Jump to content

Updated Terms Notice & Privacy Policy


Azimech

Recommended Posts

9 minutes ago, Lisias said:

But I don't want to do business with such cultures. But they are regulating me nevertheless. That's the problem.

The problem is that you are misinterpreting GDPR. You read it in a way typical to people in technical professions, who focus too much on the specific wordings and too little on the overall intent. Law doesn't work that way. It's not a technical specification but an ambiguous set of guidelines for dealing with the ambiguities of the real world. People spend years in law schools to learn the right way to interpret it.

For us non-lawyers without large enough interests to hire a lawyer, it's better to focus on the intent of the law. If you don't want to do business with Europeans, you can collect the minimal amount of data to determine whether a person is European, make the decision, and throw away the data once you no longer need it. Assuming that you have some kind of online business, you probably don't even collect personal data from the GDPR perspective this way.

Link to comment
Share on other sites

2 hours ago, Jouni said:

The problem is that you are misinterpreting GDPR. You read it in a way typical to people in technical professions, who focus too much on the specific wordings and too little on the overall intent. Law doesn't work that way. It's not a technical specification but an ambiguous set of guidelines for dealing with the ambiguities of the real world. People spend years in law schools to learn the right way to interpret it.

The problem is that you are not a Lawyer neither a Project Manager. I have one to consult, and I'm the another by formation.

It's all about cost and risk management. If there's ambiguity, there's risk. And risk costs money.
 

People in State Agencies come and go. Perhaps the present people on the Regulatory Agencies have good intentions in their heart, and will behave as such.

But next year or the another, we will have elections. God knows if the new people on the Regulatory Agencies will remain on such good intentions.

(and I didn't vote on any of them anyway - why I should submit to them, even by not doing business with them?)

 

EDIT:

In a nutshell: There's no free lunch. Someone has to pay for the party - and nobody likes to pay for parties those were not invited. Or willing to go.

Edited by Lisias
hit "post" too early. and a nice quote added. and some grammar fix.
Link to comment
Share on other sites

4 hours ago, Lisias said:

The problem is that you are not a Lawyer neither a Project Manager. I have one to consult, and I'm the another by formation.

It's all about cost and risk management. If there's ambiguity, there's risk. And risk costs money.

Shame that the EU did not give you a grace period of two years since the GDPR was adopted on 2016-04-14. Wait...

Link to comment
Share on other sites

7 hours ago, cfds said:

Shame that the EU did not give you a grace period of two years since the GDPR was adopted on 2016-04-14. Wait...

I'm not an EU citizen. I do not do business with EU citizens. Why should I be concerned or even interested on such "grace periods"? Are we back to the XIX Century? Should I expect some EU officer coming for my thumbs in my own house?

Edited by Lisias
grammars... X-(
Link to comment
Share on other sites

13 hours ago, Jouni said:

Assuming that you have some kind of online business, you probably don't even collect personal data from the GDPR perspective this way.

The Whole World collects, profiles and stores PII Data now. GDPR states crystal clear that IP Addresses are PII Data for them.

Edited by Lisias
added link. and grammar... X-(
Link to comment
Share on other sites

Take Two mention changes to EULAs and handling of personal data as a potential source of significant financial risk in their business model. They acknowledge that the handling of user data could significantly effect sales and therefore revenue, an effect they experience much more significantly than many other companies due to a "disproportionately higher amount of attention", which I think is a valid observation.

The document combines observations of data handling and data theft within the same paragraph, so I'll quote what I consider to be relevant:

Quote

Our business could be adversely affected if our consumer data protection measures are not seen as adequate or there are breaches of our security measures or unintended disclosures of our consumer data. We are collecting and storing consumer information, including personal information. We take measures to protect our consumer data from unauthorized access or disclosure. It is possible that our security controls over consumer data may not prevent the improper access or disclosure of personally identifiable information. In addition, due to the high profile nature of our products, we may draw a disproportionately higher amount of attention and attempts to breach our security controls than companies with lower profile products

and later on:

Quote

The laws and regulations concerning data privacy and certain other aspects of our business are continually evolving. Failure to comply with these laws and regulations could harm our business

Player use of our games is subject to our privacy policy, end user license agreements, and terms of service. If we fail to comply with our posted privacy policy, EULAs, or terms of service, or if we fail to comply with existing privacy-related or data protection laws and regulations, it could result in proceedings or litigation against us by governmental authorities or others, which could result in fines or judgments against us, damage our reputation, affect our financial condition and harm our business. If regulators, the media, or consumers raise any concerns about our privacy and data protection or consumer protection practices, even if unfounded, this could also result in fines or judgments against us, damage our reputation, negatively affect our financial condition, and damage our business.

the entire document can be found here, and the quotes are taken from page 18, section starting page 11.

While we can't take anything for certainty from this, we can assume that TT consider induvidual and corporate concern over their data use to be a significant risk in their business model, which is very interesting - they do not need to incur this risk, because the collection of these types of data is not necessary for the functions of their products. It is instead a factor they are willing to include despite an acknowledged risk of losses, which leads me to believe they may in some way be profiting or planning to profit off the collection of this data in some way, be it in house marketing gains or the sale of data to third parties, the latter of which is of course more concerning.

(I know these statements cover only the violation of the EULAs and law, but they are important to include only because the existence of these policies provide TT the ability to complete actions that are legally ambiguous)

Link to comment
Share on other sites

3 minutes ago, Raptor9 said:

And more speculation, cherry-picking conjecture, fear-mongering... :rolleyes:

I'm just adding it to the conversation as an unconsidered factor, I don't mean to "fear-monger". I'm frankly a little confused as to how you're writing this off with such confidence, I understand the purpose of this EULA is simply to open the options for TT but there is a significant risk here, reinforced by the linked document. I think it's got to the stage where there is plenty to suggest Take Two could be lining up for a new way of turning profit from data that you're going to have to do more than just dismiss it verbally to change my, or many other's opinions. Maybe show me a document that formerly dismisses these claims? Or a corporate statement?

The fact here is, TT now has the ability to do this, and there is of course reason to speculate and be aware of the possibility. There's no use in dismissing the risk completely and if you're not interested in the issue, don't visit the thread.

Link to comment
Share on other sites

1 hour ago, wblayney said:

Take Two mention changes to EULAs and handling of personal data as a potential source of significant financial risk in their business model. They acknowledge that the handling of user data could significantly effect sales and therefore revenue, an effect they experience much more significantly than many other companies due to a "disproportionately higher amount of attention", which I think is a valid observation.

The document combines observations of data handling and data theft within the same paragraph, so I'll quote what I consider to be relevant:

and later on:

the entire document can be found here, and the quotes are taken from page 18, section starting page 11.

While we can't take anything for certainty from this, we can assume that TT consider induvidual and corporate concern over their data use to be a significant risk in their business model, which is very interesting - they do not need to incur this risk, because the collection of these types of data is not necessary for the functions of their products. It is instead a factor they are willing to include despite an acknowledged risk of losses, which leads me to believe they may in some way be profiting or planning to profit off the collection of this data in some way, be it in house marketing gains or the sale of data to third parties, the latter of which is of course more concerning.

(I know these statements cover only the violation of the EULAs and law, but they are important to include only because the existence of these policies provide TT the ability to complete actions that are legally ambiguous)

It's interesting that you read and quoted those pieces, but failed to read, or maybe just failed to comprehend, the privacy policy. You stated "because the collection of these types of data is not necessary for the functions of their products," which clearly demonstrates you don't know what you're talking about. The only personal information that Take2 can acquire is done so on a voluntary basis so they can provide a service to the customer. Tell me how Take2 would be able to process a purchase from me without my name, billing address, email address and payment information. Tell me how I could sign up for a newsletter without providing my email address. How could I utilize technical support without providing them a means to respond to me, whether that be an e-mail address or a phone number? Take2 only "collects" what is necessary to serve the customer's request. None of those activities are required to play the game, so the customer isn't being forced to provide anything that they don't choose to provide voluntarily.

The only information collected by the game is anonymous analytics and hardware information.

Read the privacy policy: https://www.take2games.com/privacy/

Link to comment
Share on other sites

1 minute ago, hbk314 said:

It's interesting that you read and quoted those pieces, but failed to read, or maybe just failed to comprehend, the privacy policy. You stated "because the collection of these types of data is not necessary for the functions of their products," which clearly demonstrates you don't know what you're talking about. The only personal information that Take2 can acquire is done so on a voluntary basis so they can provide a service to the customer. Tell me how Take2 would be able to process a purchase from me without my name, billing address, email address and payment information. Tell me how I could sign up for a newsletter without providing my email address. How could I utilize technical support without providing them a means to respond to me, whether that be an e-mail address or a phone number? Take2 only "collects" what is necessary to serve the customer's request. None of those activities are required to play the game, so the customer isn't being forced to provide anything that they don't choose to provide voluntarily.

The only information collected by the game is anonymous analytics and hardware information.

Read the privacy policy: https://www.take2games.com/privacy/

This is true, and I hadn't considered direct purchases from Take Two.

I'm a little confused as to why this EULA is applied to Steam products and products that are purchased through Steam's systems, who's data should never need to be covered by TT's policies. Additionally, why does TT need the right to share this data with third parties? If purchases are done through other platforms the payment information should never even need to reach TT's systems and should not be relevant - this applies only to services that deal with purchases in house. And it's not that the user is only providing TT this data if they use that aspect of the service - they HAVE to agree to the entire package when they install the software, so just because the only thing the game collects is non-personal data as far as you know, they have the right (and ability) to collect personal data. 

Quote

"If you do not want your information used or shared in this manner, then you should not use the Software"

Also, why was the EULA only just updated if these functions are, as you imply, so vital for the operation of the company?

Link to comment
Share on other sites

13 minutes ago, wblayney said:

you're going to have to do more than just dismiss it verbally to change my, or many other's opinions.

I wasn't trying to change anyone's opinion (that rarely happens in online debates anyway). I was posting my opinion (which is more thoroughly spelled out here), counter to your own and other's for those that were undecided or unaware.  If someone were to visit this thread, and was unaware of this discussion prior and were in the process of forming their own opinion, I think it would be healthy to see multiple viewpoints so they can form their own.

17 minutes ago, wblayney said:

There's no use in dismissing the risk completely and if you're not interested in the issue, don't visit the thread.

I'm dismissing it because I interpret the matter differently.  And I am interested in the issue, which is why I'm here, I simply don't agree with you.

Link to comment
Share on other sites

31 minutes ago, Raptor9 said:

I wasn't trying to change anyone's opinion (that rarely happens in online debates anyway). I was posting my opinion (which is more thoroughly spelled out here), counter to your own and other's for those that were undecided or unaware.  If someone were to visit this thread, and was unaware of this discussion prior and were in the process of forming their own opinion, I think it would be healthy to see multiple viewpoints so they can form their own.

I'm dismissing it because I interpret the matter differently.  And I am interested in the issue, which is why I'm here, I simply don't agree with you.

Okay, I appreciate you bringing in an opposing view and I hope it helps anyone else looking into this. While I still disagree with your attitude towards this, I understand the frustration you hold to people like me who appear to be making a big deal of what could well be a non issue, and I'm glad there's a good chance it could well be just that - a non issue.

Thanks for your time today, I really just wanted to add the quotes from the earnings report to the thread and leave it at that, so thanks for reading those and taking them into consideration in your argument.

Link to comment
Share on other sites

1 hour ago, wblayney said:

This is true, and I hadn't considered direct purchases from Take Two.

I'm a little confused as to why this EULA is applied to Steam products and products that are purchased through Steam's systems, who's data should never need to be covered by TT's policies. Additionally, why does TT need the right to share this data with third parties? If purchases are done through other platforms the payment information should never even need to reach TT's systems and should not be relevant - this applies only to services that deal with purchases in house. And it's not that the user is only providing TT this data if they use that aspect of the service - they HAVE to agree to the entire package when they install the software, so just because the only thing the game collects is non-personal data as far as you know, they have the right (and ability) to collect personal data. 

Also, why was the EULA only just updated if these functions are, as you imply, so vital for the operation of the company?

Please, read the privacy policy. It also covers the circumstances in which data may be shared, such as a court order. You've made multiple claims that show a lack of complete understanding of Take2's policies. You can't read the EULA and not the privacy policy, especially if the discussion topic is personal information and other privacy/data concerns.

They don't have the right or ability to collect personal information. It's specifically stated what can be collected by the game. Personal information is collected on a voluntary basis. That does not mean that you "volunteer" your personal information by playing the game as you seem to be suggesting. They're not going to run afoul of their own privacy policy and the law.

The changes were made this year because of the GDPR that went into effect in Europe on May 25th. They now have to list any personal data that could possibly come into their possession and how. There's nothing to suggest that anything has changed operationally. They just have to state it this way to comply with the new European privacy law.

Link to comment
Share on other sites

On 5/30/2018 at 1:46 AM, Lisias said:

Granted. So they are asking for such permission. You are not obliged to grant them, but they are not obliged to service you neither.

Yes, once one negate such permission, their data should be promptly and unrecoverably deleted. No arguing about that.

What's plain wrong is demanding the company to service you once you deny them the rights they want to your personal data.

Undestand that I don't denying the abuse they promoted in the past. I'm not defending the abuse. I'm defending a business model where companies receive proper return for services they provide - you don't agree with my fee? Fine. Really. But then I don't have to service you.

*snip*

sorry man for aiming this your way, but its my general oppinion of everything about the whole subject

//rant on

this is where i get confused, basically the issue that everyone is having with this right now is tracking cookies. every website has just put up a thing in the EU asking permission to track you, and some, when you say they cant, block you. Its that easy (or they show un targeted adverts usually for asian brides, they must think people in finland want that)

the reason for this, although google and facebook are the most noted, is the other advertising companies that are harvesting massive amounts of personal data about people and keeping it on unsecured servers and not telling anyone. Yeah its an inconvenience for people running the sites to make sure they are safe and comply, but that aint nothing compared to people that get their identity or card details stolen from these places.

here is my actual experience, 2 years ago someone in south america hacked my facebook , and my gmail. it turned out they had hacked my yahoo address and used that to authenticate, i was also told by paypal about hacking attempts but i had changed my passwords. it took over 2 weeks to fix  and go through all other sites i could think of and make sure passwords where changed and authentication changed. Yahoo set up security so basically there is no password, i need my phone to sign in. all sorted but no idea how they did it.

I only found out a month ago what happened when Eve Online contacted me and said my email address and password where on a list of breached passwords, some exchanges later i found out this was a hack of adobe in 2007.... and actually they informed all* their customers that had been hacked, but only if they lived in the US.  These laws are needed because these companies cannot be trusted on their own! and thats the end of the argument. IF i took your credit card with, firstly you should have to giver me permission to have it, secondly if you did, you would expect me to keep it safe and not where people could get it. thats all these laws do. Ive personally seen the lookup tools at an isp in the UK where you can take an ip and get an address. take that address and get a general profile of people that live there. a few name searches later and boom you know who was shopping at petsovernight.com and you can send your self a giraffe at their expense...

//rant off

with all that said thow, my question isint what will people do, its why wasent this being done before.

Link to comment
Share on other sites

31 minutes ago, Space Kadet said:

here is my actual experience, 2 years ago someone in south america hacked my facebook

[SNIP]

with all that said thow, my question isint what will people do, its why wasent this being done before.

My C.V. with some private details (mine and from previous employers) are published on the Web. Some <insert your worst non forum compliant "compliment" here> posted it for reasons beyond my comprehension. Worst, I sued one of my previous employers for no payment (go figure out what such person has in mind - but, hey, I'm on a third world country!). By cross checking the public legal records (that are public data) with this leaked C.V., one can tell easily I sued a previous employer. I don't have to tell you the consequences for my employability. :-)

So, yeah. Again, I'm not against what the GDPR is trying to do. I'm against what it is doing instead. Two different things, believe me.

You (probably) don't have the slightest idea what is to have your business in the hands of a bureaucrat that simply doesn't loose anything by doing a bad decision against you. Giving such power to bureaucrats under Civil Law is a receipt for tragedy (on Common Law, it's far easier (or less difficult) to sue the stand-up guy by what he has done effectively, besides being "compliant" to the letter of the law). They can do what's easier for them at the moment without fearing consequences.

Edited by Lisias
"stand-up" guy??? heheheheheh . ;-)
Link to comment
Share on other sites

7 minutes ago, Lisias said:

My C.V. with some private details (mine and from previous employers) are published on the Web. Some <insert your worst non forum compliant "compliment" here> posted it for reasons beyond my comprehension. Worst, I sued one of my previous employers for no payment (go figure out what such person has in mind - but, hey, I'm on a third world country!). By cross checking the public legal records (that are public data) with this leaked C.V., one can tell easily I sued a previous employer. I don't have to tell you the consequences for my employability. :-)

So, yeah. Again, I'm not against what the GDPR is trying to do. I'm against what it is doing instead. Two different things, believe me.

You (probably) don't have the slightest idea what is to have your business in the hands of a bureaucrat that simply doesn't loose anything by doing a bad decision against you. Giving such power to bureaucrats under Civil Law is a receipt for tragedy (on Common Law, it's far easier (or less difficult) to sue the stand-up guy by what he has done effectively, besides being "compliant" to the letter of the law). They can do what's easier for them at the moment without fearing consequences.

Dosent that describe every useless manager we have all had, some faceless idiot that hasent got a clue what you do and dosent care :p
But the problem you seem to have is that civil law is a daft idea. thats how you get idiots in charge that havent got a clue what they are doing (no politics here im meaning the elected judges) 
But thats why this has to exist, most large information companies are american of korean, people in europe cant do anything to them if they get sucker punched. this keeps them in check. yeah the little guy gets stuffed at the same time, but thats the price of having a society, im not allowed to do acid because some daft prat thought he could fly and dove off a buildin, and i cant drive at 160 down the motorway (except in germany) because some twonk fliped out and died. All laws that stop evil or stupid people doing bad things also curtail and make more work for most other people too.

i do feel for you man. i used to work for a security company and i heard about all the crap they had to do for this!

Link to comment
Share on other sites

1 minute ago, Space Kadet said:

[snip] yeah the little guy gets stuffed at the same time, but thats the price of having a society, im not allowed to do acid because some daft prat thought he could fly and dove off a buildin, and i cant drive at 160 down the motorway (except in germany) because some twonk fliped out and died. All laws that stop evil or stupid people doing bad things also curtail and make more work for most other people too. [SNIP]

But none of them prevents you from driving cars due fearing of being fined by taking notes of car's licenses if one of them "hit and run" you or run over a kid in front or you.

Link to comment
Share on other sites

2 minutes ago, Lisias said:

But none of them prevents you from driving cars due fearing of being fined by taking notes of car's licenses if one of them "hit and run" you or run over a kid in front or you.

your wrong there, the analogy is sound, 

to drive a car, you need a licence, insurance, the car must be tested, you must obey the highway code and if you are found to not follow the rules you get punished. the police can stop and check you and if someone reports you they cant do much if they cant prove it, but if they can (mobile footage) your scuppered.

these days alot of people are using dash cams so they can counter any frivolous complaints. it is literally the same situation when you think about all you have to go through.

this is coming from a bloke that got pulled by a copper for speeding in france only for me to show him the footage from my cam (recording front and dash) and politely tell him to get bent.... they hate the british in france..

Link to comment
Share on other sites

1 hour ago, Space Kadet said:

your wrong there, the analogy is sound, 

You don't like the car metaphor? Ok. Let's talk about phone numbers. Or anything else. And they will fail exactly like the car's license. The reason? IP Addresses are not meant to identify Persons on a lifetime, only to identify routable interface cards for a finite amount of time.

The very idea of "fixed IP Address" is a nonsense from the protocol point of view. We would not need Domain Name Systems (that DNS thing) if the IPs were not meant to be mutable and transient - it's exactly what would make the Internet resilient if attacked (it was developed for DARPA, after all). The old and faithful "Internet Yellow Pages" would be still used nowadays if this would be the case.

Sorry, pal. We will have to agree to disagree here.

This whole IP Address as PII Data is a stunt. The easiest and most efficient way to prevent an IP Address to univocally identify a person is simply Dynamic IPs. Rotate the IPs regularly, demand full protections under jail penalty to who leak the IP/timestamp tuple that would identify the person (without a legal warrant - as any other "real world" private information, by the way), and Europe would had solved this part of the problem in house without the slightest margin for error. Tie the IP Range Blocks  under the same geographic locations, and GeoIP would still works (so, no problems with region locked content providers).

Instead, they choose to shove this burden on the rest of the World.

The reason? I left it as an exercise for the readers. From a technical point of view, it's just plain stupid.

Hell. Carrier Grade NAT would had solved the problem.

Edited by Lisias
grammars... X-(
Link to comment
Share on other sites

19 hours ago, Lisias said:

The Whole World collects, profiles and stores PII Data now. GDPR states crystal clear that IP Addresses are PII Data for them.

I meant that storing and processing data in the technical sense is different from storing and processing data in the legal sense. Data protection is generally concerned with the long-term retention of data and the legal/significant effects of the decisions made using the data. If you simply process the data for short-term technical reasons and then discard it, you are often not processing it in the legal sense.

A quick example: Routers inevitably process personal data. However, unless they resort to extensive logging, they are usually not processing the data in the legal sense.

Words have different meanings in different fields. The context matters, and there are always hidden assumptions shared by the people in the field. When you read documents from outside your field of experise, you cannot simply assume that you can understand them, because you know the everyday meanings of the words.

Link to comment
Share on other sites

9 hours ago, Jouni said:

I meant that storing and processing data in the technical sense is different from storing and processing data in the legal sense. Data protection is generally concerned with the long-term retention of data and the legal/significant effects of the decisions made using the data. If you simply process the data for short-term technical reasons and then discard it, you are often not processing it in the legal sense.

A quick example: Routers inevitably process personal data. However, unless they resort to extensive logging, they are usually not processing the data in the legal sense.

There's no professional router in the World that would not collect, process and profile IP Addresses. Ergo, they made evey single router device on the planet a Data Processor and, at least by the cold letter of the law, a liability. Even my home ones do that - and I find interesting the law explicitly ruled out domestic devices.

 

9 hours ago, Jouni said:

Words have different meanings in different fields. The context matters, and there are always hidden assumptions shared by the people in the field. When you read documents from outside your field of experise, you cannot simply assume that you can understand them, because you know the everyday meanings of the words.

EXACTLY. Context matters. Here is some more context for your appreciation:

Quote

The biggest and most worrisome changes are to the "link tax" proposal, which would establish a special copyright-like fee to be paid by websites to news publishers, in exchange for the privilege of using short snippets of quoted text as part of a link to the original news article. Voss's latest amendments would make the link tax an inalienable right, that news publishers cannot waive even if they choose to.

Source.

Feel free to consider the implications for comercial site owners (including this one), where you can't profile IP Addresses (and so can't tell who is a liability and who isn't), and can be taxed if any of your users/creator content links to a 'copyrightable content' - and everything is copyrightable. 

Anyone remembers when I talked about some kind of "rights" grantable by Civil Law ruled legislations that no contract can overrule? I just learnt the English wording for it: "inalienable right". How I know it? Because the right to be paid for each link for your site will be an inalienable right. Nobody will be able to wave off the "right".

So, for the ones that know how to do "1 + 1", the American News sites are not boycotting EU due the privacy laws. They are blocking EU to be not involved on this Holy, Freaking Mess. More to come.

If there's something that History should had taught us is that every law will be fulfilled and enforced to this maximum extension sooner or later. I'm still waiting for a single exception for this rule of thumb - what reminds me: yeah, they are coming for our thumbs. Worldwide. It's XIX Century all over again.

Edited by Lisias
better phrasing. This things are hard on my mother's tongue, what to say on foreign ones....
Link to comment
Share on other sites

8 hours ago, Jouni said:

When you read documents from outside your field of experise, you cannot simply assume that you can understand them, because you know the everyday meanings of the words.

Yeah. It was what I told my lawyer when he start to talk about protocols and IP Addresses and routing. :-)

I asked him where in law are defined what is a IP Address, what is a router and what is a protocol. They are still searching.


EDIT: Some EU lawyer here? There're some people in need of a little help on the matter, as it appears =P (highlights are mine):

Quote

“We must find a way to implement GDPR without creating undue barriers... EU authorities must provide clearer rules and a more predictable regulatory environment to support investment and innovation.” -- Ross, Wilbur. USA Secretary of Commerce.

Source: Reuters.

On the bottom line, I'm not alone on these concerning (as I said before).

The problem with that "outside your field of expertise" argument is that it works both ways, @Jouni. You are not immune neither.

 

AFTERMATH: I don't think I can contribute with something new about the matter. It appears to me that I made myself perfectly clear, and I quoted enough people and references. If this is a collective hysteria (still possible), it's a hell of a collective one.

Right now, I need to fulfill some technical demands over my servers, to do some risk mitigation about the new environment I will handle (I am the Project Manager of my own business after all) and, by Kerbol's sake, I came here to play KSP, damn it! I need to find some time for it!

Edited by Lisias
Adding quote.
Link to comment
Share on other sites

2 hours ago, Lisias said:

The problem with that "outside your field of expertise" argument is that it works both ways, @Jouni. You are not immune neither.

That's the reason I'm not reading the regulations, looking up references, and asking for definitions. When things fall outside my area of expertise, reading the original sources will usually make me more confused, not less confused.

However, I do have some background in data privacy and data protection issues in academic and non-profit settings in the EU. I understand the general way the data protection people think about these issues. From that perspective, GDPR is not a major change to the way the EU approaches data protection. Most things that are illegal under GDPR were already illegal before it. GDPR simply gives the regulatory authorities more effective tools for enforcing the regulations. If an organization was already following the spirit of the law, they most likely just had to plan and document the ways they process personal data better.

Link to comment
Share on other sites

On 5/29/2018 at 8:01 PM, Jouni said:

Anyway, I'm not really defending the EU position, I'm simply describing it. Foreign cultures often have customs and values that seem alien to outsiders. The outsiders should take these customs and values into account when doing business with these cultures.

... which is a great argument against blanketly applying this to the world without even the option of just not doing business with them.

Link to comment
Share on other sites

It's a wiiiiild speculation over a crazy idea, but... In my country, there are some rules about data retention AND transparency about data requests. I am obliged by Law to keep PII Data for some time, and I will be pretty <Piiiiii> if legal authorities request them and I don't have them.

So, demanding me to delete such data is ilegal. Better. Threatening me (by any means) for deleting such data is Extortion!

And since the legal agreements of mutual juridical assistance works both ways, even by being able to shield their citizens from effective prosecution, EU can't block a international warrant for the "criminal".

Of course, EU can just blow the agreement - but as I said, it works both ways: they would loose the way to fine companies on the other country. From now on, it's Foreign Relations. Kiss copyright enforcement bye-bye. 

It's probably impractical (assuming it's possible) to anyone not big enough to have his own dedicated team of lawyers - and would be suicidal from the PR point of view. But some organizations, like the MPAA, doesn't care for these things...

Yeah. Talking to a lawyer can be fun. This is going to be interesting.

EDIT: It's not so wild speculation anymore. Article 160 from Brazil's Penal Code. "Indirect Extortion". 

EDIT2: Do what I say, not what I do. The European Commission leaked a HUGE amount of Europeans PII Data. But "Officials in Brussels have argued, despite the design the rules, they do not have to have follow them for 'legal reasons'."

I rest my case. :-) They are not serious about privacy, they have another agenda.

EDIT3: I choose to amend this post to avoid cluttering the thread. Under the Article 160 of my country, an 'Indirect Extortion" can happen even when the beneficiary of the "extortion" is not the "extortionist" themselves. One can be prosecuted even if the threat means the money being sent/collected to/by third parties (no matter who they are).

Edited by Lisias
and yet more grammatical errors. X-P . and an interesting link; and an amend.
Link to comment
Share on other sites

This thread is quite old. Please consider starting a new thread rather than reviving this one.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...