joke told by Jews. For more Jewish jokes told by Jews (but not if you're easily offended) see

https://www.youtube.com/watch?v=UI5euTaviCc

(if it's OK for the BBC I'm sure it'll be OK for you)

[Edited at 2018-01-22 15:15 GMT]


 
Thomas T. Frost
Thomas T. Frost  Identity Verified
Portugal
Local time: 14:22
Danish to English
+ ...
TOPIC STARTER
The worry Jan 22, 2018

Chris S wrote:

Racist stereotypes aside, it's hard to see much to worry about when a regulation that would seem to apply to all businesses has been in force for two years without anybody knowing about it!


My worry is not innocent jokes, but fines or other charges that could be the result of not complying. In Germany there are companies that specialise in going around checking if some mandatory legal yada yada has been left out of German websites, and then sending bills for "legal advice", typically in the range of 800 to 1500 euros, to the offending companies. German law enables such parasites, but this Regulation has penalties and fines stated directly. This is not a joke. There is a steady stream of new Regulations to comply with, not least if one sells to consumers, so it's written all over my website and Proz profile that I don't sell to consumers – and by the way that the profile and site is not addressed to users in Germany.

This Regulation does not apply yet, by the way, but we can be sure that there is an army of German legal vultures ready to send out legal bills as of 25 May.


 
Nikki Scott-Despaigne
Nikki Scott-Despaigne  Identity Verified
Local time: 15:22
French to English
Note Jan 22, 2018

As with many EU regulations, the aim is harmonise what is already current law or current practice in many member States anyway.

[Edited at 2018-01-22 16:16 GMT]


 
Vanda Nissen
Vanda Nissen  Identity Verified
Australia
Local time: 00:22
Member (2008)
English to Russian
+ ...
Professional indemnity insurance Jan 22, 2018

Perhaps, a professional indemnity insurance would cover it all?

 
Jean Lachaud
Jean Lachaud  Identity Verified
United States
Local time: 10:22
English to French
+ ...
Insurance does not cover criminal liability Jan 22, 2018

I would be very surprised that the statute does not provide criminal penalties but, to be honest, I haven't checked.

Let me think loudly: the statute is targeted at the GAFAM, or whatever the acronym for internet giants is.
Should the Statute not provide for criminal penalties, i.e. provide only for civil penalties (fines), no amount of such fines could possibly prevent these filthy rich corporations to do what they want with personal data.

Vanda Nissen wrote:
Perhaps, a professional indemnity insurance would cover it all?


 
Vanda Nissen
Vanda Nissen  Identity Verified
Australia
Local time: 00:22
Member (2008)
English to Russian
+ ...
If it were about criminal penalties, Jan 23, 2018

JL01 wrote:


I would be very surprised that the statute does not provide criminal penalties but, to be honest, I haven't checked.

Let me think loudly: the statute is targeted at the GAFAM, or whatever the acronym for internet giants is.
Should the Statute not provide for criminal penalties, i.e. provide only for civil penalties (fines), no amount of such fines could possibly prevent these filthy rich corporations to do what they want with personal data.

I doubt, there would be companies specialising in what Thomas has called ''legal advice''. I think professional indemnity insurance should keep these vultures away.


 
Pages in topic:   [1 2] >


To report site rules violations or get help, contact a site moderator:


You can also contact site staff by submitting a support request »

EU Regulation 2016/679 of 27 April 2016 on data protection – should we worry?







Wordfast Pro
Translation Memory Software for Any Platform

Exclusive discount for ProZ.com users! Save over 13% when purchasing Wordfast Pro through ProZ.com. Wordfast is the world's #1 provider of platform-independent Translation Memory software. Consistently ranked the most user-friendly and highest value

Buy now! »
Protemos translation business management system
Create your account in minutes, and start working! 3-month trial for agencies, and free for freelancers!

The system lets you keep client/vendor database, with contacts and rates, manage projects and assign jobs to vendors, issue invoices, track payments, store and manage project files, generate business reports on turnover profit per client/manager etc.

More info »