Comment by ascorbic
2 days ago
If you're thinking that this is good (and it is), you should love the GDPR which bans this sort of thing entirely without needing an investigation beforehand.
2 days ago
If you're thinking that this is good (and it is), you should love the GDPR which bans this sort of thing entirely without needing an investigation beforehand.
In Sweden it is also a crime, dataintrång.
If data is entered into a system, and you do not have not received permission to read it, then obtaining access to it is the crime of dataintrång, which can lead to two years imprisonment. So if you make a device and sell it to a customer and it phones home without permission and in phoning home provides you with information he has entered into it, then you've committed dataintrång and can go to prison for up to two years.
I see no reason why GPS data and other automatically entered data would not be regarded as having been entered into the device.
I guess GDPR is a good idea, but in practice it has limited value. I suppose all that is needed is that the user accepts (consents) by answering yes to a popup question. It can be asked over and over. If you answer yes by accident at some point you are screwed. You can maybe(?) retract your answer, but maybe you don't even know you answered yes at some point when you were stressed and had to drive somewhere, while your nav/media system asked you this question.
The main problem is that this sort of thing (tracking of cars and storing the data in a central database) is considered normal by corporations and is allowed by law. Would we like to have big corporations place private detectives outside our houses and when we leave they follow our every step, take photos, record audio and track our GPS position and report all that data to the corporation in realtime? That is what they do now with their cars and phones and appliances. The reason they did not do it in the past was that it was expensive to have private detectives track each of their customers, was considered spooky and abnormal and it was probably also illegal, but now it is cheap and somehow considered normal.
I guess GDPR is a good idea, but in practice it has limited value. I suppose all that is needed is that the user accepts (consents) by answering yes to a popup question. It can be asked over and over. If you answer yes by accident at some point you are screwed.
Not allowed by the GDPR, this violates the principle of unambiguous consent:
https://www.autoriteitpersoonsgegevens.nl/en/themes/basic-gd...
You can maybe(?) retract your answer,
Under the GDPR, retracting consent should be as easy as giving consent. Moreover, you have the right of erasure. Even if you consented, when asked, GM should remove all your personal data:
https://gdpr-info.eu/art-17-gdpr/
but maybe you don't even know you answered yes at some point when you were stressed and had to drive somewhere, while your nav/media system asked you this question.
Violates both the rules that consent should be given freely.
---
More broadly, selling non-anonymous data would never be allowed under the GDPR, because the third-parties would need to consent to use the data.
(IANAL)
In theory it all sounds nice, but in reality I have never seen any website or product adhere to what you (or GDPR) states.
If you answer yes in a popup by fat-fingering, stress, mixup whatever you are screwed. The popup typically comes up when you do not want it, i.e. when you are about to use the product's main function.
> Under the GDPR, retracting consent should be as easy as giving consent.
Well, the popup to give consent comes up all the time wether you want it or not, but there is no popup coming up to retract it. You have to search deep in the settings. It's quite unlikely people will do that on embedded hardware or cars.
And if first given consent by mistake, they have already fetched data in the meantime until you turn it off.
> Violates both the rules that consent should be given freely.
What do you even mean? Of course no one is pointing a gun to your head, but they put up the popup asking for consent and I might push the wrong button by mistake. I might also not notice I pushed the wrong button because there is never a confirmation step.
[EDIT]: And there are typically a huge bunch of switches and checkboxes asking for different kinds of approvals which makes in even easier to make mistakes.
> I guess GDPR is a good idea, but in practice it has limited value. I suppose all that is needed is that the user accepts (consents) by answering yes to a popup question. It can be asked over and over.
While this is a somewhat common approach, it's not compliant. The real problem with the GDPR is enforcement; it's largely enforced by national data protection bodies of, well, varying quality, resourcing, and aggressiveness.
That's not how the GDPR works
[dead]