← Back to context

Comment by mmarq

3 years ago

GDPR compliance is actually trivial to implement if you manage your users’ data in ways that wouldn’t surprise them negatively. There's not much more.

> unelected bureaucrats

Does the American elect the IRS or the FTC bureaucrat?

12 comments

mmarq

Reply
DisjointedHunt  3 years ago

Well, read the thread above you. GDPR is so complex that even the people who passed it can’t tell you the scope given the intentional ambiguity.

I have officials in the EU on the record that IP addresses are deemed personal information and if your business uses AWS and unintentionally passed IP addresses over to any resource in the US, you are technically in violation.

Will you be hanged for this today? Probably not. But all it takes is one negative press cycle for the idiots there to interpret and enforce this as they have shown the willingness to do in the past.

The point about unelected bureaucrats isn’t the unelected part. It’s the lack of oversight or consequence or clear demarcation of legislative power from the executive.

The bureaucrats have taken it upon themselves to issue multiple specific rules that go over and beyond the text of any law. See the case of the CNIL in France. They had a court ruling around their rules for cookies on Google go against them and they continued to insist that they would enforce said law. They issued an “FAQ” on their website that indicated threatening language against businesses that flouted their previous comments that were now deemed incorrect by a court of law and had the audacity to press on.

Like I said, the EU is an abusive monarchy

  • mmarq  3 years ago

    > I have officials in the EU on the record that IP addresses are deemed personal information and if your business uses AWS and unintentionally passed IP addresses over to any resource in the US, you are technically in violation.

    Of course, everybody knows that. You have to have good reasons to store people’s IP addresses (ie security logs, which must be disconnected from the tracking/telemetry system).

    > Will you be hanged for this today? Probably not. But all it takes is one negative press cycle for the idiots there to interpret and enforce this as they have shown the willingness to do in the past.

    If the regulator finds out that your analytics or recommendation system (which again is not the system where you store logs) is collecting and processing IP addresses without users’ consent, they will ask you to stop. If you don’t they will eventually fine you.

    > The point about unelected bureaucrats isn’t the unelected part. It’s the lack of oversight or consequence or clear demarcation of legislative power from the executive.

    GDPR has been made/negotiated by the European Parliament (which is elected directly), by the Council of the EU, which is composed by ministers of member states, and by the Commission (whose members are elected by the Parliament and the Council). These are the legislative and executive branches of the EU, not a bunch of unelected bureaucrats.

    If you were referring to the regulator, well, all regulator bodies are made of “unelected bureaucrats” by design (that’s why they are referred to as “independent agencies”).

    > The bureaucrats have taken it upon themselves to issue multiple specific rules that go over and beyond the text of any law. See the case of the CNIL in France. They had a court ruling around their rules for cookies on Google go against them and they continued to insist that they would enforce said law.

    It seems that you are very agitated because the CNIL (some unelected bureaucrats) imposed a blanket ban on cookie walls and then the Council of State (some other unelected bureaucrats) held that such blanket ban could not be imposed. An honest observer would acknowledge that these things happen everyday (the Council of State wouldn’t otherwise exist), the matter is quite complex and that the gist of the matter hasn’t changed: “in order for consent to be freely given, access to services and functionalities must not be made conditional on the consent of a user to the storing of information, or gaining of access to information”. So one may still be fined for a cookie wall.

    If what is upsetting you is instead a court case, the only one I could find is the recent 150mln€ fine that Google appealed on jurisdictions grounds and that was upheld, again, by the Council of State.

    Either way, I wouldn’t get too agitated about complex court cases in foreign countries thousands of kilometres from my home and whose language I don’t speak.

    > Like I said, the EU is an abusive monarchy

    I will point to Proposition 7 of Wittgenstein’s Tractatus and I won’t indulge you further on this.

    • DisjointedHunt  3 years ago

      > Of course, everybody knows that

      Lol. Thank you for agreeing. You're completely wrong about the fines part, it is discretionary. ie, if tomorrow, there is a negative press cycle, you will certainly be hit with any punishment of their choosing. The incremental warning and fines approach has no practical or legal basis.

      If it does, get it in writing from __ANY__ entity entrusted with enforcing the GDPR, you will be laughed out of the room. Europe is a clown show. Ambiguity rules.

      > These are the legislative and executive branches of the EU, not a bunch of unelected bureaucrats.

      Oh really? Read my comment again. These assholes in the executive are directly changing the letter of the law. ie LEGISLATING.

      They are further doing so with the stated objective of harming a single company. I can point you to the statements of a hundred or so elected officials, not least of all the president of the European Comission who said so in no uncertain terms when she was in the US for SXSW.

      > It seems that you are very agitated because

      I didn't ask you to diagnose anything, Dr. Phil. Sit the fuck down and read the comment again. The Council of State in France is who the CNIL reports to. They are the administrative justice Supreme Court.

      When an agency goes fucking rogue against their oversight body while trying to kill a company, what else is it other than abuse of power? The very fact that you choose not to call this out makes me question your motives and judgement.

      We have laws for a fucking reason. Not to print them out and hang them on the walls like ornaments but so there is discipline in the exercise of power entrusted in people with the power of Government. We can't have personal vendettas run through governmental office.

      > I will point to Proposition 7 of Wittgenstein’s Tractatus and I won’t indulge you further on this.

      Fancy. Should i be impressed? Does that disqualify all the abuse of power in your eyes?

      9 replies →