zlacker

[parent] [thread] 5 comments
1. jivetu+(OP)[view] [source] 2018-05-18 13:19:28
thanks, you’ve pointed out a great signal that now exists. don’t do business with companies that choose to pull out of the eu market rather than comply with gdpr. these are companies that have made an explicit decision that user data privacy is a burden not to be cared about.

my company OTOH is choosing to apply gdpr principles globally.

replies(3): >>frocki+S2 >>apple4+YZ >>Mirior+bD2
2. frocki+S2[view] [source] 2018-05-18 13:43:27
>>jivetu+(OP)
Compliance and cost of doing so does not equate to privacy. Remember when all of the auto manufacturers in Europe "complied" with new regulation by spending a fortune on testing?
3. apple4+YZ[view] [source] 2018-05-18 21:17:39
>>jivetu+(OP)
There is a difference between complying with GPDR and caring about privacy.

I completely and utterly care about privacy, but things like not tracking IP address and allowing people to request removing them are a bridge to far. I can’t comply with that. I treat my customers important PII (names, addresses, etc) very delicately. But the cost of complying GPDR is too must.

replies(2): >>jacque+b51 >>phyzom+iL3
◧◩
4. jacque+b51[view] [source] [discussion] 2018-05-18 22:12:42
>>apple4+YZ
> I completely and utterly care about privacy

and

> allowing people to request removing them are a bridge to far.

Are dissonant. You will have to pick the one or the other but you can't both care about privacy and not allow people to request removal of their data. That should be fairly obvious.

5. Mirior+bD2[view] [source] 2018-05-20 04:55:04
>>jivetu+(OP)
And in your mind there is absolutely no possibility that a reasonable explanation would exist why a company would pull out because of it?

How about cost of compliance? For example, just the fact that you need to figure out whether you are compliant or not costs money. If you ask for user consent, then you must be able to later show that you got said consent from the user to work that data. You also have to take into account the risk of fines if something somewhere goes wrong. We, as software developers, should be intimately aware of how things can go wrong despite everyone trying their best.

All of these things cost money. If the cost is greater than what the business from the EU brings in, then it's not worth it. The fact that there are people who immediately and only jump to the thought they don't care about privacy is very worrying.

◧◩
6. phyzom+iL3[view] [source] [discussion] 2018-05-21 01:25:06
>>apple4+YZ
GDPR does allow you to record IP addresses in access logs and whatnot. And I'm not so sure people can actually ask you to remove their IP addresses; they'd have to demonstrate use of that IP over the relevant time interval, which is beyond most people. So I think while GDPR requires you to have a good reason to collect IP addresses, it doesn't meaningfully impose an obligation to be able to expunge them in removal requests.
[go to top]