The GDPR just went into effect...

[Timsup2nothin]

Today's hilarity:

I got an "updating our privacy policy" e-mail from a game forum based in Germany. They told me that they are just complying with the GDPR and aren't about annoying spam, which is clearly true since I don't recall ever getting an e-mail from them before, and told me I could easily get myself removed from their list if they had been bothering me.

Then they gave me a full page about their upcoming game.

 

[Broken_Erika]

This seems simple.

https://twitter.com/mrscruff1/status/999688703361605633/photo/1

 

[Ironsided]

It's a very good thing. The major point beeing you own data storage about you. This should not even be in question to begin with.

 

[Broken_Erika]

It's a very good thing. The major point beeing you own data storage about you. This should not even be in question to begin with.

Bu-Bu-Bu-But people owning their data about them and not allowing corporations to buy and sell it is Communism!

 

[innonimatu]

The BBC did comment yesterday that certain companies are going to refuse all European web traffic to avoid implementing the GDPR, but that seems excessive.

Good riddance.

 

[Zelig]

If you are Facebook, you have a legal department that has already determined how to make compliance fairly painless for you.

Facebook doesn't plan on being compliant: https://medium.com/@bozhobg/facebook-doesnt-plan-to-be-gdpr-compliant-7f775231c497

I hold personal identifiable information about employees of the company. This is a pain for me if someone wants their records or wants them destroyed.

Sounds like you're not really organized enough to be trusted with that PII in the first place if you're not capable of supplying it to the owner when they ask.

It is an overreach and conflicts with my obligations to keep tax and accounting records.

No, there are very clear provisions for legitimate business interests. Tax records as mandated by law are about as legitimate as a business interest can possibly get.

In the UK, there was a last week rush to destroy unindexable old records before the Freedom of Information Act came into force; and more recently
the UK's Home Office claimed that it destroyed its records of Windrush immigrants arrivals to comply with the Data Protection acts.

And no doubt many organisations' change managers and fraudsters will likely use the GDPR as a convenient excuse to wholesale delete old records.

Organizations should always treat data as a liability: Data Is a Toxic Asset

I'd prefer paying $5 a month for something that doesn't sell everything about me to corporations I don't know.

There are a couple problems here. Facebook and Google are already extracting more than $5/m from North American users, and driving this number upwards. Advertising revenue per user is essentially uncapped, while monthly paying users are quite sensitive to price increases. Furthermore, anyone who is willing to pay to avoid ads is exactly the type of person who is worth drastically more in terms of tracking/advertising than the average user.

 

[Zelig]

https://www.theverge.com/2018/5/25/17393766/facebook-google-gdpr-lawsuit-max-schrems-europe

I really hope courts rule that tracking for ads is not a legitimate business interest required to provide service.