Beefy Boxes and Bandwidth Generously Provided by pair Networks
Think about Loose Coupling

GDPR ( Global Data Protection Rights )

by trippledubs (Chaplain)
on May 17, 2018 at 05:33 UTC ( #1214708=perlmeditation: print w/replies, xml ) Need Help??


What do you think of General_Data_Protection_Regulation? I'm interested to know if your companies are behind it or minimally complying, more interested to know if you think individuals ought to have the rights expressed in that law and if there is really a moral obligation on site owners to comply. Or, if it should be scrapped or changed.

The right of erasure specifically contradicts PM policy which is defended with the same argument that Wikipedia uses, the "Memory hole" argument. If one user decides to revoke the site owners permission to use their nodes, that creates a hole in the link of the chain, and every user is negatively affected. That is a pretty utilitarian view point. It smells slightly self serving to me to hear that argument from sites whose success directly rides on user generated content.

It really only benefits future users, because if you were there, you don't need a tattoo of the conversation to remember it later. I don't see that a site owner, especially if it's not the hoster ie back in time machines, gets a perpetual license after you leave. Recipe sites -- let's say you participate for years honing the craft and eventually decide to write a cookbook, you don't ever have the right to revoke your recipes down off the boards and make the world pay for your stuff? But your dishes have probably benefited from all that recipe sharing, so it seems you would owe something too.

I can't help but think of the social contract put forth in Crito. You have a good idea of what you are getting into when you participate online, seems reasonable that the site architects who built your playground would be able to dictate the terms, but I don't see how they have the right to continue to do so once you leave.

I googled: Social contract, copyright law, landlord tenant, looked up about 10 web sites that were closing down or blocking EU Customer, but I can't make up my mind. There seems to be a lot of data players operating in the shadows without consent that should be addressed, but I can't see how it affects my life at all. I see an ad about something I almost bought on Amazon, big deal.

Well surely we do not live in a perfect world, but does the GDPR move the decimal point either direction? Or just adding more compliance factories to the world? And who are the people who wrote the bill that made me get all this TOS spam. I tried to find the authors' names and I could not. Maybe this is a stepping stone to better "digital rights"?

Replies are listed 'Best First'.
by davies (Parson) on May 27, 2018 at 17:50 UTC

    Seen somewhere on the Internet in the last few days, but I can't remember where:
    He's making a list
    He's checking it twice
    He's going to find out who's naughty and nice
    Santa Claus is in breach of GDPR.


    John Davies

Re: GDPR ( Global Data Protection Rights )
by davies (Parson) on May 17, 2018 at 11:35 UTC

    I made some suggestions long ago in Proposed EU law: right to be forgotten. GDPR is wider in scope than the proposal then, but I would expect the response needed to be roughly the same. GDPR covers mostly personally identifiable information and restricts the keeping and usage of it. If it has been released freely by the data subject, for example by using a real name like davies rather than a userid like BrowserUK, my understanding is that the data subject has the right to withdraw consent, but that, until then, all is well.


    John Davies

      Ahh I had read that, but not lately. I don't think a pseudonym is the protection it once was, well it didn't work for JK Rowling or Stephen King. And JK Rowling was outed by an algorithm. Actually it happens here too, people post anonymously and are "outed", or at least accused of being someone else. BrowserUK has replied to an anonymous post to say, hey this wasn't me, because the style of writing was so similar. But the real identifying information is not the name you post under but your digital fingerprint, IP, browser, etc. So I don't see how rights are conveyed using a real name vs a handle.
Re: GDPR ( Global Data Protection Rights )
by 1nickt (Monsignor) on May 18, 2018 at 19:07 UTC

    I work for a big $company in the US. The lawyers are freaking. At this point we are simply documenting any use of Personally Identifiable Information, which in our case (since we don't store any) means providing a list of API endpoints at which such data enters and exits the system. It seems like a high CYA factor, but the company has deep pockets so wants to be safe. We have heard that phase 2 will be to provide on-demand data expungement, although again in my team we don't keep it to begin with.

    It's keeping one poor bastard busy for a few days making a spreadsheet.

    The way forward always starts with a minimal test.

      That seems absolutely minimally responsible for a big business. Documenting the ingress and egress points of PII, the first step to actually actively safeguarding it. You seem skeptical, but that sounds like a good thing to me. Management pays attention to spreadsheets. Besides, a good spreadsheet, with relevant data, frozen column labels, already tabled and styled in at least first normal form, possibly generated with perl, you're saying poor bastard, I'm thinking opportunity to excel... heh.

      Mom, so far as I am aware, this EU legislation is the first to seriously attempt to codify any right of privacy with regard to the Internet, or to put any sort of legal framework around it.   By comparison, telephones very early defined the idea of “wiretapping” even when there were still necessarily “party lines.”   (Today, though, there is the assertion that “it’s not wiretapping if the telephone switch, itself is doing voice-analysis on the conversations that are passing through it” – of course, without the knowledge or the consent of those who are speaking and of course without a court order.   Seriously.   Or in the case of VOIP, which is very widely used today even when the parties don’t know it.)   If there is any legal hole or technical method that would allow more personal data to be collected, bought and sold, then somebody out there is intent on driving a truck through it, just to see if they can.

      And it’s not that people ever gave consent for it.   It’s because (right now ...) they do not have a clue.   But “Hell hath no fury ...”

      This is truly an international issue, but perhaps the appearance of laws such as this might be the first bellwether that we realize that a problem exists that is worth making laws about.   (But why did it take twenty years?)   I am not wearing a tin-foil hat when I say that the present status quo scares the sh*t out of me because I see how many people are simply using this technology, unaware, and because I know how awful human nature can be.   I don’t want to pick up the paper and read that headline.

        You apparently responded to the wrong node, again. Confusing your only defender with me besides. After 11 years of practice with a minimalist UI

        You write–

        I am not wearing a tin-foil hat…

        ‐on the heels of‐

        …someone begins to unleash acts of terrorism the likes of which the world has never before known…

        Self-impeaching paranoia and irrationality. A Sears catalog model in aluminum and tidy-whities.

        I completely agree, that (so many) people are clueless as to the potential consequences. But the proposed, and future laws will make little to no difference.

        If one is uninitiated to begin with...

        What, require a license to use internet enabled devices, like that of a drivers license?

        Without something like that; the uninitiated simply remain, well... uninitiated. :-P


        I have no idea how this got detached from the node-reply it was replying to. :-(

        edit II
        Ignore the first edit.

        ‘λɐp ʇɑəɹ⅁ ɐ əʌɐɥ puɐ ʻꜱdləɥ ꜱᴉɥʇ ədoH

Re: GDPR ( Global Data Protection Rights )
by cavac (Deacon) on May 18, 2018 at 09:25 UTC

    There was a news article a few days ago that said something on the line like "7% of online business are going to go bankrupt because of GDPR". And my first instinct was to fistpump, because i know that most of these "businesses" are data-grabbing advertising a-hole companies.

    I mean, why would a company like Facebook even be allowed to know i visited a third party website, when i'm not even a Facebook member?

    Frankly, if companies weren't such bastards, the GDPR wouldn't be required, because simple good sense tells me that protecting a customers data (by security and by only taking the minimum amount of data required to fullfill the users request in the first place) is the right way to go. But since companies always try to make an extra buck by exploiting the user, the GDPR is a good thing. Of course, some companies will go bankrupt, but most of those are based on business models that shouldn't have been legal in the first place.

    "For me, programming in Perl is like my cooking. The result may not always taste nice, but it's quick, painless and it get's food on the table."

      I mean, why would a company like Facebook even be allowed to know i visited a third party website, when i'm not even a Facebook member?

      I have no idea, you should be able to choose who you do business with and know the terms.

      But what would happen if you went to the bank to ask for money to buy a house and they had no idea of your credit worthiness? Bad loans, less credit available, less market, less wealth across the board. They get this data from a third party, and every bank has access to it. This information is already collected, you give your permission to access it.

      By participating in a modern economy, you implicitly agree to the data collection of your credibility in order to do business, have access to credit. Well you probably explicitly agree and just never read the details. That seems like a very similar system, and that one works okay. Third parties collecting your information, it benefits you (like having free web sites), is kind of creepy, but also creates real societal wealth.

        That's not the only way of life; some would say, no way of life at all. A credit card is not the life prerequisite in many (or most) societies.

Re: GDPR ( Global Data Protection Rights )
by sundialsvc4 (Abbot) on May 17, 2018 at 14:04 UTC

    I feel that this is a good “first draft” of the sort of regulation that has been much too long in coming.   There are obvious problems with it, but you have to start somewhere.   Crypto expert Bruce Schneier said this in his Crypto-Gram column (April 2018): (

    There are 2,500 to 4,000 data brokers in the United States whose business is buying and selling our personal data.   Last year, Equifax was in the news when hackers stole personal information on 150 million people, including Social Security numbers, birth dates, addresses, and driver’s license numbers.

    You certainly didn’t give it permission to collect any of that information.   Equifax is one of those thousands of data brokers, most of them you’ve never heard of, selling your personal information without your knowledge or consent to pretty much anyone who will pay for it.

    This is unacceptable – and extremely dangerous.   We quickly created something that makes Orwell’s 1984 dystopia look pale, simply because we acquired the technical ability to do so.   It never seemed to occur to anyone that such things can – and therefore, will – be used against us, so eager were we all to “Just Do It.”   Laws are only now beginning to catch up, and in fact the need for laws is only now beginning to be acknowledged.   It will take some time for these brand-new legal notions to gain maturity and to discover the right international balance between freedom and risk, but at long last we have started.

      Interesting quotes you bring. It indeed appears that regulation is wanting in regard to information technology.

      Already we have a history of data leaks, misappropriations, apps stealing your phone contacts, etc. How many of the perpetrators have been indicted? No, I think this isn't EU coming to our rescue.

      The GDPR does not seek to limit collection; rules focus on handling data that is already gathered. This is about enshrining into law the new practices of pervasive, privacy-invasive data sampling. Bulk data is recognized as a tool, as merchandise, and as cornerstone of modern economy.

      And so. We shall certainly continue to not give the permission to collect any information. And they shall certainly continue to do it anyway.

      P.S.:   If some of you have something else to say, or if you disagree with this post, that’s what the [Reply] hyperlink is for.   Don’t just sit in the dark and poke your usual crop of down-votes on it, as some of you do without fail to 100% of whatever I say here.   This is a forum, after all . . . what do you think?   Speak up.

      (Or, if it just makes you feel better, just go ahead and down-vote this post, too ... there, don’t you feel better now?)

        The antidisgnomon party has gained some ground lately and the disgnomons, all exactly 7² of them, have discovered playing technical janitor pays less than the cost of living in the company town. The main problem with a right to be forgot is a right cannot cross over onto another person. The right to be forgot criminalizes memory; creates thought crime whether it's literal memory or stored bytes. Information longs for abolition. This neatly inverts your Orwellian blather. See also.

Re: GDPR ( Global Data Protection Rights )
by sundialsvc4 (Abbot) on May 18, 2018 at 17:32 UTC

    I believe that we are still just living in the “happy times” before someone begins to unleash acts of terrorism the likes of which the world has never before known and therefore now cannot chooses not to anticipate.   We have willingly committed – globally – the double-error of (a) collecting any and every scrap of information we could ... your footfalls, your pulse, your exact location, everything that is being said in the “privacy (sic) of your own home” ... and (b) exercising no restraint at all as to how this data could be collected and disseminated.   As though it were just “marketing data.”   As though all of this brave-new-world stuff was benign, even ordinary.

    “What Fools These Mortals Be!” – Puck, A Midsummer Night’s Dream

    And so, even though there are plenty of problems in this EU regulation, I welcome it as the first of many.   Internationally, we must examine these astonishing new technological developments and begin to codify a workable legal framework for it – as we did with every previous advance in electronic communications ... the telegraph, teletype, telephone, and cellular.

    • In the US, for example, we have an extremely-draconian law called HIPAA, which is designed to safeguard “PHI = personally-identifiable health information.”   And yet, is not “your pulse, your footfalls, and your exact location within seven feet” ... PHI?   Why is the same data protected – literally, on penalty of prison – if it is collected by a medical instrument in your doctor’s office, but not if it is collected by your phone?
    • Has anyone even stopped to consider that your phone or that magic-box in your house must be listening to every word you say, in order to detect you saying, “Hey, Siri?”   The answer of course is No.
    • Did you even know that your car is tracking you as you drive down the road, and that it quite possibly has a camera aimed at you and at your passengers?   Did you consider that someone on the Internet could literally take control of it, and steer it, and perhaps by these means kill you?   This is not a hypothetical statement.
    • And so on and on and on.

    But, as sentinent humans, we ought to be able to be pro-active about this – heeding Puck’s warning and curtailing the dark side of this shiny coin before it strikes.   We should be able to safely reap the enormous benefits of these brand-new technologies without being bitten in the ass.   “We live in interesting times,” and that means that we have certain new responsibilities that no one in all of human history(!) has had to consider before.   This means that we must timely, and pragmatically, create laws and legal principles that have never existed before, and that we must do so internationally.   The EU seems to have been the first governing body to plunge into this brand-new legal territory, “and, yeah, it’s Release 1.0.”   But, they were the first.   May it not be the last.

      It is some synonym for reassuring that escapes me that you bring the same acumen, discipline, brevity, benchmarking, and FUD to your social, political, and legal thoughts you do in your technical. I'll add that your discussion of Puck's view of the EU's putative first Jeep® tracks forever ties you in my mind to more of the Bard's poetry: Country matters.

      apologies in advance; It is not my attempt to pick on sundialsvc4, nor the OP.

      That said; while you make some valid points, sundialsvc4. They are simultaneously invalid.

      While we can slow the waters. We will be overcome. History -- both short, and long; prove that those that pledge to serve us are in reality; self-serving SOB's.

      They make laws that claim to serve us. But look the other way, when someone wants to break it. Because that someone gave them something they couldn't refuse -- money, power. Then they use the fact that they created that law, as a reason to re-empower themselves by the voters in the next election.

      The technolog(y|ies) we love because of the conveniences they provide us, are simultaneously evil, because they are just as conveniently abused. Would you, or anyone, insist these technologies be banned? It's the only solution.

      In short; humans can't be trusted TDTRT (to do the right thing). What's right to one, is not to another -- we all have our own measuring stick. Hell; even society can't decide what the ideal, or right society is; Just look at all the different countries we have, with all their different democracies, or un-democracies, ...

      These types of conversations are very stimulating, and simultaneously pointless. The end WILL come. We have only to look to history to see all the societies, and civilizations that have risen, and fallen. To know it's true. Each new time, saying "we'll do it different this time". When in reality, they are just using new labels for all the same things. Human beings can't be trusted to govern themselves. They will one; never agree with one-another, and two; will do the wrong thing (whatever that is) even when they know they shouldn't.

      ‘λɐp ʇɑəɹ⅁ ɐ əʌɐɥ puɐ ʻꜱdləɥ ꜱᴉɥʇ ədoH

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: perlmeditation [id://1214708]
Approved by Discipulus
and all is quiet...

How do I use this? | Other CB clients
Other Users?
Others surveying the Monastery: (1)
As of 2018-07-22 05:15 GMT
Find Nodes?
    Voting Booth?
    It has been suggested to rename Perl 6 in order to boost its marketing potential. Which name would you prefer?

    Results (451 votes). Check out past polls.