The grace period should be long over.
It’s time for the EU to stop being nice and start the fines.
The author, and anyone else experiencing similar things, need to start by filing a complaint with their local Data Protection Authority for anything to be able to happen.
Don’t mean to be a downer but just filing complaints is probably not enough either. Joining (or setting) up campaigns is still the way to go. It’s not as if Schrems et. al. suddenly stopped working because they won some cases etc.
The local data authorities are doing that, this website tracks the fines https://www.enforcementtracker.com/
While being unable to manage a mailing list for a company whose entire purpose is infra is very confidence shaking, failing to take you off their mailing list is a pretty low-severity data violation. You can easily block Cloudflare emails and the email address itself may not be associated to any user-identifiable information beyond the email address itself.
It might be low-severity, but it is a violation.
But I think that the point of the article is that they’re breaching data protection laws. They said “we’re protecting your data”. Then they say “we don’t know where your data lives”. That’s not confidence-inspiring, especially considering that half the internet goes through Cloudflare and they have the data from all of us.
No, this is not about the principle or low-severity.
The whole thing was meant to prod organizations to create proper practices and concepts how to continue going forward with (customer) data (and when to delete). This was tedious and not fun, but we did it, in order to comply with the law and because it’s the right thing to to. Apparently Cloudflare simply doesn’t care.
Cloudflare is large enough to not be subject to that “right thing to do” moral calculus. Organizations of that scale can be very creative at justifying their behavior, but the behavior itself reliably responds only to (dis)incentives.
They will continue to not care until it is demonstrated to them, very conclusively, that non-compliance is more expensive than compliance.
You’re stating the obvious and I agree with you. I was simply trying to convey to the parent poster why it’s worth making a fuss and it’s not just fine glossing over it. They certainly don’t need unaffiliated people downplaying it.
Once again, my hesitation into jumping on industry bandwagon darlings pays off.
I don’t think that this is unique to Cloudflare.