Jump to content

Updated Terms Notice & Privacy Policy

Azimech

By Azimech
in KSP1 Discussion

 Share

Recommended Posts

Superfluous J

Superfluous J

Posted
Posted
Just now, Lisias said:

One doesn't have the power to force other to do what the later doesn't want. But, boy, someones have the power to make that poor guy utterly and deeply regret not doing that.

Once a Regulation passes, the mechanisms to enforce it are authorized - including commercial sanctions.

Ah. So they basically yell and scream until they either get their way, or they rescind the regulations because they've basically cut themselves off from the rest of the world.

Okay I'm good with that. It at least makes logical sense and I can see all the steps.

Link to comment
Share on other sites
Lisias

Lisias

Posted
Posted (edited)
9 minutes ago, 5thHorseman said:

Ah. So they basically yell and scream until they either get their way, or they rescind the regulations because they've basically cut themselves off from the rest of the world.

Okay I'm good with that. It at least makes logical sense and I can see all the steps.

Basically, yes. :-)

However, until there, a lot of small people (like me) will have a very harsh time trying to avoid being stomped by a crying elephant.

EDIT: And I hope that the damn elephant will at least use diapers while trying to stomp me!

Edited by Lisias
Link to comment
Share on other sites
Lisias

Lisias

Posted
Posted (edited)

Hell. I just realized that my mailboxes and SMTP servers are huge GDPR uncomplying databases. =/

And now? Should I blacklist every mail from a European source? Are my dynamic IPs I had in the past a liability, in the case that IP ends up servicing an European tomorrow? (you know, IP Range Blocks do change "owners").

Must I spam every single IP that ever had sent me a email (and, then, are on my mailbox for legal reasons) asking for permission to withhold the data? If the #$@#$#!$ refuses, how in hell I can uphold my contracts without the emails as evidences?

You know, emails uses IP Addresses and these are used as proof of authenticity.

 

EDIT: And yeah, it's happening. =/ Wondering if I should do the same on my servers.

EDIT2: For the concerned website owners. Yeah. I'm seriously considering jump ship on this.

Edited by Lisias
Link to comment
Share on other sites
AVaughan

AVaughan

Posted
Posted
6 hours ago, 5thHorseman said:

Ah. So they basically yell and scream until they either get their way, or they rescind the regulations because they've basically cut themselves off from the rest of the world.

Okay I'm good with that. It at least makes logical sense and I can see all the steps.

Or they issue heavy fines and get court orders instruction Visa and Mastercard to prevent any payments from European countries being processed.  For something like KSP, they might get court orders preventing it's sale in europe via Steam. I expect Valve to have at least an office/sell prepaid steam gift cards in Europe.

Link to comment
Share on other sites
LoSBoL

LoSBoL

Posted
Posted
8 hours ago, Lisias said:

Insufficient. On the very link you posted: "THE IP ADDRESS (IN SOME CASES)". 

I'm not doubting you. But I need the exact law and text in order to make my own conclusions. It's about the "chain of thrust" - it's not enough to thrust you, I need to thrust the people you thrust in order to accept what you say without double (and sometimes triple) checking.

 

Understandable :)  I think its all just funny that an IP address somehow now is supposed to be personal information, I've heard it so much in relation to GDPR, that I just took note it is, I don't care really.  How about this as a source?

"(30) Natural persons may be associated with online identifiers provided by their devices, applications, tools and protocols, such as internet protocol addresses, cookie identifiers or other identifiers such as radio frequency identification tags. This may leave traces which, in particular when combined with unique identifiers and other information received by the servers, may be used to create profiles of the natural persons and identify them."

http://eur-lex.europa.eu/legal-content/en/TXT/HTML/?uri=CELEX:32016R0679&from=en

 

Link to comment
Share on other sites
LoSBoL

LoSBoL

Posted
Posted (edited)
10 hours ago, sarbian said:

So you think that if I get you to agree to EULA v1 I can then change the term to whatever I want in v2 without informing you and it is still binding ? I would love to see that in a court. (I would love to see any EULA in court).

Steam user Jim posted this a few days ago which I found interesting to read;

"The term most of you are looking for regarding a EULA is "shrink-wrapped licensing" and in reality it has no real legal authority. It is mainly a protection to limit liability of the producer of the content versus future litigation.

"Shrink-wrapped licensing's actual legality has always been debatable and only about 3 cases have ever went to court. The results of of these cases still left the legal liabilities of shrink-wrapped licensing in limbo. It is in limbo because it is a VOLUNTARY contract between two parties.

Generally you do have a legal right to a refund within 30 days of the licenensing terms being applied (by purchasing, opening, and perhaps even installing the product); however, no one ever pushes the issue into court so whether or not you get a refund goes only as far as you are willing to push it in court."

And a little further;

"It is sad and those cases involved software that caused millions in damages (see: M.A. Mortensen Co. v Timberline Software Corp. and you can see that changes in the EULA after the software is purchased (layered contract) is mentioned in the case."

source: https://steamcommunity.com/app/220200/discussions/0/1696048245848512777/#c1696048426809512180

The first hit on Google brought me here (not going to copy paste it all, best read there); http://www.internetlibrary.com/cases/lib_case206.cfm

 

Edited by LoSBoL
Link to comment
Share on other sites
LoSBoL

LoSBoL

Posted
Posted (edited)
8 hours ago, Lisias said:

Hell. I just realized that my mailboxes and SMTP servers are huge GDPR uncomplying databases. =/

And now? Should I blacklist every mail from a European source? Are my dynamic IPs I had in the past a liability, in the case that IP ends up servicing an European tomorrow? (you know, IP Range Blocks do change "owners").

Must I spam every single IP that ever had sent me a email (and, then, are on my mailbox for legal reasons) asking for permission to withhold the data? If the #$@#$#!$ refuses, how in hell I can uphold my contracts without the emails as evidences?

You know, emails uses IP Addresses and these are used as proof of authenticity.

 

EDIT: And yeah, it's happening. =/ Wondering if I should do the same on my servers.

EDIT2: For the concerned website owners. Yeah. I'm seriously considering jump ship on this.

As a joke, I mailed this to all of my friends on the 25th, (its automatically translated, but you get the idea)

Best addressee, as per today is the General data protection regulation entered into force, in connection with this regulation part I need to inform you what personally identifiable information of you may possibly be in my possession:
Full first and last names, nicknames, dates of birth, disposition, picture and sound material, conversation history, medical data, physical characteristics.
Of the following, ' previous ' ' current ' and ' future ' personal data could possibly be in my possession;
Home address, location information, contact information, employers, personal and business ventures and relations, vehicles, hobbies, holidays and flight dates, pets, life partners, clothing preference, religion, values and standards, subscriptions, Bank and credit card details, income and expenses.
These types of data are not limited to yourself but also concern for family members, life partners, friends, acquaintances and enemies.
This list aims does not aim to be comprehensive.
You hereby acknowledge that all these data has been shared voluntarily by you, have been abandoned and there is no further rights can be derived from this by you.
You have the right to see or change this data (come have a beer, fun!). Removal however will in most cases prove difficult (but can't)
You give me the irrevocable right to, whether or not anonymized, share this data to my own understanding or to distribute to third parties or to earn money here.
If you object to the collection of new personal data, you have the possibility to no longer share data as of today.
Information you share in public however, or that still manage to find their way to me through third parties, can and will be added to this collection.

Should you have any questions, comments or need some clarification, you can reach me via the contact details known to you. Best regards, XXX XXXXXXX *

* some data in this post have anonymized, made possible by the entry into force of the General data protection regulation.

There were some good laughs, except for one buddy of mine who works at a real small real estate agency. Understandable, because getting in compliance, and people already exercising their rights to be forgotten, requesting their info, requesting changes, and even finding all the info is an undoable taks. The burden has been proven so high that It would even be best to shut down the office and start a new one next business day…

The ridiculousness doesn't just stop with business entities, I like to make drone stills and video's, and even people taking holiday pictures are in subdued to follow GDPR guidelines, because the moment you take a picture with somebody on it in the background, and you publish it on a photo website or YouTube, you have to have asked the consent of those people, which they can also revoke again as well.

Edited by LoSBoL
Link to comment
Share on other sites
Lisias

Lisias

Posted
Posted
1 hour ago, LoSBoL said:

Understandable :)  [...] How about this as a source?

http://eur-lex.europa.eu/legal-content/en/TXT/HTML/?uri=CELEX:32016R0679&from=en

Thank you very much. I'll need some time to digest all that legalese. In the mean time, I'm afraid that I have to shutdown some services, and plain block the whole Europe from others until I have all this thing figured out correctly.

I am paid to keep scammers and intruders from my customer's servers - but being the IP "Personal Information", I'm currently living a Kafkaesque situation: in order to shield my clients from an European intruder, I must first ask for permission from the freaking... guy... to record his "personal information" on my server's firewalls. #facePalm

Or blacklist the whole shebang from Europe at once, as this way I don't take the risk of being sued by firewalling a script kiddie that lives there.

Link to comment
Share on other sites
LoSBoL

LoSBoL

Posted
Posted (edited)
6 hours ago, Lisias said:

Thank you very much. I'll need some time to digest all that legalese. In the mean time, I'm afraid that I have to shutdown some services, and plain block the whole Europe from others until I have all this thing figured out correctly.

I am paid to keep scammers and intruders from my customer's servers - but being the IP "Personal Information", I'm currently living a Kafkaesque situation: in order to shield my clients from an European intruder, I must first ask for permission from the freaking... guy... to record his "personal information" on my server's firewalls. #facePalm

Or blacklist the whole shebang from Europe at once, as this way I don't take the risk of being sued by firewalling a script kiddie that lives there.

Insane... I can't advise you in any way, but if it was me? I'd say [bad word] the GDPR. 

Edited by Deddly
Mind the language, please
Link to comment
Share on other sites
Lisias

Lisias

Posted
Posted
8 hours ago, LoSBoL said:

[snip]

"Shrink-wrapped licensing's actual legality has always been debatable and only about 3 cases have ever went to court. The results of of these cases still left the legal liabilities of shrink-wrapped licensing in limbo. It is in limbo because it is a VOLUNTARY contract between two parties.

[snip]

"It is sad and those cases involved software that caused millions in damages (see: M.A. Mortensen Co. v Timberline Software Corp. and you can see that changes in the EULA after the software is purchased (layered contract) is mentioned in the case."

source: https://steamcommunity.com/app/220200/discussions/0/1696048245848512777/#c1696048426809512180

And on the post, an interesting conclusion:

Quote

It is YOUR fault you did not push the issue when you had the chance. Ignorantia juris non excusat = Ignorance of the law is no excuse and your passive determination to not take legal action (faillure to repudiate) is your own undoing.

However... Caution. This guy is ruled by Common Law. Things are very different for people like me and Sarbian (and perhaps you? It's implicit that English is not your mother's language), we are ruled by Civil Law.

On Common Law, a Contract between two private parties are law. Unless a felony or something like that is being committed, the Contract have precedence over Law. "Everything is allowed, as long is not explicitly forbidden".

On Civil Law, a Contract between two private parties are subjected to law. A Contract can be invalidated if any part of it contradicts some obscure law. "Everything is allowed, as long it's previously granted by Law". On my country, I am not allowed to wave or short my lunch time. Even by willingly signing a contract where I have one hour for lunch, and then I can go home one hour earlier (or arrive one hour later), such contract can be contested as there's some law around here stating that I have the right of having two hours for lunch. Worse, I don't even need to go to the court myself, my Union can "do it for me, besides me".

7 hours ago, LoSBoL said:

I can't advise you in any way, but if it was me? I'd say the GDPR. 

I would love to. But my failure would out my customers under liability - and someone in Europe goes for his SAS =P for this, they will go for mine later. :-)

 

7 hours ago, LoSBoL said:

Insane... I can't advise you in any way, but if it was me? I'd say  the GDPR. 

I would love to. But my failure on complying to GDPR would put my customers under liability - and if someone in Europe goes for their SAS =P due this, they will go for mine later. :-)

Link to comment
Share on other sites
hbk314

hbk314

Posted
Posted
7 hours ago, LoSBoL said:

The ridiculousness doesn't just stop with business entities, I like to make drone stills and video's, and even people taking holiday pictures are in subdued to follow GDPR guidelines, because the moment you take a picture with somebody on it in the background, and you publish it on a photo website or YouTube, you have to have asked the consent of those people, which they can also revoke again as well.

 

That makes absolutely no sense, so I hope it's a misunderstanding on your part. I know that in the United States, there's no expectation of privacy when you're out in public, so you can't complain about any pictures you end up in. It's different if the pictures are taken inside of someone's privately owned house, for example.

Link to comment
Share on other sites
Deddly

Deddly

Posted
Posted
7 hours ago, Lisias said:

I am paid to keep scammers and intruders from my customer's servers - but being the IP "Personal Information", I'm currently living a Kafkaesque situation: in order to shield my clients from an European intruder, I must first ask for permission from the freaking... guy... to record his "personal information" on my server's firewalls. #facePalm

 

Are you sure about that? I came across this:
 

Quote

Q: What if a banned user makes an erasure request to get removed from the ban list?

A: The GDPR includes the concept of ‘legitimate interests’  where you can retain data if it is in the interest of protecting individuals.  We believe a ban list would fall under legitimate interests.

Source

EDIT: If a person wants to use the GDPR to prevent you from recording information that would protect you from his own nefarious activities, I can't see such a scenario holding up in court. Otherwise it would be illegal for the police to keep data on suspected or known criminals.

Link to comment
Share on other sites
Lisias

Lisias

Posted
Posted
8 minutes ago, Deddly said:

Are you sure about that? I came across this:

 

Source

Who decides what's legitimate interests? The alleged infractor have the right to demand proof of the misbehavior? How I would provide such proof if I can't log his accesses without previous consent? 

Worst. I will need to disclose my firewall rules to proof I don't have his "personal information" on my servers? 

Link to comment
Share on other sites
Lisias

Lisias

Posted
Posted (edited)
1 hour ago, Deddly said:

EDIT: If a person wants to use the GDPR to prevent you from recording information that would protect you from his own nefarious activities, I can't see such a scenario holding up in court. Otherwise it would be illegal for the police to keep data on suspected or known criminals.

Poisonous Tree Doctrine. If the evidence is obtained by unlawful means, it's summarily excluded from the trial.

Under Civil Law, it's possible to grant exceptions and privileges for State Agencies, shielding them from Regulations. You don't have to mention such exceptions and privileges on every law that would affect them. 

1 hour ago, Deddly said:

The courts would have to decide, in the case of a dispute.

EXACTLY. So, my firewall is now a liability, and I need to allocate resources for a potential sue, otherwise I risk being put out or business if anyone on Europe challenges me a about this.

It's about the money. It's always about the money. Someone has to pay for the party. 

It's cheaper and safer to just block the whole Continent. At the very least, I reduce my liability to the Europeans that already had accessed my servers in the past.

On Risk Management, we call this "reducing the exposing area" (or something like that, I don't know the exact term in EN)

 

EDIT: It's Fruits of Poisonous Tree. :-) And it's being applied on EU too.

Edited by Lisias
added link and correct name
Link to comment
Share on other sites
silverfox101

silverfox101

Posted
Posted (edited)

People should have the option to request their account be deleted anyway. The "We don't delete accounts" that has been posted by moderators is not only wrong but if requested to delete an account then they should, its as simple as that.

Explain why you don't delete accounts please. The moderators told me they didn't delete accounts on The Linux Mint forums when I requested mine be deleted, but after some toing and froing it was deleted.

Edited by silverfox101
Link to comment
Share on other sites
silverfox101

silverfox101

Posted
Posted

Post are tied to accounts yes, but still a deletion request should be acted on. The database isn't my problem if I was to request my account to be deleted. Could be someone who doesn't use the forum now. I had a clean up of forum accounts I had a while back, Linux Mint and a couple of other tech forums purely because I hadn't used them in 12 months, the only problem I had was the mint forum which for the first couple of requests was "we don't delete accounts", seems to be a standard answer on some forums. I just think the option should be there.

Link to comment
Share on other sites
Vanamonde

Vanamonde

Posted
Posted
1 hour ago, silverfox101 said:

Explain why you don't delete accounts please. 

Among other reasons, this would allow people to cause trouble on the forum, then have their accounts deleted and remove the records of the trouble, and then start all over causing trouble again. 

Link to comment
Share on other sites
Superfluous J

Superfluous J

Posted
Posted (edited)
1 minute ago, Vanamonde said:

Among other reasons, this would allow people to cause trouble on the forum, then have their accounts deleted and remove the records of the trouble, and then start all over causing trouble again. 

They seem to have that right, now. At least in the EU.

I wonder what unintended consequences we'll find when this law is more than a day old?

Edited by 5thHorseman
Link to comment
Share on other sites
Lisias

Lisias

Posted
Posted
10 minutes ago, 5thHorseman said:

They seem to have that right, now. At least in the EU.

My understanding is no. GDPR grants the right to be forgotten, not the right to withdraw content - mainly when such content was licensed to third parties.

What I understand is that by deleting all data that would univocally link the post to a persona (even an IP, by Christ's sake), GDPR is good.

Link to comment
Share on other sites
Superfluous J

Superfluous J

Posted
Posted
4 minutes ago, Lisias said:

My understanding is no. GDPR grants the right to be forgotten, not the right to withdraw content - mainly when such content was licensed to third parties.

What I understand is that by deleting all data that would univocally link the post to a persona (even an IP, by Christ's sake), GDPR is good.

If everything has been deleted, then how is the moderator who's deciding to okay the account going to know they caused trouble in the past?

Link to comment
Share on other sites
Lisias

Lisias

Posted
Posted
4 minutes ago, 5thHorseman said:

If everything has been deleted, then how is the moderator who's deciding to okay the account going to know they caused trouble in the past?

They won't. And this is terribly, terribly bad.

Once you can't tell the bad apples from the good ones, all that remains to be done is to handle all of them as bad.

Link to comment
Share on other sites
Jouni

Jouni

Posted
Posted

GDPR is 99% common sense, once you accept the principles behind it:

  1. Do not collect data, if you can avoid it.
  2. If you do collect data, plan in advance what you are going to do with it, and document this.
  3. The data you collect does not belong to you.
  4. In order to collect and process data, you need an explicit informed consent or a legitimate reason.

Consent can obviously be withdrawn, but some of the data may be retained after withdrawal, if there is a legitimate reason for it. Fighting forum abuse sounds like one.

Link to comment
Share on other sites
Errol

Errol

Posted
Posted (edited)

I am creating a new thread (in lieu of posting in the EULA changes thread) for maximum visibility. I have recently stumbled onto this video:
 


And find it very annoying that it is so wrong. The quoted portions of EULA are in reference to information provided during your sign up on the forums, and serves to simply state, for legal purposes, that they are in fact in possession of the information your willingly provided. This type of fear mongering can only serve to hurt this community, and potential future sales (and development funds) for the game. I have chosen not to comment on the video, as youtube comments tend to be far less productive and civilized than discussion here, but I feel that something should be done about it. I did use the youtube report feature, and selected misleading text, however the usefulness of the report feature on youtube has been called into question as of late. 

Thoughts anyone?

Edited by Errol
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...