Hysteria!!!
Germany, Fri, 25 May 2018 02:41:53 +0200
Ahhhh I like this doomsday feeling in the air and the hysteria you can create by just one short abbreviation: #GDPR (General Data Protection Regulation)
Finally, the internet will stop to exist in Europe today. The biggest chinese wall ever will be established around the European internet to protect against the "evil" world outside. The world outside will protect themselves and block their services against these people in the EU with their crazy new regulations. At least that is the impression you can get when following the discussions from the last weeks.
What astonishes me most are all the emails I received this week to confirm something again, or just click a button or I won't be able to proceed anymore, etc. This is quite amusing who all pops up again. Actually they are telling me they did not really comply by the current regulations and believe with just one email or one click they can proceed as before, but exactly this is not what is in the spirit of this new GDPR in my opinion.
I am still wondering what all this fuss is about. What did actually change? Most of the requirements are not new and you already had to fulfill most of them. Just because no one cared and no one enforced it does not mean it was legal so far what you did.
Every EU state had its own data protection rules from the 1990s which have been bit different and were only valid for a few million people, now you have one law for all countries in the EU and half a billion people. In Germany it was called BDSG (Bundesdatenschutzgesetz) and covered around 80 million people only. Yes there are a few differences, but there have been two years to prepare for these changes. But all I am hearing now is just #mimimimi. I think the biggest problem is that many are overburdened just to know or think about why you are doing something and realising this is not pleasant.
What should change with lawyers and cease and desist notices? If you not complied by laws they could already sue you all the time. Also the now finally significant fines amounting up to 4 percent of global turnover or €20 million whichever is higher are instruments for national Data Protection Authorities, not lawyers enforcing competition law. On the other hand I would love to see a Facebook lawyer taking a decentralized hub admin to court for not complying GDPR and therefore having an illegal advantage.
Of course it is still allowed to store private data. Also when an IP-address is an identifyable personal data you can store it. But you must know and explain why it is a legitimate interest. Your server needs to know a client's IP because this is how a webserver works. Do you need to store an IP address for 24 hours for legitimate interests like protection measurements, debugging, etc? Do you need to store an IP for 30 days for legitimate interests for example to retrace who created/delivered a post on your site, before the item is cleaned up after 30 days anyway? Or do you want to store the IP for a year, just for fun, explain the "fun" in understandable language and ask the user for consent, you still can do it. No one can take you to court for any of these because of GDPR. They can try but the court would not accept it if your arguments are reasonable. Of course this "legitimate interests" will be a lot of fun for courts, but you need to see it in the spirit of this regulation and if you have a deliberated motivation and the court decides against you, you will not be fined with 20 million Euro as long as you do not act deliberately disrespecting the spirits of the regulation.
Oh, btw, should I tell you a secret, you even must comply to these regulations if you are completely offline and you just store private data on paper or stone plates!
I am not a lawyer, nor a data security officer, nor did I have any special training about GDPR. So if you take any opinion I mentioned serious you are doomed. But if you look at some of the people in the EU parliament who drove this regulation forward I Just want to believe in common sense, even we are talking about laws. After reading a bit in GDPR I believe the spirit of this regulation is quite easy and clear, to protect and strengthen individuals (people in the EU, employees, customers, business partners, applicants, citizen, ...) against badly behaving parties (companies, enterprises, platforms, employers, business partners, ...) disrespecting the individuals rights or are not fulfilling their duty to protect private data they store.
Of course a lot of open questions need to be decided by courts yet, also when I compare as an ordinary person without knowledge about legal language it is funny how different I would interpret the same paragraph when I read it in German compared to when I read it in English. But that is nothing we should be worried about yet.
My sincere thanks goes to Edward Snowden and his leaks once more. This regulation would have never passed the EU legislation bodies if there wouldn't have been his leak showing how much personal data is out there actually and how valuable it is.
Finally, the internet will stop to exist in Europe today. The biggest chinese wall ever will be established around the European internet to protect against the "evil" world outside. The world outside will protect themselves and block their services against these people in the EU with their crazy new regulations. At least that is the impression you can get when following the discussions from the last weeks.
What astonishes me most are all the emails I received this week to confirm something again, or just click a button or I won't be able to proceed anymore, etc. This is quite amusing who all pops up again. Actually they are telling me they did not really comply by the current regulations and believe with just one email or one click they can proceed as before, but exactly this is not what is in the spirit of this new GDPR in my opinion.
I am still wondering what all this fuss is about. What did actually change? Most of the requirements are not new and you already had to fulfill most of them. Just because no one cared and no one enforced it does not mean it was legal so far what you did.
Every EU state had its own data protection rules from the 1990s which have been bit different and were only valid for a few million people, now you have one law for all countries in the EU and half a billion people. In Germany it was called BDSG (Bundesdatenschutzgesetz) and covered around 80 million people only. Yes there are a few differences, but there have been two years to prepare for these changes. But all I am hearing now is just #mimimimi. I think the biggest problem is that many are overburdened just to know or think about why you are doing something and realising this is not pleasant.
What should change with lawyers and cease and desist notices? If you not complied by laws they could already sue you all the time. Also the now finally significant fines amounting up to 4 percent of global turnover or €20 million whichever is higher are instruments for national Data Protection Authorities, not lawyers enforcing competition law. On the other hand I would love to see a Facebook lawyer taking a decentralized hub admin to court for not complying GDPR and therefore having an illegal advantage.
Of course it is still allowed to store private data. Also when an IP-address is an identifyable personal data you can store it. But you must know and explain why it is a legitimate interest. Your server needs to know a client's IP because this is how a webserver works. Do you need to store an IP address for 24 hours for legitimate interests like protection measurements, debugging, etc? Do you need to store an IP for 30 days for legitimate interests for example to retrace who created/delivered a post on your site, before the item is cleaned up after 30 days anyway? Or do you want to store the IP for a year, just for fun, explain the "fun" in understandable language and ask the user for consent, you still can do it. No one can take you to court for any of these because of GDPR. They can try but the court would not accept it if your arguments are reasonable. Of course this "legitimate interests" will be a lot of fun for courts, but you need to see it in the spirit of this regulation and if you have a deliberated motivation and the court decides against you, you will not be fined with 20 million Euro as long as you do not act deliberately disrespecting the spirits of the regulation.
Oh, btw, should I tell you a secret, you even must comply to these regulations if you are completely offline and you just store private data on paper or stone plates!
I am not a lawyer, nor a data security officer, nor did I have any special training about GDPR. So if you take any opinion I mentioned serious you are doomed. But if you look at some of the people in the EU parliament who drove this regulation forward I Just want to believe in common sense, even we are talking about laws. After reading a bit in GDPR I believe the spirit of this regulation is quite easy and clear, to protect and strengthen individuals (people in the EU, employees, customers, business partners, applicants, citizen, ...) against badly behaving parties (companies, enterprises, platforms, employers, business partners, ...) disrespecting the individuals rights or are not fulfilling their duty to protect private data they store.
Of course a lot of open questions need to be decided by courts yet, also when I compare as an ordinary person without knowledge about legal language it is funny how different I would interpret the same paragraph when I read it in German compared to when I read it in English. But that is nothing we should be worried about yet.
My sincere thanks goes to Edward Snowden and his leaks once more. This regulation would have never passed the EU legislation bodies if there wouldn't have been his leak showing how much personal data is out there actually and how valuable it is.
Fri, 25 May 2018 06:13:24 +0200
If speeding while driving didn't have any consequences, more people would speed more dangourously, with teeth in the regulation, more people calm down and drive less dangerously. Same with GDPR. 
The difference between the previous regulation and GDPR are better protection through opt-in and transparency for service users, portability of data for users and the possibility of a substantial fine for service providers if they do not make their services compliant, e.g having a point of contact - the Data Officer, i.e. while things are much the same as before, this time the regulation has teeth. I think the transparency part is important, because as a service user you need knowledge to make an informed decision. At work I just closed a Facebook account because I read the the new terms of service, which basically said "FB introduces face recognition etc, etc" and I could not escape the new terms only comply with them or delete the account, i.e. in my opinion they have learned nothing from the Facebook - Cambridge Analytica, and they still arrogantly think Europe do not care what they say. Well, we do, and we don't like what they say, and we start voting with our feet.
The difference between the previous regulation and GDPR are better protection through opt-in and transparency for service users, portability of data for users and the possibility of a substantial fine for service providers if they do not make their services compliant, e.g having a point of contact - the Data Officer, i.e. while things are much the same as before, this time the regulation has teeth. I think the transparency part is important, because as a service user you need knowledge to make an informed decision. At work I just closed a Facebook account because I read the the new terms of service, which basically said "FB introduces face recognition etc, etc" and I could not escape the new terms only comply with them or delete the account, i.e. in my opinion they have learned nothing from the Facebook - Cambridge Analytica, and they still arrogantly think Europe do not care what they say. Well, we do, and we don't like what they say, and we start voting with our feet.
This website is tracked using the Piwik analytics tool. If you do not want that your visits are logged this way you can set a cookie to prevent Piwik from tracking further visits of the site (opt-out).