GDPR Concerns Temporarily Result In The Removal Of Trash Cans From Ireland Post Office
from the that's-some-fine-regulation-you-got-there,-EU dept
The regulatory nightmare known as GDPR continues to wreak havoc. The data privacy law enacted by the European Union has possibly helped protect the data of Europeans, but the thick cloud of smoke rising from the collateral damage makes it impossible to say for sure.
Regulating the internet isn't as simple as the EU Parliament thought it would be. The first reaction many US sites had to the new law was to block every user appearing to originate from a covered country. The EU Parliament couldn't even comply with GDPR properly. Its own website didn't anonymize incoming users correctly, allowing the Parliament's site to hoover up IP addresses to send through to Google Analytics. The EU Commission responded to this gaffe by exempting itself from the law.
Meanwhile, European citizens were experiencing the downsides of mandated data export. The law requires all user data collected by tech companies to be available on demand to European internet users. In theory, a wonderful idea. In practice, it means if someone hacks one of your accounts, they can start requesting your data as well. Even without being hacked, your personal data can be sent to someone else because tech companies are just as prone to clerical errors as anyone else.
This latest incident is more of the same. Another debacle powered by GDPR. This time, the problem created wasn't composed of 1s and 0s. This time the side effects could be felt physically.
All public bins have been removed from the GPO [General Post Office] due to potential privacy breaches under the General Data Protection Regulation (GDPR).
Customers and visitors to the historic building will no longer be able to dispose their litter within the premises.
An Post says under the new privacy laws, even rubbish containing personal details is considered their responsibility.
For this reason, a decision was taken to remove every bin from the post office’s main hall.
The problem? Post office customers were tossing out unwanted mail and receipts -- all of which contained confidential personal data now regulated by GDPR. The post office's solution was to remove its inadvertent data collection facilities, which apparently led to people leaving their regulated data lying on the office's counters and floors.
Fortunately, this new normal for post office users was swiftly reverted back to the old normal. The Commissioner of the Office of Data Protection issued a clarifying statement on post offices, rubbish bins, and protecting the privacy of post office customers.
When contacted this evening, a spokesperson for the Office of the Data Protection Commissioner told independent.ie that "under no circumstances" could public litter be in breach of GDPR.
Great. Glad that's cleared up. Business as usual then?
“An Post have confirmed a number of outstanding issues around the handling of waste material from public litter bins in the GPO,” a spokesperson said.
“The bins had been removed from the public office of the GPO on a trial basis and have now been re-instated,” he said.
THE BINS HAVE BEEN REINSTATED.
This is the stupid world the EU Parliament has gifted us. A breathtakingly broad law that regulates every entity that might possess the personal information of others has, however briefly, resulted in the removal of trash cans to ensure compliance. This may be the dumbest collateral damage yet, but it certainly won't be the last.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: data protection, gdpr, ireland, irish post office, trash cans
Reader Comments
Subscribe: RSS
View by: Time | Thread
Everything is fine, see...
Every time something like this happens, the Office of the Data Protection Commissioner will create a new exception. The Office claims to have "clarified" but the GDPR is such a mess that I expect they did not "clarify" anything but instead made an ad hoc decree to work around the absurd consequences of their law.
[ link to this | view in chronology ]
Re: Everything is fine, see...
Just make everything illegal and then proclaim a bureaucratic "exemptions". This effectively lets lower level bureaucrats write law on a whim without having to go through the formal process. I see how that works.
[ link to this | view in chronology ]
Re: Re: Everything is fine, see...
They could even call the exemptions "indulgences" and sell them on the individual level to those with enough money to pay.
[ link to this | view in chronology ]
Self-regulation failed, so we get this.
[ link to this | view in chronology ]
Oh, yet another story where a stupid interpretation is attributed to the law. I'm really impressed.
Q: If the GDPR is really so bad why do I read only stupid cases on Techdirt?
[ link to this | view in chronology ]
Re:
"Oh, yet another story where a stupid interpretation is attributed to the law"
Yep, if a law is badly written enough that people interpret in ways that were not intended, that's usually as much down to the law as it is to those interpreting it. It's also a good indication of where other badly written laws that you are demanding can go wrong, even though you tend to attack and/or lie about the intentions of the people warning of how they can be misinterpreted.
"Q: If the GDPR is really so bad why do I read only stupid cases on Techdirt?"
Because you're not intellectually curious enough to read other sites that disagree with your prior assumptions?
[ link to this | view in chronology ]
Re: Re:
Thank you for an even more stupid reply. Think about it: public litter a GDPR problem, really? How stupid is this?
[ link to this | view in chronology ]
Re: Re: Re:
Not stupid at all. In fact, it is simply basic reasoning. And the reply wasn't stupid, yet you went with an ad hominem attack and didn't address the merits of said reply. Who is stupid, again?
[ link to this | view in chronology ]
Re: Re: Re:
"Think about it: public litter a GDPR problem, really? How stupid is this?"
Exactly, it is stupid that the law is able to be interpreted in that kind of way. It really needs to be improved to remove this kind of lack of clarity, as people have been saying. Thanks for agreeing.
[ link to this | view in chronology ]
Re:
Q: If the GDPR is really so bad why do I read only stupid cases on Techdirt?
A: Because you're uniquely obsessed with Techdirt and don't get out much?
I just scrolled through ~7 pages of Google results for variations on "GDPR problems" "GDPR stupid" etc., and I couldn't find Techdirt articles on any of those results pages.
[ link to this | view in chronology ]
Re: Re:
My, are those low google results why we only have to deal with one or two trolls at a time??? :-)
[ link to this | view in chronology ]
Get 'Dose Pails Removed
Sean Begorrah! They'll be lavin' a mess for me mither an' it's her day off.
[ link to this | view in chronology ]
Might as well be called the Arbitrary Punishment Regulation
After reviewing GDPR, the conclusion I swiftly came to is that any organization larger than a few people will find perfect compliance impossible.
And since the regulation makes no provision for scaling the possible penalties based on the severity of the violation, it's clearly just a way for the EU to extract money from any company (or country, for that matter) that they don't like.
The almost-certain selective enforcement will probably eventually cause some WTO problems, but that'll take many years to resolve.
[ link to this | view in chronology ]
Excuse me, but why exactly is it bad if people have to handle sensitive waste properly?
Yes, people have been sloppy for a long time, and now they'll have to stop, and that will involve changing their old sloppy practices. That's not "damage".
The only problem here is the backing down.
[ link to this | view in chronology ]
Re:
"Excuse me, but why exactly is it bad if people have to handle sensitive waste properly?"
It's not. The problem is that the GDPR has absolutely nothing to do with waste management. I'm sure most people won't have a problem with laws that actually address the problems being used.
"The only problem here is the backing down."
So... you'd prefer a situation where a law that has nothing to do with waste gets upheld in a way that reduces the amount of proper waste management (you know, since there being zero bins means that people will just throw their trash in a place less manageable)?
[ link to this | view in chronology ]
Re: Re:
Pre-internet, "trashing" was a highly successful method of data collection.
Still is.
[ link to this | view in chronology ]
Re: Re: Re:
Perhaps. But, that has nothing to do with the GDRP.
[ link to this | view in chronology ]
Re: Re: Re: Re:
Does the GDPR specifically state "electronic" or "computer" data collection?
It's data collection. A bit "old school", but still data collection.
Law of Unintended Consequences biting them in the ass.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:
The bins in the article are bins in public areas of the post office, not in private areas used by staff. I can't think of any sane definition of "data collection" for companies to police that would include wastebins in public gathering areas.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re:
Possibly. That said, I'm all for wildly bizarre but technically correct "interpretations" of idiotic laws which point out just how idiotic they are.
[ link to this | view in chronology ]
Re:
Um, if you choose to place your private, sensitive, confidential information in a public trash can (or any trash can without shredding it), that's on you. It's absolutely not the post office's responsibility to cover for your lack of self preservation.
[ link to this | view in chronology ]
Re: Re:
Except that that's the entirely the point of this article. It should be the case that that's on you if you put your data in the bin, but due to the vagueness of the GDPR, they were worried that they could be held liable anyway even if any sane person would put the onus on the person who threw their personal details in the trash, hence the decision to remove the bins.
[ link to this | view in chronology ]
Re: Re: Re:
There's more to the decisions.
Again, and I know the AC's and Jhon hate this word...
LIABILITY.
Lawyers go after the biggest money.
If YOU get my personal data from a trash bin at the post office, a lawyer could make a good legal case that the Post Office is liable because they didn't secure it.
YES, it's trash. But unless it's on Public Property (PO's are Government Property), it's not considered "abandoned".
That's why the cops can't search a trash can on the house side of a gate without a warrant, but can if it's on the street side of that gate.
If you consider it as a liability to suit decision, it was a good one. The second decision broke the chain of liability, so you get to throw your personal information into collection bins at the PO in Ireland again...
[ link to this | view in chronology ]
Re:
The problem is that it was not their waste, but rather their customers waste. Why should they be responsible for ensuring that their customers do not reveal personal information? Would you hold the local authority responsible for personal information that people through out in their trash?
[ link to this | view in chronology ]
Re: Re:
So this is like Section 230 but for public spaces ("platforms") hosting deposits ("speech") from the public. Glad to see more validation of this line of thinking.
[ link to this | view in chronology ]
Re: Re: Re:
So this is like Section 230 but for public spaces
Nothing like it at all - but thanks for injecting your insane obsession with 230 into every conversation, scammer.
[ link to this | view in chronology ]
Re: Re: Re: Re:
lolwut? Did you miss the last line obviously declaring support for 230? Maybe missed your meds this morning...
For clarity, I compared 230 to the clear refusal of the GDPR to hold the post office accountable for the choices of the public. If you throw your details in the public bin you are responsible, not the site hosting that bin.
Following now?
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:
I'm not sure if you're aware of this, but for quite some time know some random idiot has been coming in and keeps making random idiot comments about Section 230 and how it apparently causing vast numbers of people to have there reputations destroyed by random comments on the internet.
Your bringing in of Section 230 on something unrelated made you like like him.
[ link to this | view in chronology ]
Re: Re:
Because, that's what the GDPR is designed to to: make sure if customers give you data, that you handle it properly.
[ link to this | view in chronology ]
Re:
Excuse me, but why exactly is it bad if people have to handle sensitive waste properly?
Waste is significantly more environmentally damaging if it's not disposed of in proper waste containers. Because the law puts responsibility of properly disposing of "sensitive waste" on whoever happens to own a trash can (regardless of whether that trash can is intended for "sensitive waste"), anyone who owns a trash can will be obligated to treat all trash as "sensitive waste" since there is no way to ensure that no "sensitive waste" is placed into their trash can. Since properly securing and disposal of that waste will be prohibitively expensive, the general solution will be to simply remove all public trash cans, thus leading to people dropping said trash on the street. Even if they keep them, the redesign of the trash can to prevent people from accessing the trash inside them will drastically reduce interior space and increase difficulty in using them, also increasing littering. The environmental damage from this will be significant.
[ link to this | view in chronology ]
Exemptions
As with the government exemption, it actually still IS a breach, they can simply ignore it.
That "public litter" still has all that private data, and sitting in a trash can, it's still got the potential to reveal to anyone things that should be kept private, but we'll ignore that since it would be more work for us.
[ link to this | view in chronology ]
Re: Exemptions
No, it's a breach if a post office employee throws your private data in. If you mishandle it yourself, the trashcan provider isn't liable.
[ link to this | view in chronology ]
Trash Cans? Seriously?
They probably wanted to remove them so that they have an excuse to not throw away any of their corrupt practices.
By now they’ve probably have an entire land-fill full of corrupt laws that’s piling their office.
[ link to this | view in chronology ]
Re: Trash Cans? Seriously?
Post office pass laws now?
[ link to this | view in chronology ]
Re: Re: Trash Cans? Seriously?
Oh gosh dangit! My bad. I keep misreading the title and that has become a bad habit that I need to break soon.
[ link to this | view in chronology ]
the old adage still holds
One man's trash is another man's scamming source material.
[ link to this | view in chronology ]
There could be new covers place on bins in each post office
with slots so paper reciepts can be put in a slot but cannot be removed by someone looking for data ,
some reciepts will have an account no, name , and social security id no,
which might be useful for id theft scammers .
All post offices in ireland have security camera,s which cover the public
parts of the building .
IF i wanted to get info on someone i would just make a facebook account,
or look at various websites that post info from various hacks
of user data rather than looking in a bin for a receipt .
[ link to this | view in chronology ]
Re:
Is it illegal in countries covered by GDPR for people to rummage around in public bins and keep what they find?
[ link to this | view in chronology ]
Memory holes
So the Party, in its everlasting wisdom, was right all along to install furnaces below the bins. How can you not appreciate the guidance of Big Brother? Love Him already!
[ link to this | view in chronology ]
You will have to pardon me for this long and slightly off-topic post/rant, but I feel like I have something to say over here.
I think that the GDPR is the dumbest kind of "spaghetti" legislation that one could ever conceive. It shows absolutely no regard for real life cases.
Most small and everyday webmasters either ignored it by geoblocking the EU, or tried to comply with it by slapping a pre-populated privacy policy and privacy "solution" on their websites, using some external online service. This because paying for or hiring external privacy "expertise" was overkill for them, given not only its costs, but also its dubious efficacy.
Now, never mind the risk and vulnerability of using a single point service for all the privacy matters of every website, but I still wonder: how do small businesses deal with the finer requirements of that law? For example, the GDPR says that, in order to honor the right to be forgotten, a business has to remove every instance of a single person's data everywhere, if they request so. How do you remove granular and individual user data in full backups, especially offline ones, and on request, I ask? Especially if you are a small everyday business and not some enterprise like Google or Facebook.
Or, let's say a company manages an existing database with its clients' data. How do you anonymize or "pseudonymize" the contents of it, as this law requests, without totally changing how that same database works in the first place?
Or, given the hefty penalties for data breaches, how do you make sure that your system is unhackable? We know that security is a compromise, and not an absolute, and that shit can happen sadly. Why should businesses be lambasted for failing to properly protect their properties, when this is almost impossible to do nowadays, while the actual hacker who committed the crime remains unscathed instead?
In today's age, when most websites rely on CMS, Wordpress and the like to do their job, why to place such a huge liability on businesses that use a CMS, which may be not fully updated for many reasons and hence hacker-prone, instead of placing it on the CMS developers themselves?
Everyday and small businesses have bigger fish to fry than making sure that their systems are totally hacker-proof, especially when the actual responsibility for vulnerabilities is not directly theirs, since they use some external CMS. Sure, businesses can update it to give it a bit more security, but as we all know there is a myriad of real life instances when this cannot be done, or done right away. Maybe one of your plugins is not updated to the newest version of the CMS you are planning to update to, and it won't work with it, or maybe you are afraid that the newest CMS update will fuck up your website, or you worry that it will introduce new security holes, etc.
In my opinion, all of this shows an extreme bias of EU legislators in favor of corporations (which can afford to pay for and deploy such systems as required by the law) and against the little man (who just can't do so).
Given these precedents, it is no wonder and absolutely not in the realm of pure speculation that the same thing (if not something exponentially worse) could happen with Article 13/17. Just that in this case, the ones affected will be independent, direct-selling platforms and gatekeeper-avoiding avenues, where creators and artists could finally be able to self-publish, to grow and to control every facet of their own creative business, and so ultimately the ones who will suffer the most will be the creators and artists themselves.
And this pisses me off to no end. Because it is one thing if you go against business in this faux-capitalistic and corrupt world, but it is totally another thing if you go against the hopes and dreams of individual artists and creators, while pretending that you want to make their life better. Individuals who are sensitive enough and are not schooled usually in the dry, dirty, cutthroat and just plain ugly aspects of the gatekeeper businesses, including the music business.
And you don't break the hopes, dreams, aspirations and inspirations of european and worldwide artists and creators (especially under the superficial and misguided guise that you want to help them) with impunity and without there being repercussions. As the general, widespread and severe backlash against Article 13/17 has shown, and continues to show, from experts and the general populace alike.
[ link to this | view in chronology ]
Re:
This isn't a surprise, neither is it off-topic, because the two ideas - "right to be forgotten" and "copyright enforcement" - are inextricably linked.
It's the idea that someone (for some inexplicable reason) deserves to wield a magic wand that not only disappears whatever he doesn't like, but also punishes anyone who doesn't bend to his whim and will instantaneously. This is something both GDPR and "notice and staydown" require as their end goal, and the reason why John Smith bitches about copyright law and Section 230 in articles which suggest that the evidentiary value of IP addresses isn't as rock solid as he wants it to be.
[ link to this | view in chronology ]
Re: Re:
Well, I see it from another angle, a creative one I guess.
Since I know that humans can be petty, vindictive, greedy, and all of those fine qualities, I would better entrust the wisdom of experts + the wisdom of crowds combined in an electronic system designed to weed out the overtly negative aspects of it, but only as minimally as needed.
In short, I want to live in a world where only "worth" and "popularity" are the arbiters of what has to be worthy and popular. And I surely don't want any human gatekeeper to interfere in this process. I don't want any gatekeeper to decide what has the right to be shown/played and what not. I want every individual or entity to be able to express him/her/itself, without anyone impinging on their right to do so.
The evidence at disposal shows that the recording industry, for example, exercises this gatekeeping business at the highest levels. How many artists send demos and are rejected? How many are swindled into signing an exclusive contract with a label which doesn't even release their music afterwards, and just because they are deemed too much of a competition to have around? How many are signed, released, and then not paid their due royalties?
I think that, as long as there will be humans around entrusted with the right to dictate and decide over the creative aspects of other humans, this situation will only persevere. Things like Article 13/17 are a huge step in the wrong direction. I don't need no gatekeeper to decide what I have to listen to. People might find a human reviewer useful, who helps to show how to part the wheat from the chaff, and this is welcomed and such a reviewer has all the rights to exist, but in no case shall such reviewer become a gatekeeper and be entrusted with the "right" to make others listen only to what he/she wants them to listen to.
People must have the right to listen to whatever they want to listen to, and the conditions should be such that there is the widest availability and diversity of creative content available. The reviewer shall then pick the good fruits from this wealth of produce, comment them and show them to others, while having the freedom to criticize, even sternly, any fruit he/she doesn't appreciate, but always in a spirit of education and enlightenment. And I repeat, in no case the reviewer shall have the right to take a fruit and make it so that others won't be able to eat it, if willing.
Of course you can extrapolate this consideration to any gatekeeper-ridden business, not only the music industry.
This calls for more power to conscientious high-tech and new media companies, and less power to old-tech and human-mediated old media. We can argue whether Google, to say one name, is an example of this, and I'd argue that in many cases it doesn't seem like it (I think that the takeover of YouTube by Google has been a disaster, for example, and that YouTube was much better off before Google bought it and started interfering with it) but surely among the dumb things that Google has done you can find some good ones.
The Internet was created for this: for anyone to express their opinion, or publish something creative or useful that they do, and on the other side, for people to find what they are actually interested in and choose what they really like over a variety of things. Hence, why are these new laws needed? We always have that clunky old one-way box in the living room telling most people what to think and what to be interested in.
Unless, of course, the powers that be and old media are shitting their pants because a revolution is underway...
[ link to this | view in chronology ]
How to contact IRS about a tax refund
For the development of any country, Taxpayers are the most very important assets. If they are not proud of the services then it will turn out a lot of problems. This may be the reason IRS is providing you the service of contacting them whenever you feel the need. Just by contacting the How to contact IRS about a tax refund, you will be able to resolve any problem payer is facing. And also the best half is that you {simply that you just} simply will not be talking to a machine but to someone WHO can understand your situation.
This can be one in every of the best choices for you instead of checking out the answer on the net. So you will be talking to AN expert WHO is trained and have all the information that is needed to resolve the issues.
How to get IRS tax refund telephone number live person?
When you are paying for one issue then you always expect the best in return. This can be applicable to theirs similarly and it gets even a lot of importance here. Because those are contacting are the responsible citizens and need to know about the cash they gave to the govt... In this, the foremost important issue is to some way to contact them that the taxpayer may contact the live person.
Well, there is no need to search on the net or browse the other article simply dial the way to contact IRS a few Tax Refund. Once you dial that you {simply that you just} simply are able to contact the live one WHO has the information. This can help you get the answer to the problems you are facing, it does not matter what kind of problem you are facing but you can resolve them simply.
https://refundinquery.com/how-to-contact-irs-about-a-tax-refund/
[ link to this | view in chronology ]
Hey Techdirt Community,
your favourite DSGVO troll is back. Sorry, but I was busy with other things.
@Igualmente69: I said the story and PaulT's reply are stupied. I did not say nor do I mean that the persons behind are stupid. If I would think this I would read Techdirt anymore. So I don't understand the "ad hominem attack" of your comment. Is labelling someone as a troll a better example?
@AC above: That's right. I don't get much out of Techdirt these days. I remember that it was different years ago when I started reading it. I think too much things are taken for granted here.
Now to clarify my point about stupidness: The story says that public litter because people put things with personal data into them, right? In which universe is this processing of personal data by the organisation which is responsible for the litter boxes? I'm sure most of you have a simple explanation. Or perhaps you want to strech one of the GDPR articles so that it matches the case? Feel free to convince me. Until then I call it stupid.
@PaulT: You say that the GDPR is badly written. Ok, make your point: What is your / the commony agreed criteria for a well written law. Can you point me to some examples?
[ link to this | view in chronology ]
Re:
What a surprise. Still trying to convince judges that Shiva invented email? Hasn't the Indian been scalped enough?
[ link to this | view in chronology ]
Bureaucratic Unelected Power-hungry Know-it-alls
[ link to this | view in chronology ]
Sounds good to me
I work for one of the largest pharmacy chains in the US. There have been times where we've found major privacy issues -- HIPAA violations of the kind that we have already been fined millions per day for. Generally the response from management is "Skip it for now, the priority is that we meet our artificial, self-imposed deadline and we can worry about privacy later."
It's quite refreshing to see some people actually trying to put privacy first. And frankly, it delayed deliveries by ONE DAY. If you can't make it one extra day without someone bringing you food you've got much bigger problems.
Fuck, even the "removing trashcans" thing sounds like a great idea to me. Dumpsters are already a great source of identity theft materials, you think there should be zero attempt to mitigate those friggin' gold mine dumpsters?
Privacy is worth putting a bit more thought into, Tim.
[ link to this | view in chronology ]