Beefy Boxes and Bandwidth Generously Provided by pair Networks
Perl-Sensitive Sunglasses
 
PerlMonks  

GDPR ( Global Data Protection Rights )

by trippledubs (Chaplain)
on May 17, 2018 at 05:33 UTC ( #1214708=perlmeditation: print w/replies, xml ) Need Help??

Polymaths,

What do you think of General_Data_Protection_Regulation? I'm interested to know if your companies are behind it or minimally complying, more interested to know if you think individuals ought to have the rights expressed in that law and if there is really a moral obligation on site owners to comply. Or, if it should be scrapped or changed.

The right of erasure specifically contradicts PM policy which is defended with the same argument that Wikipedia uses, the "Memory hole" argument. If one user decides to revoke the site owners permission to use their nodes, that creates a hole in the link of the chain, and every user is negatively affected. That is a pretty utilitarian view point. It smells slightly self serving to me to hear that argument from sites whose success directly rides on user generated content.

It really only benefits future users, because if you were there, you don't need a tattoo of the conversation to remember it later. I don't see that a site owner, especially if it's not the hoster ie back in time machines, gets a perpetual license after you leave. Recipe sites -- let's say you participate for years honing the craft and eventually decide to write a cookbook, you don't ever have the right to revoke your recipes down off the boards and make the world pay for your stuff? But your dishes have probably benefited from all that recipe sharing, so it seems you would owe something too.

I can't help but think of the social contract put forth in Crito. You have a good idea of what you are getting into when you participate online, seems reasonable that the site architects who built your playground would be able to dictate the terms, but I don't see how they have the right to continue to do so once you leave.

I googled: Social contract, copyright law, landlord tenant, looked up about 10 web sites that were closing down or blocking EU Customer, but I can't make up my mind. There seems to be a lot of data players operating in the shadows without consent that should be addressed, but I can't see how it affects my life at all. I see an ad about something I almost bought on Amazon, big deal.

Well surely we do not live in a perfect world, but does the GDPR move the decimal point either direction? Or just adding more compliance factories to the world? And who are the people who wrote the bill that made me get all this TOS spam. I tried to find the authors' names and I could not. Maybe this is a stepping stone to better "digital rights"?

Replies are listed 'Best First'.
Re: GDPR
by davies (Parson) on May 27, 2018 at 17:50 UTC

    Seen somewhere on the Internet in the last few days, but I can't remember where:
    He's making a list
    He's checking it twice
    He's going to find out who's naughty and nice
    Santa Claus is in breach of GDPR.

    Regards,

    John Davies

Re: GDPR ( Global Data Protection Rights )
by davies (Parson) on May 17, 2018 at 11:35 UTC

    I made some suggestions long ago in Proposed EU law: right to be forgotten. GDPR is wider in scope than the proposal then, but I would expect the response needed to be roughly the same. GDPR covers mostly personally identifiable information and restricts the keeping and usage of it. If it has been released freely by the data subject, for example by using a real name like davies rather than a userid like BrowserUK, my understanding is that the data subject has the right to withdraw consent, but that, until then, all is well.

    Regards,

    John Davies

      Ahh I had read that, but not lately. I don't think a pseudonym is the protection it once was, well it didn't work for JK Rowling or Stephen King. And JK Rowling was outed by an algorithm. Actually it happens here too, people post anonymously and are "outed", or at least accused of being someone else. BrowserUK has replied to an anonymous post to say, hey this wasn't me, because the style of writing was so similar. But the real identifying information is not the name you post under but your digital fingerprint, IP, browser, etc. So I don't see how rights are conveyed using a real name vs a handle.
Re: GDPR ( Global Data Protection Rights )
by 1nickt (Monsignor) on May 18, 2018 at 19:07 UTC

    I work for a big $company in the US. The lawyers are freaking. At this point we are simply documenting any use of Personally Identifiable Information, which in our case (since we don't store any) means providing a list of API endpoints at which such data enters and exits the system. It seems like a high CYA factor, but the company has deep pockets so wants to be safe. We have heard that phase 2 will be to provide on-demand data expungement, although again in my team we don't keep it to begin with.

    It's keeping one poor bastard busy for a few days making a spreadsheet.


    The way forward always starts with a minimal test.

      That seems absolutely minimally responsible for a big business. Documenting the ingress and egress points of PII, the first step to actually actively safeguarding it. You seem skeptical, but that sounds like a good thing to me. Management pays attention to spreadsheets. Besides, a good spreadsheet, with relevant data, frozen column labels, already tabled and styled in at least first normal form, possibly generated with perl, you're saying poor bastard, I'm thinking opportunity to excel... heh.

      Mom, so far as I am aware, this EU legislation is the first to seriously attempt to codify any right of privacy with regard to the Internet, or to put any sort of legal framework around it.   By comparison, telephones very early defined the idea of “wiretapping” even when there were still necessarily “party lines.”   (Today, though, there is the assertion that “it’s not wiretapping if the telephone switch, itself is doing voice-analysis on the conversations that are passing through it” of course, without the knowledge or the consent of those who are speaking and of course without a court order.   Seriously.   Or in the case of VOIP, which is very widely used today even when the parties don’t know it.)   If there is any legal hole or technical method that would allow more personal data to be collected, bought and sold, then somebody out there is intent on driving a truck through it, just to see if they can.

      And it’s not that people ever gave consent for it.   It’s because (right now ...) they do not have a clue.   But “Hell hath no fury ...”

      This is truly an international issue, but perhaps the appearance of laws such as this might be the first bellwether that we realize that a problem exists that is worth making laws about.   (But why did it take twenty years?)   I am not wearing a tin-foil hat when I say that the present status quo scares the sh*t out of me because I see how many people are simply using this technology, unaware, and because I know how awful human nature can be.   I don’t want to pick up the paper and read that headline.

        You apparently responded to the wrong node, again. Confusing your only defender with me besides. After 11 years of practice with a minimalist UI

        You write–

        I am not wearing a tin-foil hat…

        ‐on the heels of‐

        …someone begins to unleash acts of terrorism the likes of which the world has never before known…

        Self-impeaching paranoia and irrationality. A Sears catalog model in aluminum and tidy-whities.

          A reply falls below the community's threshold of quality. You may see it by logging in.

        I completely agree, that (so many) people are clueless as to the potential consequences. But the proposed, and future laws will make little to no difference.

        If one is uninitiated to begin with...

        What, require a license to use internet enabled devices, like that of a drivers license?

        Without something like that; the uninitiated simply remain, well... uninitiated. :-P

        edit

        I have no idea how this got detached from the node-reply it was replying to. :-(

        edit II
        Ignore the first edit.

        λɐp ʇɑəɹ⅁ ɐ əʌɐɥ puɐ ʻꜱdləɥ ꜱᴉɥʇ ədoH

Re: GDPR ( Global Data Protection Rights )
by cavac (Deacon) on May 18, 2018 at 09:25 UTC

    There was a news article a few days ago that said something on the line like "7% of online business are going to go bankrupt because of GDPR". And my first instinct was to fistpump, because i know that most of these "businesses" are data-grabbing advertising a-hole companies.

    I mean, why would a company like Facebook even be allowed to know i visited a third party website, when i'm not even a Facebook member?

    Frankly, if companies weren't such bastards, the GDPR wouldn't be required, because simple good sense tells me that protecting a customers data (by security and by only taking the minimum amount of data required to fullfill the users request in the first place) is the right way to go. But since companies always try to make an extra buck by exploiting the user, the GDPR is a good thing. Of course, some companies will go bankrupt, but most of those are based on business models that shouldn't have been legal in the first place.

    "For me, programming in Perl is like my cooking. The result may not always taste nice, but it's quick, painless and it get's food on the table."

      I mean, why would a company like Facebook even be allowed to know i visited a third party website, when i'm not even a Facebook member?

      I have no idea, you should be able to choose who you do business with and know the terms.

      But what would happen if you went to the bank to ask for money to buy a house and they had no idea of your credit worthiness? Bad loans, less credit available, less market, less wealth across the board. They get this data from a third party, and every bank has access to it. This information is already collected, you give your permission to access it.

      By participating in a modern economy, you implicitly agree to the data collection of your credibility in order to do business, have access to credit. Well you probably explicitly agree and just never read the details. That seems like a very similar system, and that one works okay. Third parties collecting your information, it benefits you (like having free web sites), is kind of creepy, but also creates real societal wealth.

        That's not the only way of life; some would say, no way of life at all. A credit card is not the life prerequisite in many (or most) societies.

Re: GDPR ( Global Data Protection Rights )
by sundialsvc4 (Abbot) on May 17, 2018 at 14:04 UTC

    I feel that this is a good “first draft” of the sort of regulation that has been much too long in coming.   There are obvious problems with it, but you have to start somewhere.   Crypto expert Bruce Schneier said this in his Crypto-Gram column (April 2018): (https://www.schneier.com/crypto-gram/archives/2018/0415.html#1)

    There are 2,500 to 4,000 data brokers in the United States whose business is buying and selling our personal data.   Last year, Equifax was in the news when hackers stole personal information on 150 million people, including Social Security numbers, birth dates, addresses, and driver’s license numbers.

    You certainly didn’t give it permission to collect any of that information.   Equifax is one of those thousands of data brokers, most of them you’ve never heard of, selling your personal information without your knowledge or consent to pretty much anyone who will pay for it.

    This is unacceptable and extremely dangerous.   We quickly created something that makes Orwell’s 1984 dystopia look pale, simply because we acquired the technical ability to do so.   It never seemed to occur to anyone that such things can and therefore, will be used against us, so eager were we all to “Just Do It.”   Laws are only now beginning to catch up, and in fact the need for laws is only now beginning to be acknowledged.   It will take some time for these brand-new legal notions to gain maturity and to discover the right international balance between freedom and risk, but at long last we have started.

      Interesting quotes you bring. It indeed appears that regulation is wanting in regard to information technology.

      Already we have a history of data leaks, misappropriations, apps stealing your phone contacts, etc. How many of the perpetrators have been indicted? No, I think this isn't EU coming to our rescue.

      The GDPR does not seek to limit collection; rules focus on handling data that is already gathered. This is about enshrining into law the new practices of pervasive, privacy-invasive data sampling. Bulk data is recognized as a tool, as merchandise, and as cornerstone of modern economy.

      And so. We shall certainly continue to not give the permission to collect any information. And they shall certainly continue to do it anyway.

      A reply falls below the community's threshold of quality. You may see it by logging in.
    A reply falls below the community's threshold of quality. You may see it by logging in.

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: perlmeditation [id://1214708]
Approved by Discipulus
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others having an uproarious good time at the Monastery: (2)
As of 2018-09-23 20:07 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    Eventually, "covfefe" will come to mean:













    Results (191 votes). Check out past polls.

    Notices?
    • (Sep 10, 2018 at 22:53 UTC) Welcome new users!