Max Schrems Files New Privacy Complaints That Seem To Show The Impossibility Of Complying With The GDPR
from the what-a-stupid-law dept
We've written many times about privacy activist Max Schrems, who almost single-handedly brought down the silly privacy safe harbors between the EU and the US. Last year, we wrote about his newest project called noyb.eu, which stands for "None Of Your Business."
Last week, Schrems and noyb announced a big list of GDPR complaints filed in Austria, against basically every streaming media company, none of which -- they claim -- are in compliance with the GDPR. Schrems also provided everyone with a handy dandy chart showing the basic details of the results of the GDPR requests they made to eight different streaming platforms, where they fell down, and how much they might be on the hook for:
If you'd like to see the actual complaints, here they are for Amazon, Apple, DAZN, Flimmit, Netflix, Soundcloud, Spotify, and YouTube.
I have lots of thoughts about this, so let's list them out:
-
This demonstrates the near impossibility of complying with the GDPR: While I'm sure many will view this as a positive for the GDPR, in that Schrems is going after a bunch of big companies who many people love to hate, I'd argue that these complaints really show just how ridiculous the GDPR is in practice. At least with the larger companies on this list (Amazon, Apple, YouTube, Netflix, and Spotify) it is ridiculous to argue that any of them were deliberately avoiding the GDPR requirements. All of those companies have been well aware of the GDPR for years and spent the past few years spending many, many millions of dollars preparing for the GDPR. All have decently large teams focused on doing everything they can to comply, in part because of the possibility of massive fines if they fail.
The fact that those large companies, who have all the resources in the world, are still deemed by Schrems to fail on nearly every aspect of the GDPR suggests, pretty clearly, that it is nearly impossible for anyone to truly be GDPR compliant in any reasonable sense.
-
The nature of the complaints shows just how silly the GDPR continues to be: Taking the Apple Music complaint as an example, the company did allow noyb and its client to download all the data it had, but noyb is demanding significantly more information under the GDPR -- much of it is information that would effectively be impossible to provide in the first place. For example, the complaint notes that Apple didn't provide "information about the purposes of the processing." But... isn't that the kind of information that anyone signing up for Apple Music already knows about when they sign up? Apple is using your information to provide you access to music and to recommend other music to you. What good does it do to have that information need to be spelled out once again at a later date to avoid massive billion dollar fines?
-
The possible fines remain completely insane: Note the numbers on the "maximum penalty" associated with these complaints. Under the GDPR, a company can be fined either €20 million or 4% of annual global turnover whichever is greater. So those eye-popping numbers are basically that 4%. Remember, most of the companies here bent over backwards to try to comply, with most of them setting up useful systems that allow users to download all of their data, even if noyb didn't like the format that data was in. And yet they might still face billions in fines?
-
GDPR could destroy some of these companies: It is surprising to see two companies -- DAZN and Soundcloud -- not respond at all to these requests. Both of them are based in the EU (though DAZN may escape via Brexit shortly, but it operates in many EU countries). I would think, at the very least, these companies would have in place some method of responding to GDPR requests. Soundcloud, despite its level of popularity, has struggled even to stay alive -- and came very close to shutting down a year and a half ago before getting a last minute reprieve from some investors. Either way, the company is clearly struggling, and the fact that both of these company's "maximum" possible fines are €20 million suggests that this is "greater" than 4% of their annual turnover. In short, this is likely a crippling and possibly company-destroying amount for these smaller operations. I'm still surprised neither responded to the requests at all -- but it's going to be difficult for either to stay in business facing these kinds of headwinds thanks to the EU's overaggressive regulations.
One final point on all of this: I recognize that there are lots of legitimate concerns about privacy in this day and age -- and, in particular, how various data collection companies are using our private data. And I've long been on record that companies should be not just a lot more transparent about the data they collect and how they use it, but also should push control over that data out to the end users. But, looking over this list, none of these are companies that I'm particularly worried about concerning how they use my data. Yes, there are potential privacy concerns here, but the idea that SoundCloud or Spotify contains data so sensitive that they should be fined massive amounts for not making it "intelligible" just seems disconnected from any real harms and any real concerns.
Indeed, my concern with this type of litigation is that it actually waters down and distorts the real concerns we should be having over privacy in the internet era. Netflix not giving me all of the data on what I've been watching via streaming doesn't seem like a particularly big consumer concern -- and yet if it sucks all the air out of the room, it makes it that much harder to deal with real privacy questions raised by internet giants.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: data protection, eu, gdpr, max schrems, privacy, streaming
Companies: amazon, apple, dazn, flimmit, netflix, noyb, soundcloud, spotify, youtube
Reader Comments
Subscribe: RSS
View by: Time | Thread
As a long-time Soundcloud user, I'm not surprised. Their system is very consumer-unfriendly in a lot of little ways that aren't immediately obvious, but become clear once you start to do non-trivial things with it. The sort of stuff that the people who end up paying Soundcloud for their services might end up needing to do--or that might drive them away to other platforms once they realize how needlessly complicated, restrictive, and expensive a lot of it is.
[ link to this | view in thread ]
A little naive with point #2.
I think you are being more than a little naive with your point #2.
I believe that the whole point of the GDPR and Max Schrems' request was to make sure that Apple is only using his information to provide him access to music and to recommend other music. There is nothing that says that Apple isn't using your data to target personalized ads at you, or selling your music tastes to the highest bidder, or even collecting your GPS location of every time you listen to a song.
The GDPR request wants to make it clear what it's using his data for, that it is what the user thinks it's being used for (and not some other reason buried in a 100+ page EULA).
Personally I think the the major companies have spent the last coupe of years trying to come up with systems that they believe will pass muster without having to change their currently lucrative practices, and without letting the user know just how much/what they are using it for. Because if they did they just might stop.
[ link to this | view in thread ]
typo: noyb
even if noyb didn't like the format that data was in. And yet they might still face billions in fines?
*nobody?
[ link to this | view in thread ]
2. See 1) above.
3. The fines must be that big to deter the conduct of the near-trillionaires.
4. See 1) above.
“Many” do not care about these companies any more than certain bloggers care about music and film companies. Too bad. Love these tantrums because it means you’re losing.
Was there any commentary on the Music Modernization Act or whatever it’s called that was passed in October to deal with royalties from streaming services.
[ link to this | view in thread ]
A small amendment to the headline ...
Impossibility Of doing business as before and Complying
So far, the large platforms appear to try getting away with not changing data collection and data analysis at all. Instead, they coerce "permission" from customers through elaborate T&C - a practice that has just been fined by French authorities.
If that avenue gets closed, or if noyb's complaint is accepted, it will indeed be difficult to continue collecting insane amounts of data (up to, as has recently been uncovered, camera recordings of people's bedroom in case of Amazon) in the hope of mining some gold nuggets out of them.
The real question is if Google, Amazon, Facebook & co will continue to be viable businesses if they were forced to work with smaller data sets, and possibly more transparent (read public) algorithms.
If Amazon's current "suggestions", and some of their current processes are anything to judge by, restarting their AI-systems from scratch with fewer, better data might actually be an improvement.
We may find out soon ...
[ link to this | view in thread ]
Re: typo: noyb
[ link to this | view in thread ]
Re:
Oh Jhon boy. As ever your projection is top notch.
[ link to this | view in thread ]
Re: typo: noyb
No, I believe he was referring to noyb.eu, which stands for "None Of Your Business" the group Max Schrems founded.
Also, I don't think it was noyb.eu not liking the format that was provided, but the format provided being chosen to be unhelpful/useless. This is a common ploy with FOIA respondents.
Ex: request a copy of data that's originally in an easily searchable/analyzable database format, receive a badly scanned pdf copy of the data that was poorly formatted, printed, copied a few times and then scanned into an unsearchable pdf file.
Or in Apple's case; maybe the data was provided as a single line text file (everything in one long line) filled with loads of abbreviations and no key to interpret them with.
Without knowing the format of the data that was received, it's rather cavalier to assume fining the company over their choice is just noyb not liking the format it was provided in.
[ link to this | view in thread ]
Really, you're using that as an example of why it's impossible to comply? Because that can be trivially solved by writing "Apple is using your information to provide you access to music and to recommend other music to you"—unless that doesn't work, for some reason you haven't explained. (But: why do they need personal information to provide the music? Can I opt out of suggestions? Are we sure that's all they're going to do with it, because Facebook especially has been known to collect for one obvious reason and use it for something else entirely.)
You didn't provide any detail at all on why the complaints are otherwise "silly" or "ridiculous". As for the "maximum fine", haven't you had to explain similar things to people when we see a "maximum sentence" of 9001 years or whatnot? It's a theoretical number used for intimidation, rarely actually applied (and yeah, we should really have more realistic numbers rather than rely on selective enforcement).
[ link to this | view in thread ]
Consideration
Someone with a Thought is creating a backdoor into the net.. HOW to control the internet..
IF' these laws would be used Fairly, by every corporation.. On/OFF the net..
How many corps Would be hit hard.. How about the credit Bureau's. Those strange persons and groups that Monitor and Give us Credit cards..
THEY DO sell our info..
How about Cellphone companies?? They have already shown that Some App's are tracking us, and our locations..
Who needs the old conspiracy about Chips and pets, and Soon it will be everyone and be Tracked by Satellite.. You carry your tracking device in your hand, and While using the net at home on your PC...
I dont mind Anonymous Data.. IF' you leave out certain data.
1. Name/address/SS#
2. location of store it was purchased, Region is ok..
3. The format of payment.
Beyond that, I dont have a problem...But with alittle bit of this info, they DO have programs that will figure out WHO you are.
Limiting it to...Person bought an item in IDAHO, at ??/??/??? date is enough.
ALSO..
I suggest you read your Current Bank terms..and notice if they Sell your data. A track you can do, and you can even tell the bank its a security format..is to add a Single extra character to your name or address...A MISS-SPELLING..
So that If you get a MAIL with this miss-spelling..you KNOW your bank sold your data.
Advert agencies and collectors DONT spell check or verify data.(psst..Add a number to the Middle initial)
[ link to this | view in thread ]
Re: A little naive with point #2.
Careful with that second point: do you mean recommend music to Schrems, or use his personal data (listening history) to recommend music to others? Those are two very different uses that are not inherently tied together, and should have permissions requested separately.
[ link to this | view in thread ]
[ link to this | view in thread ]
The road to Hell is paved with good intentions.
The idea behind the GDPR certainly is pretty sound and even desirable to some degree. The implementation? Not so much. And to think these same giants brought it upon themselves by abusing their position and the data consumers are handing them.
I hope the EU will rethink it and use the initial numbers to go back to the drawing board to fix these problems before imposing fines. The cynic in me says they'll use this selectively and collateral damage be damned.
[ link to this | view in thread ]
Re: Re: typo: noyb
That seems lazy on Mike's part. What format was provided, what format was wanted, and what's reasonable/required? None of that was mentioned, and it's necessary to evaluate Mike's argument. (Did the company maliciously hand out an encrypted blob nobody could possibly ever read? Did they simply forget to explain an acronym, and all will be good when they post a glossary?)
[ link to this | view in thread ]
Re: Re: Re: typo: noyb
Well according to the pdf for the Apple Music Store at least, what data Apple provided was in a series of machine readable .csv and .json files that were unintelligible.
Also according to the complaint:
Which is a big no no under the GDPR. So it looks like Apple is indeed trying to appear GDPR compliant without actually being so.
[ link to this | view in thread ]
Re: Re: Re: Re: typo: noyb
Far be it from me to defend a company as inherently abusive as Apple, but in this particular case I don't see anything wrong with what they did. When you have a large amount of data, returning it as a machine-readable format such as CSV (which can be trivially read into Excel) or JSON is absolutely the right answer.
Large data sets are very difficult to read the way a normal human being would read a book, from beginning to end. Instead, what you want to do with that sort of data is subject it to analysis, and for that you need some format that's easy to parse by a computer, which can then search through it and help the user work out points that are of interest.
If the GDPR doesn't recognize this simple fact, it's just another point demonstrating that it's a bad law.
[ link to this | view in thread ]
[ link to this | view in thread ]
Not for a second do these bastards conceive of the notion that some of their beloved tracking data might be going bye-bye - all they care about is exactly what lip service is needed in order to be left alone to continue _exactly_ as before, zero change. Their whole point is that nothing less than before is acceptable, and the whole point of the ever more privacy conscious folks is that that is not going to continue to happen. Something obviously has to break. If it is to be some of their spines, that sounds great...
[ link to this | view in thread ]
Re: Re: Re: Re: Re: typo: noyb
When the DPA decides that a fine is warranted, it's unlikely to be close to the maximum fine for a company that makes a good faith effort. And there is the option for a legal review of the DPA ruling and penalties. Expect a body of jurisprudence in five years.
[ link to this | view in thread ]
Re: Re: Re: Re: Re: typo: noyb
We don't know enough about "what they did". Both formats are trivial to lex, so sure, you could read CSV into Excel. Then what? You need to know what each row and column represent to know how to interpret it, and that could be really obvious or completely obscure.
[ link to this | view in thread ]
Re: Re:
The article doesn';t make it sound like Apple is winning this.
As for the ad-hominem, see the "how many profitable copyrigths do you own?" threads.
The more than throw the tantrum, the more desperate they are. No need to respond with anything but brutal logic. Make sure every time Google sends traffic here that all points of view are presented. That can have an interesting effect on a lawn.
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re: Re: Re: Re: Re: typo: noyb
Mason,
I think you missed the point. Neither the GDPR nor Max is saying that the data can't be provided in a machine readable format. With the amount of data that most companies probably keep, it would be silly to download the data any other way. But just because the data is in a CSV doesn't mean that it's intelligible.
For example compare the following by necessity short examples:
Intelligible:
UserName, TimeStamp, ClientIP Address, MusicGenre, SongTitle
joe01, 2019-01-01 12:24 GMT, 10.10.1.1, Country, 'Tequila'
joe01, 2018-12-30 01:15 GMT, 10.10.1.1, Country, 'You make it Easy'
joe01, 2018-12-30 02:05 GMT, 10.10.1.1, Country, 'Break Up in the End'
joe01, 2018-06-18 15:00 GMT, 10.10.1.1, Pop,'Thank u, next'
joe01, 2013-04-10 09:02 GMT, 10.10.1.1, Country, 'Get Along'
Unintelligible:
ux, st, m12, x17, au32
278E4A8DB999EBF6B04D4787142D36BC7975D231, 2019-01-01 12:24 GMT, 10.10.1.1, am12, 180b133cbeeb94004708a06c1631ccfb
278E4A8DB999EBF6B04D4787142D36BC7975D231, 2018-12-30 01:15 GMT, 10.10.1.1, am12, 8f81b5a32cbb21db94c5396284505729
278E4A8DB999EBF6B04D4787142D36BC7975D231, 2018-12-30 02:05 GMT, 10.10.1.1, am12, 1b558644691b71ddc59ca9b2630e041f
278E4A8DB999EBF6B04D4787142D36BC7975D231, 2018-06-18 15:00 GMT, 10.10.1.1, zx92, e2fa24536a5ad7782969d0f940b34ee4
278E4A8DB999EBF6B04D4787142D36BC7975D231, 2013-04-10 09:02 GMT, 10.10.1.1, am12, 698a8af60cdd4b83e5120474cccbac8a
See, the same data, but the second version doesn't really tell you what information about you they are keeping.
[ link to this | view in thread ]
Re: Re: Re: Re: Re: typo: noyb
[ link to this | view in thread ]
Re: Re: Re: Re: typo: noyb
Corporate doublespeak is leading to government doublefines.
[ link to this | view in thread ]
Re:
I can see your point, but I don't think he's trolling any more than Mike is with his coverage. What's the point of having privacy laws if they're not enforced? Max is good at getting PR but I don't think he's blowing things out of proportion or going for a payday. He uses these services and doesn't want them shut down; he just wants them to comply with the law.
Look at all the green and orange marks on his grid. They'd have almost all been red 5 years ago. As Mike writes "there are lots of legitimate concerns about privacy in this day and age... companies should be not just a lot more transparent about the data they collect and how they use it, but also should push control over that data out to the end users." That Mike's not worried doesn't mean much to me. We could make the same argument about FOIA—why should the government release the details? The law says what data the government can collect, and knowing the law should be enough. In practice, the amount and detail of what's being collected, or how it's being analyzed, often is the story.
If Facebook is deciding whether or not I'm suicidal, I want to know. The same goes if Netflix is determining my bladder health by how often I pause. BTW, librarians can explain better than I that tracking a person's media consumption is not innocuous.
[ link to this | view in thread ]
A complaint is not a determination
The French DPA did just fine Google 50M€ on another Scrhems complaint, which is enough to get their attention but hardly going to put them out of business.
[ link to this | view in thread ]
Re: Re: Re:Those goddamn kids just won’t stay off your lawn!
Every time I think you can’t project any harder. BOOM another masterpiece from the inside of your slightly mushy grey matter.
[ link to this | view in thread ]
Re: Re:
I certainly hope not; they don't have the data for something like that.
Even assuming, just for the sake of argument, that the only possible reason for a pause of a certain length is a bathroom break, how often I feel like taking one has far more to do with how much water I've drunk recently than anything related to my health. (Assuming, again for the sake of simplicity, that the amount of water I'm drinking is not itself unhealthy.)
[ link to this | view in thread ]
if they cant suggest music tracks you might like,
And keep a record of your favourite singers ,pop groups ?
eg i like madonna ,i,d probably like to hear
any new songs she release,s and songs she might appear
on as a duo with any other artist.
If i live in england i probably would prefer songs in the english language rather than the top 20 in russia .
.
I Presume youtube is keeping a list of the video,s
i watch in order to offer me suggestions as to new video,s i might like .
i have no problem with that .
They get some data from me, in return i get acess
to millions of videos at zero cost .
They save me time , they suggest the latest uploads from creators i subscribe to .
[ link to this | view in thread ]
Re: Re: Re:
You think they don't have the data on how often you pause?
The example was farcical, but not that far off from what Facebook's doing with the suicide prevention. Netflix can't be certain of any conclusions drawn from pausing, just as Facebook is only guessing, but that's not the point. I want to know what they're going to use my data for, and I don't mean some vaguery like "to improve customer experience".
In the old days of analog cable TV, all the company knew was what channels you subscribed to, where you lived, and whether you paid your bill. In the digital world, they know every channel every subscriber is tuned to, all the time. They probably know what shows I've read the descriptions of, via the onscreen guide, and decided not to watch. What are they doing with all this newfound data? I'm not in Europe, so I'll likely never know.
[ link to this | view in thread ]
Re: A complaint is not a determination
[ link to this | view in thread ]
Re: Re: Re: Re:
They don't have the data on what I've been drinking. Without that, the pause information (which they probably do have) can't tell them enough to distinguish whether I have a bladder problem or am just over-hydrated.
[ link to this | view in thread ]
Re: Re: Re:
[ link to this | view in thread ]
Re:
If the internet “business model” can’t survive respecting internet rights, it deserves to perish.
I actually agree wholeheartedly with this. My question is what in the above is actually "respecting internet rights." I don't se that.
“Many” do not care about these companies any more than certain bloggers care about music and film companies.
I don't care about these companies either. I do care about the end users of those services and how they are harmed by bad regulations on the companies. So, sure, kill off those companies. No big deal. But what about the services that people rely on and find so useful these days?
[ link to this | view in thread ]
Re: Re: Re: Re: Re:
Of course. The point is 1) a company might be collecting/retaining more data than you expect, such as recording every button press forever and 2) they might use it in surprising ways. Don't focus on the jokey hypothetical, because Facebook is a real example of both points (especially #2). It's notable that FB claims they do not try to predict suicide in Europe, due to medical privacy regulations and requirements for informed consent.
Consent matters. Who ever expected Facebook might send the local police over for using too many sad-face emojis?
[ link to this | view in thread ]
Re: Re: Re:
[ link to this | view in thread ]
First, these are *complaints*. Being able to complain does not, in itself, mean anything. How many baseless lawsuits have you written about over the years? Remember, idiots suing people for defamation does not mean that the defamation law is an absolute disaster and should be abolished.
Second, you seem to assume that any minor (real or perceived) infraction will bring about the "maximum fine" and bankrupt the small services. *That is not the goal.* If your company is earnestly trying to comply, the fine will be negligible, or you may even just get a warning. There was a GDPR ruling ruling against Google a few days ago, for 50 million Euros. That's 0.05% of Google's revenue, not 4%.
[ link to this | view in thread ]
Re:
There is a LOT of money to be made on YouTube, specifically because they track viewing history, and because piracy is not an issue. Knockoffs, however, are, as anyone who has ever made a fortune in mail order knows.
[ link to this | view in thread ]
Re: A little naive with point #2.
How do you think having the GDPR is going to help anyone here?
[ link to this | view in thread ]
Re: Re: Re: Re:
[ link to this | view in thread ]
Re: Re: Re: Re:
Masnick runs his mouth safely behind a monitor in a way he wouldn't dare to anyone's face, and he hides behind frew speech to allow his uses to do far worse. The best way to confront him is to have a reporter start asking questions on camera when he's at one of those events or whatever or to do the Michael Moore thing and stand outside his office building while rebutting him.
However he is ultimately dealth with, it won't be here. This is his turf, and he lets the bullies run wild. Like a dog chained to a post, however, his influence has no range to match that of those he allows to be bullied. If he weren't such a gnat he'd already see what he's starting with regard to a free-speech war but that day will come sooner or later.
This site is just a stupid little echo chamber that will never influence policy. Everything he supports keeps losing and losing and losing.
[ link to this | view in thread ]
Re: Re: Re: Re: Re:
Have you listened to the podcast? He's had several episodes which consist of him participating in some sort of panel, espousing these same opinions in person to the live audience and the other panelists as he does on here.
You could say a lot of things about Mike, but moral inconsistency of this kind is most certainly not one of them.
Wow. Just wow. How long have you been hanging around here?
Just off the top of my head, one of the most notable things he supported was resisting SOPA and ACTA. These both got shot down in Congress, and he's had notable people, both elected representatives and senior staff members of elected representatives, come around here and talk about how Techdirt's coverage was instrumental in helping them understand why these were bad bills that they needed to shut down.
[ link to this | view in thread ]
Re: How them lawsuits going bro?
Another projection masterpiece. You’re like the Michangello of accusing other people of how you think.
[ link to this | view in thread ]
Re: A little naive with point #2.
So since Apple is already disclosing how they're using the data, disclosing it again doesn't really help much, unless you're implying that the first disclosure means nothing because it's not mandated, and so they could be doing other things with the data without telling you, until you request the details.
But it's obvious that Apple CAN disclose this data because they do so at the point of activation -- so the fact that they don't leads me to believe that they figured they were already covered by having disclosed the usage data previously to the customer.
[ link to this | view in thread ]
Re: Re: Re: Re: Re:
Let me give you a tip from 20 minutes into the future: when you buy an internet-of-things coffeemaker or juicer, read the privacy policy, particularly the data-sharing provisions, really carefully.
[ link to this | view in thread ]
Re:
I'm sorry, you did read the article - all of it, right?
First, these complaints are in a sense a way to highlight the absurdity of trying to be wholly compliant with GDPR. OTOH, if the complaints aren't taken seriously by the court system it will undermine the enforcement of the GDPR.
Second, see point 3 & 4 in the article. You do understand that the qualifiers of 'can be fined', 'might face fines' and 'could destroy' isn't the same as 'maximum fines' and 'will destroy'. At no point did Mike imply that maximum fines will be applied to destroy some services - he implied that small services with no financial muscles might be destroyed if they are fined.
[ link to this | view in thread ]
Re: Re: Re: Re: Re:
You had it. It was offered up to you on a silver platter. And you still managed to screw it up!
Your tears are delicious.
[ link to this | view in thread ]
Re: Re: Re: Re: Re:
[ link to this | view in thread ]
Re:
a music service merely has to offer a catalogue unless the user wants more. how do you think anything works? have you ever tried services without being logged in and refusing tracking? or how about only tracking of explicit "likes", because seriously YT is shit at guessing, or good gods, recommending shit at me. if they stuck to saves and likes they would do better and be less awful.
[ link to this | view in thread ]
Re: Re: Re: Re: typo: noyb
Is it really? The formats provided are industry standards act are readable by industry standard software that is supplied either free of charge or pre-installed on the computer, or by numerous online tools.
Is it now a GDPR violation to not teach people to use their own computer? I'd understand if you're talking some weird proprietary format, but this is probably less difficult for most devices to read than the original web page.
" So it looks like Apple is indeed trying to appear GDPR compliant without actually being so."
No, it looks like you don't know what CSV and JSON formats are.
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Re: typo: noyb
On the flip side, I'd assume the companies are doing the bare minimum, which might mean supplying raw data in several tables rather than a nicely formatted single sheet, but if the legislation doesn't demand that's required then some companies won't make life easy out of principle.
Without more detail it's true that it could go either way, but if literally nobody is presenting data in the way they want it then I'd presume it's the demands and not the companies that are being unreasonable.
[ link to this | view in thread ]
Re: Re:
What's the good of having them if nobody is able to satisfactorily comply?
[ link to this | view in thread ]
Re: Re: Re: Re:
They do. They do not have the data on what I was doing at that time, why I chose to pause at that moment, why it took me however long to unpause, whether or not it was actually me using the device or someone else accidentally logged into my profile, etc.
I think his point is that the dataset is hopelessly incomplete to draw such a specific conclusion.
"They probably know"
...that if you're this hopelessly paranoid about the data you explicitly give the company in question, that you also have the option not to subscribe to their service,.
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Re:
[ link to this | view in thread ]
Re: Re: Re:
Government income by way of fines.
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Re: Re: typo: noyb
What in the world gives you the idea that what they're being asked (demanded) to comply with is anything realistic, dood?
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Re:
[ link to this | view in thread ]
Re: Re: Re: Re:
[ link to this | view in thread ]
Re: Re: Re: Re:
"most people probably wouldn't go directly from complaining about ad hominems to using a slur against people with disabilities in the same sentence."
...yes, but the "Child Porn Is Great" brigade isn't "most people". Please bear in mind that we're discussing the sort of people who appoint the likes of johan Schlüter, John Steele and Andrew Crossley to lead their efforts.
[ link to this | view in thread ]
Can't agree at all
2. If it needed only two lines or text to explain how they used what parts of the data, why would apple not send this information? Wouldn't that be ridiculously easy then?
3.& 4. It's a maximum penalty that won't be charged for minor fuckups. But here I have to agree that I don't understand why it isn't just the 4% as this would be fair imho. Would be interesting how this decision was made to have a lower limit of 20m. The 4% for big companies are good as otherwise no huge Enterprise would give a fuck.
The rest of the text:
How can you not be worried about your data on Amazon? A colleague is having a discussion atm as they are saying that it is technically not possible to delete his old data (he even said they could keep anything fresher than 6months but can't see the reason why they would need his data from the early 2000's. Common. Billions and a few years time and they're not capable of developing a system where data can be deleted??
[ link to this | view in thread ]
phorm storm
you seem to totally not get The EU General Data Protection Regulation (GDPR)
at its most fundamental EU torts state that a person's personally generated data is their exclusive property automatically, without explicit consent no interception,processing, or storage of any kind is legal, see the masses of legal "phorm storm" coverage (before fake news was so prevalent)
[ link to this | view in thread ]
The GDPR was never meant to protect individual privacy.
[ link to this | view in thread ]