Beefy Boxes and Bandwidth Generously Provided by pair Networks
Pathologically Eclectic Rubbish Lister
 
PerlMonks  

GDPR ( Global Data Protection Rights )

by trippledubs (Deacon)
on May 17, 2018 at 05:33 UTC ( [id://1214708]=perlmeditation: print w/replies, xml ) Need Help??

Polymaths,

What do you think of General_Data_Protection_Regulation? I'm interested to know if your companies are behind it or minimally complying, more interested to know if you think individuals ought to have the rights expressed in that law and if there is really a moral obligation on site owners to comply. Or, if it should be scrapped or changed.

The right of erasure specifically contradicts PM policy which is defended with the same argument that Wikipedia uses, the "Memory hole" argument. If one user decides to revoke the site owners permission to use their nodes, that creates a hole in the link of the chain, and every user is negatively affected. That is a pretty utilitarian view point. It smells slightly self serving to me to hear that argument from sites whose success directly rides on user generated content.

It really only benefits future users, because if you were there, you don't need a tattoo of the conversation to remember it later. I don't see that a site owner, especially if it's not the hoster ie back in time machines, gets a perpetual license after you leave. Recipe sites -- let's say you participate for years honing the craft and eventually decide to write a cookbook, you don't ever have the right to revoke your recipes down off the boards and make the world pay for your stuff? But your dishes have probably benefited from all that recipe sharing, so it seems you would owe something too.

I can't help but think of the social contract put forth in Crito. You have a good idea of what you are getting into when you participate online, seems reasonable that the site architects who built your playground would be able to dictate the terms, but I don't see how they have the right to continue to do so once you leave.

I googled: Social contract, copyright law, landlord tenant, looked up about 10 web sites that were closing down or blocking EU Customer, but I can't make up my mind. There seems to be a lot of data players operating in the shadows without consent that should be addressed, but I can't see how it affects my life at all. I see an ad about something I almost bought on Amazon, big deal.

Well surely we do not live in a perfect world, but does the GDPR move the decimal point either direction? Or just adding more compliance factories to the world? And who are the people who wrote the bill that made me get all this TOS spam. I tried to find the authors' names and I could not. Maybe this is a stepping stone to better "digital rights"?

Replies are listed 'Best First'.
Re: GDPR
by davies (Prior) on May 27, 2018 at 17:50 UTC

    Seen somewhere on the Internet in the last few days, but I can't remember where:
    He's making a list
    He's checking it twice
    He's going to find out who's naughty and nice
    Santa Claus is in breach of GDPR.

    Regards,

    John Davies

Re: GDPR ( Global Data Protection Rights )
by davies (Prior) on May 17, 2018 at 11:35 UTC

    I made some suggestions long ago in Proposed EU law: right to be forgotten. GDPR is wider in scope than the proposal then, but I would expect the response needed to be roughly the same. GDPR covers mostly personally identifiable information and restricts the keeping and usage of it. If it has been released freely by the data subject, for example by using a real name like davies rather than a userid like BrowserUK, my understanding is that the data subject has the right to withdraw consent, but that, until then, all is well.

    Regards,

    John Davies

      Ahh I had read that, but not lately. I don't think a pseudonym is the protection it once was, well it didn't work for JK Rowling or Stephen King. And JK Rowling was outed by an algorithm. Actually it happens here too, people post anonymously and are "outed", or at least accused of being someone else. BrowserUK has replied to an anonymous post to say, hey this wasn't me, because the style of writing was so similar. But the real identifying information is not the name you post under but your digital fingerprint, IP, browser, etc. So I don't see how rights are conveyed using a real name vs a handle.
Re: GDPR ( Global Data Protection Rights )
by 1nickt (Canon) on May 18, 2018 at 19:07 UTC

    I work for a big $company in the US. The lawyers are freaking. At this point we are simply documenting any use of Personally Identifiable Information, which in our case (since we don't store any) means providing a list of API endpoints at which such data enters and exits the system. It seems like a high CYA factor, but the company has deep pockets so wants to be safe. We have heard that phase 2 will be to provide on-demand data expungement, although again in my team we don't keep it to begin with.

    It's keeping one poor bastard busy for a few days making a spreadsheet.


    The way forward always starts with a minimal test.

      That seems absolutely minimally responsible for a big business. Documenting the ingress and egress points of PII, the first step to actually actively safeguarding it. You seem skeptical, but that sounds like a good thing to me. Management pays attention to spreadsheets. Besides, a good spreadsheet, with relevant data, frozen column labels, already tabled and styled in at least first normal form, possibly generated with perl, you're saying poor bastard, I'm thinking opportunity to excel... heh.

    A reply falls below the community's threshold of quality. You may see it by logging in.
Re: GDPR ( Global Data Protection Rights )
by cavac (Parson) on May 18, 2018 at 09:25 UTC

    There was a news article a few days ago that said something on the line like "7% of online business are going to go bankrupt because of GDPR". And my first instinct was to fistpump, because i know that most of these "businesses" are data-grabbing advertising a-hole companies.

    I mean, why would a company like Facebook even be allowed to know i visited a third party website, when i'm not even a Facebook member?

    Frankly, if companies weren't such bastards, the GDPR wouldn't be required, because simple good sense tells me that protecting a customers data (by security and by only taking the minimum amount of data required to fullfill the users request in the first place) is the right way to go. But since companies always try to make an extra buck by exploiting the user, the GDPR is a good thing. Of course, some companies will go bankrupt, but most of those are based on business models that shouldn't have been legal in the first place.

    "For me, programming in Perl is like my cooking. The result may not always taste nice, but it's quick, painless and it get's food on the table."

      I mean, why would a company like Facebook even be allowed to know i visited a third party website, when i'm not even a Facebook member?

      I have no idea, you should be able to choose who you do business with and know the terms.

      But what would happen if you went to the bank to ask for money to buy a house and they had no idea of your credit worthiness? Bad loans, less credit available, less market, less wealth across the board. They get this data from a third party, and every bank has access to it. This information is already collected, you give your permission to access it.

      By participating in a modern economy, you implicitly agree to the data collection of your credibility in order to do business, have access to credit. Well you probably explicitly agree and just never read the details. That seems like a very similar system, and that one works okay. Third parties collecting your information, it benefits you (like having free web sites), is kind of creepy, but also creates real societal wealth.

        That's not the only way of life; some would say, no way of life at all. A credit card is not the life prerequisite in many (or most) societies.

A reply falls below the community's threshold of quality. You may see it by logging in.
A reply falls below the community's threshold of quality. You may see it by logging in.

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: perlmeditation [id://1214708]
Approved by Discipulus
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others about the Monastery: (5)
As of 2024-03-28 14:42 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found