H&H violating GDPR?

[Miss_Min]

the thing is, it can't. Sure, it can be tracked to certain PC at certain time,

- but can it, really? If I was using McDonalds wifi, has someone kept my MAC address to tie it to this computer? (well, maybe these days they have, I actually don't know).

I do mostly use my computer at home. But I'm frequently shown location-specific clickbait adverts for a town 90 miles away that I've never even visited, or one in the next county. Don't these services determine location from IP address? Because if so, it looks like something about the way my computer access the internet is confusing the hell out of them.

[ricky]

the thing is, it can't. Sure, it can be tracked to certain PC at certain time,

- but can it, really? If I was using McDonalds wifi, has someone kept my MAC address to tie it to this computer? (well, maybe these days they have, I actually don't know).

I do mostly use my computer at home. But I'm frequently shown location-specific clickbait adverts for a town 90 miles away that I've never even visited, or one in the next county. Don't these services determine location from IP address? Because if so, it looks like something about the way my computer access the internet is confusing the hell out of them.

most likely your ISP is based in that city. or more specifically, the IP addresses given to your ISP are for that city/geographical area, in which case these advertisements are trying to hit the largest audience.

[Jalpha]

Is legislation vague so that people can make more money, or to allow for flexibility?

[MagicManICT]

Is legislation vague so that people can make more money, or to allow for flexibility?

Much like making "stone soup," it's everyone throwing their ideas in the pot and getting some sort of strange morass out of it. At least that's my uneducated observation.

[ricky]

Is legislation vague so that people can make more money, or to allow for flexibility?

Much like making "stone soup," it's everyone throwing their ideas in the pot and getting some sort of strange morass out of it. At least that's my uneducated observation.

Not only that, but these legislators are way out of their element.(At least from watching my american congress. maybe EU legislators are more tech savvy)

watching congress interview Mark Zuckerberg was a shitshow. the panel didnt know what questions to ask, the responses given were difficult for them to understand. These guys are simply way out of the loop on how these technologies function.

[Granger]

Well, the politicians here defined an abomination of email (de-mail) where the encryption is made with a key that was centrally created (so there could be, aka is, a retained copy) and is decrypted on the central server (so it can be 'scanned for viruses') as being '100% secure, confidential and safe against impersonation'.

Surely that isn't the case for anyone with a little technical background (for obvious reasons) - nevertheless it's the legal definition so you'll be liable for anything that would be done with a key you have no control over. I wonder why it didn't take off, my suspicion is that no sane person wants to give a three letter agency the ability to send child porn in their name (to neuter you in case you get inconvenient, see the Edathy case).

Same here with IP addresses and GDPR, it's personal data by definition.

The bullshit is in you, by being legally able to put the equivalent of demanding the firstborn into your privacy policy, still are able to abuse the data as you want - since you have informed your users correctly about doing it.

[MagicManICT]

watching congress interview Mark Zuckerberg was a shitshow. the panel didnt know what questions to ask, the responses given were difficult for them to understand. These guys are simply way out of the loop on how these technologies function.

Well, to be honest about it, pretty much everything that goes before congress is this way. Be it congress on a witch hunt such as the McCarthy hearings on communists in the US to the Iran-Contra thingy (anyone remember that 80s catch-phrase "I don't recall?"), to Clinton's indictment in the 90s.

[loftar]

There's 'storage' and 'use' - you have both.

Hmm. To take a converse example, the Wikimedia Foundation seems to have enough of a EU presence to fall under the GDPR, but I notice that they have no sort of "consent notice" or anything of the sort on Wikipedia, so I wonder how they get away with that, then. Or Ebay, for that matter.

[Robben_DuMarsch]

There's 'storage' and 'use' - you have both.

Hmm. To take a converse example, the Wikimedia Foundation seems to have enough of a EU presence to fall under the GDPR, but I notice that they have no sort of "consent notice" or anything of the sort on Wikipedia, so I wonder how they get away with that, then. Or Ebay, for that matter.

I think you're conflating the GDPR with the cookie notices.
Without trying to spell out exactly what the GDPR requires as far as compliance, which I sure as shit wouldn't even attempt even if people were offering to pay me, it seems the consensus is that compliance, at a minimum, requires updates to privacy policies explaining a bevy of data retention policies and disclosures to other entities, and a method to comply with data deletion requests from EU citizens. Sort of like a DMCA takedown request, but from an individual seeking to delete their own personal data.*

You didn't look very hard before you determined that Ebay wasn't doing anything to comply.

*I'm not giving you legal advice. We have no attorney-client relationship, and this is not tailored to your situation

[loftar]

I think you're conflating the GDPR with visible notices like the cookie notices.

Not sure. I mean, at first glance, it would seem that saving any data at all whatsoever, even keeping a HTTP accesslog, requires explicit "consent" from the user concerned which would have to be clearly communicated and explicitly accepted.

You didn't look very hard before you determined that Ebay wasn't doing anything to comply.

...and in the above-mention case of keeping an accesslog, that would, if so, seem to have to be done on the very first request.

Otherwise, would there really be anything Haven needs to do, at all?

*I'm not giving you legal advice. We have no attorney-client relationship, and this is not tailored to your situation :P

If you say anything even remotely untrue, I'll fukken see you in court, boy.