[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Whois vs GDPR, latest news
> On May 26, 2018, at 18:42 , Royce Williams <royce at techsolvency.com> wrote:
>
> On Sat, May 26, 2018 at 4:57 PM Dan Hollis <goemon at sasami.anime.net> wrote:
>
>> I imagine small businesses who do a small percentage of revenue to EU
>> citizens will simply decide to do zero percentage of revenue to EU
>> citizens. The risk is simply too great.
>
> That would be a shame. I would expect the level of effort to be roughly
> commensurate with A) the size of the org, and B) the risk inherent in what
> data is being collected, processed, stored, etc. I would also expect
> compliance to at least partially derive from
> vendor/cloud/outsource/whatever partners, many of whom should be
> scaled/scaling up to minimally comply.
Hereâ??s the problemâ?¦
The way GDPR is written, if you want to collect (and store) so much as
the IP address of the potential customer who visited your website, you
need their informed consent and you canâ??t require that they consent as
a condition of providing service.
Basically, the regulation is so poorly written that it is utterly nonsensical
and I wonder how business in Europe intend to function when they canâ??t
make collecting someoneâ??s address a condition of allowing them to order
something online.
> I would also not be surprised if laws of similar scope start to emerge in
> other countries. If so, taking your ball and going home won't be
> sustainable. If small, vulnerable orgs panic and can't realistically engage
> the risk, they may be selecting themselves out of the market - an "I
> encourage my competitors to do this" variant.
Letâ??s hope that if enough businesses take their ball and go home, the EU
and other regulators will wake up and smell the hydrogen-sulfide and write
better laws.
Iâ??m not opposed to privacy protection, but GDPR contains way too much overreach
and way too little logic or common sense.
> Naively ... to counter potential panic, it would be awesome to crowdsource
> some kind of CC-licensed GDPR toolkit for small orgs. Something like a
> boilerplate privacy policy (perhaps generated by answers to questions),
> plus some simplified checklists, could go a long way - towards both
> compliance and actual security benefit.
The first word does a pretty good job of describing the rest of that paragraph
as mentioned by others.
> In a larger sense ... can any org - regardless of size - afford to not know
> their data, understand (at least at a high level) how it could be abused,
> know who is accessing it, manage it so that it can be verifiably purged,
> and enable their customers to self-manage their portion of it??
Yes. But even if an org does all of that, there are still significant problems
with GDPR.
Owen
- References:
- Whois vs GDPR, latest news
- From: johnl at iecc.com (John Levine)
- Whois vs GDPR, latest news
- From: owen at delong.com (Owen DeLong)
- Whois vs GDPR, latest news
- From: amitchell at isipp.com (Anne P. Mitchell Esq.)
- Whois vs GDPR, latest news
- From: dbrisson at uvm.edu (Daniel Brisson)
- Whois vs GDPR, latest news
- From: amitchell at isipp.com (Anne P. Mitchell Esq.)
- Whois vs GDPR, latest news
- From: owen at delong.com (Owen DeLong)
- Whois vs GDPR, latest news
- From: owen at delong.com (Owen DeLong)
- Whois vs GDPR, latest news
- From: amitchell at isipp.com (Anne P. Mitchell Esq.)
- Whois vs GDPR, latest news
- From: sethm at rollernet.us (Seth Mattinen)
- Whois vs GDPR, latest news
- From: goemon at sasami.anime.net (Dan Hollis)
- Whois vs GDPR, latest news
- From: royce at techsolvency.com (Royce Williams)