1. 4
  1. 34

    This reads like an opinion-as-proof fluff piece.

    The thesis of the article seems to be “policy can’t fix this, technology can”. Coincidentally(heh) the author is a cofounder of a cryptocurrency called “Consent Token” that allows you to use the blockchain to sell private information.

    https://thenextweb.com/author/mindaugas-kiskis/ http://www.consentok.com/

    1. 9

      I hate it when people say “look at what this person built!” or “look at what this person supports!” as though it’s proof the person’s opinion is compromised. It’s totally expected that someone who holds this opinion would follow through on it by building something around it. If you’d like to suggest they’re just saying what’s convenient for their position, you can use as much popular psychology as much as you want; as is common with pop-psych, you’ll find false-positives everywhere.

      1. 17

        the guy is free to build whatever he wants on the grounds of whatever he choses to believe. the issue with this piece is that it’s presented as some form of journalism, without any disclosure, when it’s not. that’s the same as having a pro-fracking article in a national newspaper, criticising anti-fracking laws, written by a guy who owns a drilling company. can you not see the conflict of interest? his opinion is compromised, it’s biased! worst than that, is that this dude throws around statements w/o much backup:

        I would be happy if the GDPR would at least slow down data processing without my knowledge and by parties with whom I have no relationship, but I see no sign of this happening.

        i’ve seen loads of web pages now asking you to consent to things such as trackers. doesn’t that slow down data processing? does it not actually stop it?

        the GDPR has not meaningfully changed the privacy status quo

        how come? what would a meaningful change be in this author’s opinion be then?

        There are dozens of situations when it’s actually socially undesirable to keep it private, (…)

        what’s the issue here? this is just rambling at this point. does gdpr keep you from sharing your data in any way? no.

        Equally questionable are formal and bureaucratic prescriptions for better data protection — more documentation, privacy impact audits, formal training, etc. Does anyone honestly believe that more paperwork will lead to more privacy? More security risks in handling of our data (say thousands of hand signed consents) are somewhat more likely, I’m afraid.

        “hurr durr red tape”… this is just making stuff up… why is it questionable? why are there now more security risks? this article is total garbage.

        is gdpr perfect? of course not. is gdpr solving every privacy issue? it certainly isn’t. that doesn’t invalidate it, still.

        1. 1

          …the issue with this piece is that it’s presented as some form of journalism, without any disclosure, when it’s not.

          Would you rather the article be written by someone with no practical experience in the field? This isn’t rhetorical, it’s a genuine question: do we want experienced and potentially biased people, or inexperienced people with fresh perspectives?

          In any case, I don’t think experts are responsible for disclosing everything that has shaped their opinion. I don’t think any of us is. I think dealing with that reality—with the fact that every opinion belies an entire life experience—is just par for the course.

          It seems like you disagree with the article’s points, which I can respect. (There are some points that I disagree with as well, and I hope you don’t imagine my argument as just an extension of the author’s.) Going after that person’s prior experience, as though it invalidates their opinion, just doesn’t make sense.

    2. 28

      By May 25, most corporates had just amended their Privacy Policy volumes and annoyed consumers were forced to clicked through to accept them without reading.

      I don’t know why people find this so hard to understand, but the entire point of the GDPR is that you cannot comply with it simply by adding more terms to your Terms of Service for people to sign away their rights without reading. That’s not how it works.

      In my opinion preoccupation with the nominal personal data, actually displaces real privacy. Who cares about privacy of their name and family name, or office held? Except to hide shady politicking and worse, majority of us are happy to consciously publicize it as much as possible. It’s wrong, impractical and disrespectful to assume the contrary.

      There are dozens of situations when it’s actually socially undesirable to keep it private, yet it is zealously protected under the GDPR in exactly the same way as your shopping history or your family photos.

      I do care about the privacy of my name and family name. Is my name public on the internet? Yes. If I wanted to make it not public, would I want to be able to do so? Yes. Simple as that, really.

      Equally questionable are formal and bureaucratic prescriptions for better data protection — more documentation, privacy impact audits, formal training, etc.

      Does anyone honestly believe that more paperwork will lead to more privacy? More security risks in handling of our data (say thousands of hand signed consents) are somewhat more likely, I’m afraid.

      Why would formal training around data protection, auditing of privacy protection and documentation of efforts to comply with the GDPR lead to another other than more privacy?

      Apart from the right to complain under the new rules and few marginal rights — which are primarily of interest to the corrupt and the criminal, like the right to be forgotten — the average data subject barely gained any new privacy through the GDPR.

      Yeah okay, nothing interesting to read here. The right to be forgotten is certainly not ‘primarily of interest to the corrupt and the criminal’. What a great load of ‘if you have nothing to fear you have nothing to hide’ twaddle.

      1. 2

        By May 25, most corporates had just amended their Privacy Policy volumes and annoyed consumers were forced to clicked through to accept them without reading.

        I don’t know why people find this so hard to understand, but the entire point of the GDPR is that you cannot comply with it simply by adding more terms to your Terms of Service for people to sign away their rights without reading. That’s not how it works.

        Excuse me if I misunderstand, but isn’t it still the case that they can add terms to their privacy policy, then tell users to either check all the boxes or leave?

        1. 15

          That’s exactly what you can’t do — you can’t refuse service if a user says “no” to tracking (unless you can prove in court that the tracking is strictly required for the functioning of the service).

          1. 2

            An example of a site that doesn’t follow the rules you state at all:

            If you do not agree with our new privacy policy (that haven’t really changed much) we absolutely respect that. Feel free to go to your user settings page and delete your account. Optionally, you can change your settings and/or user profile if that helps. If you miss any settings feel free to let us know. If you just miss-clicked you can always go back and agree to the policy. If you have more questions feel free to send an e-mail to support@{{domainName}} and we will do our very best help you out.

            They’re relatively small though, so I hope they’re not representative of too many other companies.

            1. 3

              Then their privacy policy is invalid, and they’re committing a crime with every bit of data they collect.

              To be allowed to collect userdata, you need consent, and under the GDPR consent is only valid if it has been given freely, without any advantage/disadvantage coming from giving/not giving consent. (except for functionality that directly requires the consent).

            2. 1

              Oh. I guess I’ve been doing privacy policy change dialogs wrong then 😅 I could’ve sworn lots of them wouldn’t let you continue until you accepted though.

          2. 1

            I don’t know why people find this so hard to understand, but the entire point of the GDPR is that you cannot comply with it simply by adding more terms to your Terms of Service for people to sign away their rights without reading. That’s not how it works.

            Have the various aspects of GDPR been applied/tested in court yet?

            1. 7

              European civil law originals from Roman civil law, and is quite different from common law systems that originate from British law. Generally the law is quite specific and the intent is that the law will be applied as written rather than interpreted in the social and political context of the day in light of precedent, as is done in common law systems.

              I don’t know if that’s the case with the GDPR to the extent that it’s true of say, German law or French law, but if it is, it doesn’t need to be ‘tested’ in court, it is what it is.

              1. 1

                There are a few things which GDPR leaves open to interpretation, such as:

                • Maximum fines are specified, but we have yet to see what fines will be handed out for different levels of non-compliance.
                • How far the “legitimate interest” can be stretched.
          3. 6

            One of my favourite parts of the GDPR is the data export stuff. So many websites have great data export tools now. I am building an alternative to a popular service and now that the GDPR exists I can build a tool to do a full import of a users data from the other service.

            1. 3

              Posted on a website that immediately took over my screen to get me to consent to signing away my privacy.

              1. 3

                Apart from the right to complain under the new rules and few marginal rights — which are primarily of interest to the corrupt and the criminal, like the right to be forgotten

                This is a very dangerous path to go down. It’s possible to do things you regret and want the world to forget without being either corrupt or criminal. See, for example, the recent case of director James Gunn, who pissed off the alt right to the extent that they dug up deleted Tweets from a decade ago, for which he had already apologized and which in no way indicate his current beliefs as far as anyone can tell, in order to pressure his employer into firing him.