|
| ▲ | microtonal 2 hours ago | parent | next [-] |
| The compliance model is very simple. Do not collect data. Problem solved. If you need to collect data (e.g. because you are a webshop), only collect the minimum necessary. The problem is not the GDPR, the problem is the surveillance industry that wants to grab as much data as possible and try to do as much malicious compliance as possible. |
| |
| ▲ | jandrewrogers 2 hours ago | parent [-] | | Designing around GDPR compliance shows up all over the place in industrial data collection. It doesn't only affect surveillance webslop. The costs are often worse on industrial side because the data is so much larger and faster than web or mobile data. | | |
| ▲ | gwerbin an hour ago | parent [-] | | What do you mean by "industrial" in this case? | | |
| ▲ | jandrewrogers 39 minutes ago | parent [-] | | Telemetry from machines and data from environmental sensors that is collected for operational purposes (safety, efficiency, reliability) in industrial applications. Old school engineering systems that in modern times have expansive network-connected sensors that may even have onboard classifiers to reduce the quantity of data. The trouble started when lawyers correctly noticed that these are incidentally capable surveillance systems even though that isn't how we use them or what they were designed for. |
|
|
|
|
| ▲ | pocksuppet 3 hours ago | parent | prev | next [-] |
| Have you read it? It's not that bad, unless you're thinking like an adtech programmer trying to find the exact edge case for the maximal amount of tracking you're allowed to do, because such a bright line does not exist and that fact infuriates adtech professionals. It is vague because reality is vague and complex; each specific case of alleged violation has to be interpreted by multiple humans; there is no algorithm. |
| |
| ▲ | ch4s3 3 hours ago | parent | next [-] | | The law mandates a data protection officer with specific duties. It also establishes a board that "issue guidelines, recommendations, and best practices" which is where administrative complication and nonsense always creeps in. | |
| ▲ | jandrewrogers 2 hours ago | parent | prev [-] | | It is regulation that imagines companies are a government bureaucracy. I have read GDPR and don't work in adtech. It is vague and it is pretty easy to find pathological scenarios that don't make much sense or impose an unusually high burden for no benefit. Every European law firm seems to agree with this assessment despite what proponents assert. Consequently, it forces a lot of expensive defensive activity in practice. To some extent, it was just a failure of imagination on the part of GDPR's authors. Many things are not nearly as simple as it seems to assume and it bleeds into data models that have nothing to do with people. It is what it is but no one should pretend it is not a burden for companies that have nothing to do with adtech or even data about people. |
|
|
| ▲ | troupo 3 hours ago | parent | prev [-] |
| You can literally read the entire "complicated" regulation in one sitting in an afternoon. There's literally nothing complex or complicated about it. Congrats on gullibly believing the ad tech narrative. |
| |
| ▲ | ryandrake 3 hours ago | parent | next [-] | | The "GDPR is complicated" meme has been circulating among software developers since probably before it was even written. It's so wild that HN dunks on it so much: Here we have a societal problem in computing we've been complaining about for decades, someone offers an incremental but imperfect regulation to start taking steps to correct it, and everyone hates it! | | |
| ▲ | pocksuppet 3 hours ago | parent [-] | | Same with the California age input box. | | |
| ▲ | lukeschlather 2 hours ago | parent [-] | | The problem with the age input box is that we don't have the GDPR. We're mandating that people give accurate age information to advertisers, and it's legal for advertisers to sell detailed dossiers on people including their age and target advertising using the age. This is why Meta wrote the age input box legislation, they want to make everyone legally required to provide Meta with their age. |
|
| |
| ▲ | ch4s3 3 hours ago | parent | prev [-] | | Being able to read something in one sitting doesn't make it simple or obvious. The law establishes a board that gets to set new requirements. | | |
| ▲ | stavros 2 hours ago | parent [-] | | As someone who has to implement it, it's really not bad at all: Ask the user for consent to use their data, and don't be misleading about it. That's it. The rest of the "It'S So LaRgE AnD UndErSpEciFieD" is just FUD. The regulators don't just slap fines, they work with you to get you to comply, and they just want to see that you're putting in the effort instead of messing them about. I have literally never been surprised by the GDPR. Whenever I thought "surely this is allowed" it was, whenever I thought "this can't be allowed", it wasn't. For everything in the middle, nobody will punish you for an honest mistake. | | |
| ▲ | ch4s3 19 minutes ago | parent | next [-] | | > for everything in the middle, nobody will punish you for an honest mistake. How do you know that? Again the law establishes a rules making body that can at any time change or add rules, and as far as I can tell there's no public review process. | | | |
| ▲ | redwall_hp 2 hours ago | parent | prev [-] | | Anti GDPR people: "it's so complicated not being able to walk into someone's house and take their things! Which things can I not take? How about this? And now I need a lawyer if I take someone's things? Ridiculous!" Just don't spy on people. | | |
| ▲ | stavros 2 hours ago | parent [-] | | Yeah that's pretty much what it feels like, or sometimes it's "what if someone's stuff is lying on the street? Can I take it then?" and the regulator is kind of like "look around and ask if it belongs to anyone, and if not, sure". |
|
|
|
|
