by philnash on 1/29/18, 1:15 PM with 129 comments
by cromwellian on 1/30/18, 11:44 AM
Loads of people in here who support the concept of net neutrality which helps enable permissionless innovation by not imposing huge costs on those who publish or allowing others to impose costs on them, now cheerlead for the right to impose extraterritorial regulation without representation.
There was a time you could just set up a site on the net and not have to worry about much, apparently now you have to worry about the Union of all possible foreign laws in case anyone from outside geographic regions visits your site. It’s could be a race to the lowest common denominator of freedom, or conversely yield bulkanizarion of the internet as more Geo-IP blocks go up or more great firewalls.
How many of you love “this video or music isn’t available for playback in your region”?
That could be much more common in the future and contrary to commentary far more likely to hurt smaller and medium sized players than the real targets of the laws.
by x0x0 on 1/30/18, 6:50 AM
Consider the ICO -- the UK privacy commission -- has been promising final GDPR guidance for perhaps half a year now, and instead are sitting around with their thumbs up their asses waiting on the Article 29 Working Party final guidance. The Article 29 Working Group held comments open until 23 January 2018. Some unknown amount of time later, that working group will finalize, and then some unknown amount of time later, the ICO will issue their guidance.
But don't you worry, the ICO plans to offer no grace period to us!
How the hell organizations are supposed to be ready by 25 May when they may receive final guidance in late February is a hell of a question. Realistically, considering the ICOs adherence to deadlines so far, they're gonna deliver their final guidance promptly for May 2019.
I'm essentially assuming users will be hit with a blizzard of opt-in dialogues.
One of the few things in the GDPR that will have impact is if you use consent as a legal basis for processing, everything has to be default opt-out.
by sb8244 on 1/30/18, 6:38 AM
On top of that, developing business software becomes incredibly complex when navigating all of the potential ramifications of these policies. I thought it was strange that the SAP SDK at a hackathon essentially required the app to get OAuth permission from the user to access / write an encrypted payload that the app couldn't read / access / delete / update without user consent.
by ocdtrekkie on 1/30/18, 6:35 AM
by andybak on 1/30/18, 7:38 AM
by yummybear on 1/30/18, 7:48 AM
Some standards based description about the cookies/etc. that could be consented. Non-consent means the cookie isn't accepted by the browser.
by bryanrasmussen on 1/30/18, 9:30 AM
Too many notices, requests for confirmation will be a problem. So I expect the company should be able to instantiate analytics with a parameter saying that they asked for confirmation and what the response was.
Aside from that I think there might end up being a performance benefit from the GDPR. The difficulty of keeping permissions to track across different adtech providers becomes onerous, and big media companies start throwing out a bunch of them.
by RutZap on 1/30/18, 2:25 PM
Moving towards slightly more delicate issues (compared to tracking someones browsing habits), in relation to the right to be forgotten, if I make a request to Equifax and Experian to remove all personal identifiable information they hold about me, will this actually be possible?
Will my bank then contact me for consent to pass my data back over to them? Will I be able to open a new bank account in the future if Experian and Equifax delete my data?
How would this whole legislation deal with something like this?
by rapnie on 1/30/18, 6:38 AM
if you come to think of it, it is also a privacy nightmare.. therefore google analytics is blocked by my Privacy Badger!
by gandutraveler on 1/30/18, 8:58 AM
by ysv2 on 1/30/18, 6:39 AM
That's fundamentally incorrect. As a non-EU citizen, I reject the notion that a foreign government has the right to impose their own laws on me, be it the EU or China or anyone else. If the EU thinks it's a problem that I'm offering a service to EU citizens that doesn't comply with laws I have no vote on, frankly they can sod off.
by spektom on 1/30/18, 6:38 AM
by neya on 1/30/18, 7:10 AM
What bothers me the most is, as a non-European citizen of a country that has nothing to do with Europe, I'm expected to modify the source code of my website to adhere to their laws, which aren't from my country. The important part: WWW is a global platform to showcase your service/work globally. I have a problem because one entity thinks the global service needs to be customised specifically for them. How about "don't like it, don't visit it?"
Simply put, I don't want to get into an argument whether this GDPR is bad/good, but, I know that I didn't vote for or against this and it's not in my jurisdiction. I don't belong to Europe either, so what are you going to do?
This is what I'm going to do: I'm going to block access to my services to anyone based in Europe. It WILL affect our cash flow in the long run, but, I'm tired of governments that I don't care about expect me to follow some nonsense I have no part of under the guise of compliance on a global platform that is WWW ("WORLD WIDE Web"). I think, if enough webmasters fight back, then they'll realise. And the only way is to block your services to EU.
As a cherry on top, I'll even put up a redirect notice stating:
"Sorry, you belong to the EU and we're not going to follow
your laws. Please fight back with your GOV if you wish to
have access to our services. This has nothing to do with
us."
edit: clarity