Good article on what the EU *could* be doing instead of what they *are* doing to improve the internet
-
@HardwareGeek said in Good article on what the EU *could* be doing instead of what they *are* doing to improve the internet:
@Zerosquare said in Good article on what the EU *could* be doing instead of what they *are* doing to improve the internet:
With that kind of reasoning, nobody would operate any fast-food joint, because what happens if they accidentally serve
peanutshot coffee to someone who'sdeadly allergic to themstupid enough to put the coffee cup in her lap while driving?I'm not sure your argument means what you think it means, because that particular case is actually more complex than the way it's usually depicted (McD's knew their coffee was too hot, they had several prior cases of people being burned, and they still didn't lower the temperature.)
-
@topspin said in Good article on what the EU *could* be doing instead of what they *are* doing to improve the internet:
@blakeyrat said in Good article on what the EU *could* be doing instead of what they *are* doing to improve the internet:
Because everything they do has the end goal of fining US companies as much $$$$ as possible.
No, everything they do has the end goal of fining you as much $$$$ as possible. You personally, blakeyrat.
Fuck you, give us money.Yup. It's called the GPBR (Give People Blakeyrat's Resources) law, and it will start being enforced next week.
-
@Zerosquare said in Good article on what the EU *could* be doing instead of what they *are* doing to improve the internet:
@topspin said in Good article on what the EU *could* be doing instead of what they *are* doing to improve the internet:
@blakeyrat said in Good article on what the EU *could* be doing instead of what they *are* doing to improve the internet:
Because everything they do has the end goal of fining US companies as much $$$$ as possible.
No, everything they do has the end goal of fining you as much $$$$ as possible. You personally, blakeyrat.
Fuck you, give us money.Yup. It's called the GPBR (Give People Blakeyrat's Resources) law, and it will start being enforced next week.
Sounds like a minor improvement from FYGLKM.
-
@pie_flavor said in Good article on what the EU *could* be doing instead of what they *are* doing to improve the internet:
@blakeyrat European people think 'rule of law' is a far-right concept.
No, that's why we made new laws to you stop from gaining competitive advantage from breaking laws.
-
@Gąska said in Good article on what the EU *could* be doing instead of what they *are* doing to improve the internet:
They probably just heard that everyone is doing it and thought they should too. Or maybe they really have shitty lawyers, in which case, it's the fault of shitty lawyers. What kind of lawyer makes such a fundamental mistake?
The kind of lawyer whose job is to protect his client. "You probably don't really need to get consent, but you should do it anyway, just to CYA." And a lawyer that doesn't tell a client to CYA when it's reasonably easy to do so is a lawyer who's setting his client up for a lawsuit.
-
@coldandtired said in Good article on what the EU *could* be doing instead of what they *are* doing to improve the internet:
@blakeyrat said in Good article on what the EU *could* be doing instead of what they *are* doing to improve the internet:
Because everything they do has the end goal of fining US companies as much $$$$ as possible.
Yet strangely, pretty much every US company that isn't some local news site for a town of 25 people has
bent over backwards to accommodate the evil EU consumerspaid the owner's nephew $25 to slap an annoying, useless, non-compliant notice with no opt-out on their website. Are they all so gullible?Cargo-cult compliance theatre.
-
@Gąska said in Good article on what the EU *could* be doing instead of what they *are* doing to improve the internet:
@The_Quiet_One said in Good article on what the EU *could* be doing instead of what they *are* doing to improve the internet:
@Gąska said in Good article on what the EU *could* be doing instead of what they *are* doing to improve the internet:
@The_Quiet_One said in Good article on what the EU *could* be doing instead of what they *are* doing to improve the internet:
@Gąska said in Good article on what the EU *could* be doing instead of what they *are* doing to improve the internet:
@The_Quiet_One said in Good article on what the EU *could* be doing instead of what they *are* doing to improve the internet:
@Gąska said in Good article on what the EU *could* be doing instead of what they *are* doing to improve the internet:
The problem with the law is it is way to easy to have the best intentions and still manage to "violate" them. For instance, what if I had a technical question on a forum and mentioned my IP because I thought it was germane to the question at hand?
I don't think this scenario falls under GDPR. You don't have a database here, and no processing, and you have full consent since it was user's own initiative.
Forums do use a database.
But do they use a database of IPs contained in posts? Because a database of raw posts is completely different from that. And you know that and you're just pushing all the definitions to ridiculous extremes because you're a programmer who's trained to be wary of the most ridiculous edge cases, and not a judge who's trained to be wary of common sense.
The same judges who ban pools from backyards because "they might drown a burglar" or fine CountDankula?
I need citation on the first one. And the second isn't poor judgement, it's poor law. He actually broken the law. A horrible law that should never exist, but still a law.
Note how there's no mention of "judge", "government", "police" or anything of that sort here. It's just a private landlord being paranoid about hypothetical potential liability. Also note how the word "burglar" only appears in the headline and nowhere else. None of the actual people involved ever used it.
Dude, fix your CTRL+F. The word burglar appears three times in the article, and also uses words like break-in.
there is no explicit consent from me to store any of that info.
You agreed for everything you post to be stored on servers and visible to other users, didn't you?
Sure. But if I post my SSN or credit card number on the forum, which is now considered as private and sensitive as an IP address, then posting my IP address is now as legally "dangerous" as posting those.
And the website owner has just as big problem then. Which is no problem.
You completely whooshed over the point. My point is if someone volunteers IP or their first name on a public forum, it shouldn't be considered the same as if they volunteer their credit card number on said forum.
Why?
I'll answer yet another time: Because according to GDPR there's no distinction between different types of personal information. It's all lumped into one category.
The former is acceptable if the person doesn't have a problem with their name being on the internet.
And the latter is too. I mean, if they did this, they clearly wanted to do this, didn't they?
The latter is unacceptable because there is never a good reason to do that.
There's never a good reason to eat California Reaper either, and yet I don't hear people saying it's unacceptable.
So, now forum admins have to treat IP addresses as if they posted a credit card number
Do they? It's still just content of your post that they don't do anything with except show other people as you wanted to.
It's PII now! Yes, they do!
So what if it is? It's still a post that you're not extracting data from, and usually not even aware there's any data in it, especially personal data.
By having it out in the public, it's subject to data mining from anybody. GDPR doesn't like that. Google, in fact, probably indexed it already. So, technically I shared someone's IP with Google and any other spider/bot fishing for IP patterns.
The question isn't whether it's PII. It's whether it falls under GDPR rules for storing and processing PII. And if it does, what the rules say to do in this situation.
Beyond that, though, we have many forums, some of them abandoned yet archived, which has IP addresses and full names exposed from decades past. GDPR has no concept of a grandfather clause
For a reason.
So, if I had a forum from 2000 that had someone's name on it, I should be fined to bankruptcy?
Have, or had?
https://en.wikipedia.org/wiki/English_conditional_sentences (Read up on second conditional). It's a hypothetical.
so those sites are by default in violation.
Yes, and the owners should do something about it.
Even if it's on archive.org?
There are two ways to interpret your question. Are you asking what to do with data stored on someone else's website out of your control, or are you asking what to do with data stored on your own website when you're owner of archive.org?
Mostly the first. See, because the data is/was publically available, any spider or bot lurking through the internet can pick it up. If someone posts personal data on a forum and it gets picked up and indexed by a third-party, then who is responsible for that? And if it happened 10 years before GDPR was even discussed, is there still a violation, and who is it on?
the violation is going to be far more severe than it should be.
And what should it be in your opinion?
First off, start with a cease and desist. Make the owner aware of the violation. They were following the spirit of the law and shouldn't be considered as guilty as the likes of Facebook whose entire company motto and business plan is about fucking over people's data.
And this is most likely what will happen in practice. I mean, it happens with aggravated assaults; why not privacy laws? The problem is, if it was codified that the first action against a given company must always be a notice, it would create a huge backdoor for all the shady companies to exploit - they'd just close down and open up again whenever they get an angry letter.
Sure sounds like an expensive workaround. Do you know how much it costs in paperwork and legal fees to willy nilly open and close businesses?
but everything I've observed about GDPR
Most of what you've observed was panic and extreme overreaction. Unless you mean actual law, actual court cases and/or actual industry practices for managing personal information you've never asked for? If so, I'd love if you could provide some links because I'm at least as interested in this subject as you are.
My observations are based on how companies have prepared for GDPR.
And how companies have prepared was in large part panic and overreaction. Example: I've got a GDPR consent request from my building administration. They asked for consent to process PII that they already had full rights to process because it's required by law for them to possess and process that data.
Exactly! Who's fault is that?
I'd say it's the administration's, for not actually figuring out what they have to do to comply.
I've had to read the GDPR for my employer's own compliance, and after reading it, I came to the same conclusion as everyone else. And seeing the penalties for non-compliance, a lot of the conclusion is based on erring on the side of caution, resulting in what you're seeing here: A lot of noise where everyone is technically tracking you with no indication of how much. And do you blame them for doing that? If, by misreading the text of the law, your company is fined a shit ton of money, wouldn't you want to overestimate what it means?
The regulation was written so broadly, every website besides zombo.com had to put scary notices
Well, almost every website besides zombo.com has stored personal data without consent.
But to what extent? 99% of the population doesn't care if the contact form you sent to a restaurant is hanging on a server somewhere, yet a good portion of the population care if Google is using your GPS location on your phone to see where you go on a daily basis to inundate you with ads relevant to where you've been. As such, the former has to say, "We've got your information." while the latter simply says the same thing. But the two are vastly different in what they're actually doing.
about how, according to the EU, they are as bad as Facebook for having a contact form.
Nothing like that ever happened. First and foremost, EU never said Facebook is bad.
You're joking, right? The likes of Facebook are what prompted this legislation in the first place.
Every single site is considered as privacy-violating as Facebook, Amazon, and Google, and to the non-savvy user, that's either going to frighten them or just train them to ignore all the warnings and habitually opt into anything anyway.
Do you have any better idea? No, doing nothing isn't a better idea.
This is about as good as nothing.
But still better than nothing.
As good as nothing is better than nothing. Gotcha.
If you have a contact form with a submit button, even with a disclaimer that you don't share with third-parties, that should be clear enough that you're consenting to send a message to someone that will be stored somewhere for someone to read. If, on the other hand, you're doing something shady, like forwarding that contact info to some data collective for big-data analysis without your knowledge, that's the kind of shit GDPR is supposed to suppress.
The problem is defining exactly what's the boundary between these two scenarios. Also, access to your own information - and thus forcing everyone to catalogue information they've collected - is just as important as not having it shared around in my opinion.
Existing privacy laws in the US and EU already have requirements for privacy policies and users to opt-in during registration. The part of GDPR I agree with is that the privacy policies should a.) Inform people of what data is collected and b.) Inform people of what data is shared and with whom. My objection is that it is written in a very vague manner such that those who wish to avoid huge fines must err on the side of caution, resulting in the hysteria you are lamenting. A lot of the concern was on people having to opt into receiving newsletters again, for instance. Here's the kicker: Every newsletter I ever signed up for since, say, 2001, already had an opt-in checkbox. And there are already laws regarding allowing people to unsubscribe. So why on earth are they required to do it a second time to be compliant with GDPR?
-
@The_Quiet_One said in Good article on what the EU *could* be doing instead of what they *are* doing to improve the internet:
Because according to GDPR there's no distinction between different types of personal information. It's all lumped into one category.
Not true. Things like sexual preference or race require a very good reason to be processed.
-
@coldandtired said in Good article on what the EU *could* be doing instead of what they *are* doing to improve the internet:
@The_Quiet_One said in Good article on what the EU *could* be doing instead of what they *are* doing to improve the internet:
Because according to GDPR there's no distinction between different types of personal information. It's all lumped into one category.
Not true. Things like sexual preference or race require a very good reason to be processed.
And who decides what a "very good reason" is? Is it written down somewhere? Or is it left up to bureaucrats who might be any of
- trying to prove their value by hammering edge cases
- lazy and just shotgunning out accusations
- vindictive (usually at the lowest levels--you did something to piss off somebody, and they told their buddy who works for the government, and...)
- any number of other factors
We here in the US have a saying. "You can beat the rap, but you can't beat the ride". Also phrased as "the process is the punishment." Merely being fined
$big_money
, even if you end up winning and not having to actually pay is a punishment. You'll never get that time back. Nor the resources you spent defending yourself. Nor the reputation--news of people being assessed fines is much higher priority than the followup that it was all a mistake.
-
@Benjamin-Hall said in Good article on what the EU *could* be doing instead of what they *are* doing to improve the internet:
And who decides what a "very good reason" is? Is it written down somewhere?
Of course not; we're not exceptional enough to have such things
-
@The_Quiet_One said in Good article on what the EU *could* be doing instead of what they *are* doing to improve the internet:
Sure sounds like an expensive workaround. Do you know how much it costs in paperwork and legal fees to willy nilly open and close businesses?
I believe the hypothetical businesses in question were in Zimbabwe, so several semi truck loads. Or about $0.50 in real money.
-
@coldandtired said in Good article on what the EU *could* be doing instead of what they *are* doing to improve the internet:
@Benjamin-Hall said in Good article on what the EU *could* be doing instead of what they *are* doing to improve the internet:
And who decides what a "very good reason" is? Is it written down somewhere?
Of course not; we're not exceptional enough to have such things
Reading that, I saw:
Processing of personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation shall be prohibited.
So any processing of personal data that reveals philosophical beliefs is extra special private? ?
-
@Benjamin-Hall said in Good article on what the EU *could* be doing instead of what they *are* doing to improve the internet:
So any processing of personal data that reveals philosophical beliefs is extra special private? ?
Yes, what's so difficult to understand?
Every time my school hires an American they invariably ask whether we're Liberals or Conservatives. I think three weeks was the longest one went without asking. One even asked at his job interview. Even before GDPR we had to implement rules to stop them bothering students with this shit.
Compare that to the European colleagues, where none of us know how the others vote because we talk about other things. This extends to most philosophical discussions (anti-choice, anti-gay, etc.)
We already considered it private information, but now it is clarified that no employer, company, etc. can ask for it without explaining why they need to know.
-
@coldandtired So a woman posts to an advice site asking how to convince her boyfriend to accept <belief X of hers>. That's a philosophical belief of his--the non-belief in X. The site is now liable for violating the boyfriend's privacy. ?
-
@The_Quiet_One said in Good article on what the EU *could* be doing instead of what they *are* doing to improve the internet:
My objection is that it is written in a very vague manner such that those who wish to avoid huge fines must err on the side of caution, resulting in the hysteria you are lamenting.
Not to mention the whole extraterritorial jurisdiction thing. I have a personal hobby website (if I ever get it online again) that doesn't ever intentionally collect personal information about anybody (living; it's full of info about dead people), but I have to worry about GDPR compliance because some Euro-peon might visit it, and of course the server routinely collects IP addresses.
If I ever start the business I've been thinking about, I'll do my best to block access from Europe. I don't want any customers outside the US. I don't want to deal with international shipping, customs, legal restrictions on products, and all that hassle. Since I don't want customers in Europe, and I don't want the significant hassle of GDPR compliance with data of random website visitors who aren't customers, I'm quite happy to prevent, as much as it technically feasible to do so, Europeans from even knowing my website exists (if it ever does).
-
@Benjamin-Hall It depends on whether she names her boyfriend in a way which can identify him or not.
-
@coldandtired said in Good article on what the EU *could* be doing instead of what they *are* doing to improve the internet:
@Benjamin-Hall It depends on whether she names her boyfriend in a way which can identify him or not.
That's not what the portion says. It says processing it is forbidden, full stop, unless an exception is matched. Which it isn't. It is processing personal data that reveals a philosophical belief. Therefore it's forbidden.
Edit: and anyone who knows the woman can find out the boyfriend, so that link is trivial.
-
@Benjamin-Hall Not true. It is not personal data unless there is a person attached.
If the girlfriend has posted enough information to identify herself and connects herself to her boyfriend this can push it into GDPR territory.
-
And in that case, the party committing the GPDR violation would be the girlfriend, not the site (since it didn't actively collect or process that data). The site may be asked to remove the girlfriend's post, but no more.
-
@Zerosquare said in Good article on what the EU *could* be doing instead of what they *are* doing to improve the internet:
And in that case, the party committing the GPDR violation would be the girlfriend, not the site (since it didn't actively collect or process that data). The site may be asked to remove the girlfriend's post, but no more.
No. That's not what it says. It's forbidden to process data, which includes serving search requests, or storing in a database. Otherwise the law is null and wouldn't affect 99% of cases.
-
@coldandtired said in Good article on what the EU *could* be doing instead of what they *are* doing to improve the internet:
@Benjamin-Hall Not true. It is not personal data unless there is a person attached.
If the girlfriend has posted enough information to identify herself and connects herself to her boyfriend this can push it into GDPR territory.
How much of a connection is needed? Suppose she posts using the same pseudonym she uses on Twitter. That's quasi-anonymous, right? But she hasn't always been careful of her anonymity there, and her Twitter account can be linked to her Facebook page, which has her real name. And although maybe she doesn't explicitly identify him as her boyfriend, it's pretty apparent from the banter between them which of her Facebook friends is her boyfriend.
Two minutes of searching and you have identified the boyfriend. Does that push it into GDPR territory? Is the advice site responsible for making sure they don't publish this info? If so, that's a huge compliance cost. Let's say the site gets 1000 posts a week. That's 2000 minutes a week looking for posts that maybe might possibly violate GDPR. One almost full time employee at, say, $10/hour; $17000+ a year just in salary, double that including benefits, payroll taxes and other overhead of having an employee. ~$35000 a year just to check whether some luser indirectly and unintentionally doxxed some other schmuck.
-
@Zerosquare said in Good article on what the EU *could* be doing instead of what they *are* doing to improve the internet:
And in that case, the party committing the GPDR violation would be the girlfriend, not the site (since it didn't actively collect or process that data). The site may be asked to remove the girlfriend's post, but no more.
But by the time they're made aware of it, it's already been archived on the Wayback Machine forever. Although it appears that it's simple to get material removed, so that may not be a big problem (except to the archive.org staff who have to handle all the requests).
-
@HardwareGeek That's not how it works. She volunteered all that data herself publicly.
If she doxxes her boyfriend and he's not happy about it he can take steps to have his data removed.
-
@Benjamin-Hall said in Good article on what the EU *could* be doing instead of what they *are* doing to improve the internet:
@Zerosquare said in Good article on what the EU *could* be doing instead of what they *are* doing to improve the internet:
And in that case, the party committing the GPDR violation would be the girlfriend, not the site (since it didn't actively collect or process that data). The site may be asked to remove the girlfriend's post, but no more.
No. That's not what it says. It's forbidden to process data, which includes serving search requests, or storing in a database. Otherwise the law is null and wouldn't affect 99% of cases.
If you interpretation was correct, this would mean that GPDR outlawed pretty much every existing or future search engine or social network. You may think the EU is insane, but it's not that insane.
With that logic, every forum would be subjected to HIPAA rules too, because any user could post medical data.
-
@Polygeekery said in Good article on what the EU *could* be doing instead of what they *are* doing to improve the internet:
"But you normally just send people an angry letter" is not a legal defense when they decide to fine you eleventy billion dollars.
Um… If the fine is disproportionate and inconsistent, then that's absolutely a good reason to challenge the fine in an administrative court. Not sure why you think it isn't, this is exactly why administrative courts exist.
Also, yesterday's news: Facebook got a strongly worded letter from EU authorities. You know, even Facebook, the company that was supposedly directly targeted by the legislation and definitely has enough compliance lawyers that they shouldn't even need a reminder to fix their site.
Maybe that makes you finally believe you're not going to get fined into bankruptcy? Because, again, our regulatory agencies are not unreasonable. Another example: You should look up just how bad a food processing plant has to be here for the food safety commission to (publicly) shut them down. It's borderline embarrassing how business-friendly they are - probably because they fear lawsuits.
-
@Benjamin-Hall said in Good article on what the EU *could* be doing instead of what they *are* doing to improve the internet:
And you need to consult lawyers to understand what compliance means. So you don't just need web developers, you need lawyers (starting at hundreds/hour) to understand if you're even compliant to begin with. And then to check off on any changes against all the other regulations. And that's expensive.
See, this is why Laos should be a model for the world. We have no copyright law here. None. It's extremely efficient, I can just go and copy whatever I find on the internet and happily go about my business. It's just whenever I want to do business in another country - Buddha help! I need to hire somebody to track down every single file on my computer and where it came from. I need attorneys to explain to me what that copyright thing even is. I need an army of specialists to negotiate with the companies whose shit I copied and another army to find me other shit for where that's too expensive. And every country has different laws, so I need EU lawyers, US lawyers, Chinese lawyers because they've been bullied into copyright stuff by the US, too, an Australian lawyer, and fuck African lawyers, I'm not doing business there. Translators on top of that so the lawyers can talk to each other, and another Lao lawyer to manage the NDAs everybody has to sign, and a translator for him. And secretaries for the lawyers and the translators, and company cars. I usually end up renting the local congress center and the entire fleet of rental cars in the capital and the president's 747 for a month before I trave to Europe. Fucking nightmare Itellya.
All that because your governments insist on hurting Lao businesses with their useless laws.
-
@Benjamin-Hall said in Good article on what the EU *could* be doing instead of what they *are* doing to improve the internet:
@coldandtired said in Good article on what the EU *could* be doing instead of what they *are* doing to improve the internet:
@Benjamin-Hall It depends on whether she names her boyfriend in a way which can identify him or not.
That's not what the portion says. It says processing it is forbidden, full stop, unless an exception is matched. Which it isn't. It is processing personal data that reveals a philosophical belief. Therefore it's forbidden.
Edit: and anyone who knows the woman can find out the boyfriend, so that link is trivial.
As far as I can see, you haven't answered yet how the same argument doesn't put the forum under HIPAA compliance rules.
-
@LaoC said in Good article on what the EU *could* be doing instead of what they *are* doing to improve the internet:
fuck African lawyers
Not normally advised without a condom.
-
@topspin said in Good article on what the EU *could* be doing instead of what they *are* doing to improve the internet:
@Benjamin-Hall said in Good article on what the EU *could* be doing instead of what they *are* doing to improve the internet:
@coldandtired said in Good article on what the EU *could* be doing instead of what they *are* doing to improve the internet:
@Benjamin-Hall It depends on whether she names her boyfriend in a way which can identify him or not.
That's not what the portion says. It says processing it is forbidden, full stop, unless an exception is matched. Which it isn't. It is processing personal data that reveals a philosophical belief. Therefore it's forbidden.
Edit: and anyone who knows the woman can find out the boyfriend, so that link is trivial.
As far as I can see, you haven't answered yet how the same argument doesn't put the forum under HIPAA compliance rules.
Because only
Health plans
Health care clearinghouses
Health care providers who conduct certain financial and administrative transactions electronically. These electronic transactions are those for which standards have been adopted by the Secretary under HIPAA, such as electronic billing and fund transfers.Are bound by HIPAA. GDPR does not have that saving limitation. It applies to the data itself and any web-based service provider.
-
@LaoC It's fine to have no copyright law when you live in a country that creates no content.
-
@HardwareGeek said in Good article on what the EU *could* be doing instead of what they *are* doing to improve the internet:
@Gąska said in Good article on what the EU *could* be doing instead of what they *are* doing to improve the internet:
That's not a case of a bad judge, that's a case of a bad lawyer.
You think there are any other kind?
Yes, there are cases where your lawyer doesn't say you committed the crime you didn't commit.
-
@dkf said in Good article on what the EU *could* be doing instead of what they *are* doing to improve the internet:
@LaoC said in Good article on what the EU *could* be doing instead of what they *are* doing to improve the internet:
fuck
AfricanlawyersNot normally advised without a condom.
FTFY
-
@The_Quiet_One said in Good article on what the EU *could* be doing instead of what they *are* doing to improve the internet:
And if it happened 10 years before GDPR was even discussed, is there still a violation, and who is it on?
Obviously Google/Facebook/Microsoft. But not Yahoo. He Who Has Deep Pockets Must Pay.
-
@dcon Yahoo has suffered enough.
-
@blakeyrat said in Good article on what the EU *could* be doing instead of what they *are* doing to improve the internet:
@LaoC It's fine to have no copyright law when you live in a country that creates no content.
But I have to comply with yours! And hire lawyers to explain it to me and check whether I'm in compliance. Don't you see a problem with forcing other people to shoulder enormous costs because of that?
-
@dkf said in Good article on what the EU *could* be doing instead of what they *are* doing to improve the internet:
@masonwheeler said in Good article on what the EU *could* be doing instead of what they *are* doing to improve the internet:
Many people also have open wireless routers, which is why an IP address, even to a residential customer, does not and cannot equal a person.
I've never met a residential user who has done that.
Some ISPs actually advertise that as a feature, to wit any of their customers can connect to it and share your bandwidth...
-
@topspin said in Good article on what the EU *could* be doing instead of what they *are* doing to improve the internet:
EDIT: Nice, I've managed to work through all 60,000 posts in this topic since yesterday, and added my own bullshit, too.
Oh shit, this was part of a larger topic?
Fuck reading that, you hero...
-
Status: Tonight I'm going to dream about identifying users' PII that they should never be able to provide for us to collect, but that we will still collect internally-PII (i.e. your in-game character will be tracked, have its own "private" data collected, etc).
Then I'm going to attempt to dream up legalese to explain this away.
Then I'm going to bother about underage stuff that's nothing to do with GDPR, because apparently dealing with kids playing games is also a hot potato topic.
Then I'm going to ponder how this will all be represented in VR in such a manner as to ensure every new player must consent and then confirm consent of this data being collected (and their age) without being a major hassle.
-
@Tsaukpaetra You need to put stuff in about loot boxes too.
But seriously, don't collect data you don't need, be honest about what you're collecting and why, allow people to see what data you've collected about them, allow them to make corrections where that's meaningful (even if that is by “contact a customer services representative” sometimes) and don't retain the data longer than you need to. And don't sell the data on to others unless you specifically got permission to do so; that's one which can't be a default opt-in either, whereas the other uses are OK as defaults since you can make use of your service conditional upon them. Third-party access (unless they are exactly bound to stick to your restrictions) is a special case.
And then we'll talk about HIPAA and SOX compliance requirements for non-US businesses…
-
@Tsaukpaetra said in Good article on what the EU *could* be doing instead of what they *are* doing to improve the internet:
Tonight I'm going to dream about identifying users' PII
Careful, or your dreams might become subject to GDPR.
-
@dkf said in Good article on what the EU *could* be doing instead of what they *are* doing to improve the internet:
You need to put stuff in about loot boxes too.
Does "a random selection of certain purchasable items that you are guarantee to not already own" count?
-
@dkf said in Good article on what the EU *could* be doing instead of what they *are* doing to improve the internet:
allow them to make corrections where that's meaningful
"no, my character wasn't actually afk in front of this imaginary wall in this imaginary world for four hours"
At present, our collection will be almost exclusively game-related events. I don't anticipate any external detail can or will be gleaned from the collection, but we'll see what actually ends up being collected. I'm sure someone can interpret application-specific nonces and ints into something personally identifiable...
-
@Tsaukpaetra said in Good article on what the EU *could* be doing instead of what they *are* doing to improve the internet:
Does "a random selection of certain purchasable items that you are guarantee to not already own" count [as a banned in B5M lootbox]?
If the items can be resold, yes; if the items have different individual prices, yes; otherwise, probably yes.
-
@Tsaukpaetra said in Good article on what the EU *could* be doing instead of what they *are* doing to improve the internet:
At present, our collection will be almost exclusively game-related events.
Yeah, the main things to worry about are those relating to the core account and billing system, and those are the stuff that you do want to be correct in the first place.
-
@dkf said in Good article on what the EU *could* be doing instead of what they *are* doing to improve the internet:
@Tsaukpaetra said in Good article on what the EU *could* be doing instead of what they *are* doing to improve the internet:
At present, our collection will be almost exclusively game-related events.
Yeah, the main things to worry about are those relating to the core account and billing system, and those are the stuff that you do want to be correct in the first place.
This is the average user's core account:
And we rely on Steam, Oculus, or (technically disabled) PayPal for any kind of billing. (which we don't store anything more than a success/fail flag. Which is probably a mistake, maybe? )
-
@Tsaukpaetra Your UI needs adjusting, the checkboxes are in the middle of their associated text.
-
@Khudzlin said in Good article on what the EU *could* be doing instead of what they *are* doing to improve the internet:
@Tsaukpaetra Your UI needs adjusting, the checkboxes are in the middle of their associated text.
Yeah, Bootstrap's handling of checkboxes is fucking idiotic. I just gave up. Nobody uses this screen seriously. Like, at all. I'm pretty sure my birthday is set to the future on mine....
Edit: Yup:
-
@Tsaukpaetra Yuck, a date format without leading zeroes.
-
@Khudzlin said in Good article on what the EU *could* be doing instead of what they *are* doing to improve the internet:
@Tsaukpaetra Yuck, a date format without leading zeroes.
It's whatever bye default is, wasn't going to use it so why make it usable?
-
@Tsaukpaetra said in Good article on what the EU *could* be doing instead of what they *are* doing to improve the internet:
@Khudzlin said in Good article on what the EU *could* be doing instead of what they *are* doing to improve the internet:
@Tsaukpaetra Yuck, a date format without leading zeroes.
It's whatever bye default is, wasn't going to use it so why make it usable?
What does
Y
mean in a field called "gender"? Male? What about people who are XXY?