rangerovers.pub
The only place for a coil spring is up Zebedee's arse
Member
Joined:
Posts: 736

This is my favourite bit of GDPR (so far), from a US site:

" Sorry ;-(
You are visiting this website from a country belonging to the European Economic Area (EEA) which enforces the General Data Protection Regulation (GDPR) and therefore cannot grant you access at this time. We are unable to bear the GDPR compliance cost at the moment. Come back again some other time. "

Overall probably the real 'sticking point' remains this clause:

"Legitimate interest"

"In specific situations, we may require your data to pursue our legitimate interests in a way which might reasonably be expected as part of running our business and which does not materially impact your rights, freedom or interests"

Although I have asked a few to explain this (eg. who decides what is 'reasonable'and/or 'materially impacts', US or YOU ?) but have nor received any answers (so far)...

and which thus probably tells us all we need to know...?

Member
Joined:
Posts: 2441

Who decides? ultimately the courts - should someone make a complaint and bring a case.
It seems like a stretch for a US based forum to be worried about EU law. It only has teeth if the company concerned has UK/EU based operations which can then be fined.

Member
Joined:
Posts: 736

In effect this has already all happened of course with the FaceBook/Cambridge Analytica case and the key question "who owns our personal data ?" https://en.wikipedia.org/wiki/Facebook%E2%80%93Cambridge_Analytica_data_scandal

The "Social Media" Companies can't be trusted (and don't care) ! It is inevitable that further Regulation will occur....

Member
Joined:
Posts: 805

Just to clarify the situation, I don't give a shit about collecting your PII, but I take all practicable steps to ensure that all the site data is stored securely. If you want to add links to your blog, social media accounts or your phone number, photo or inside leg measurement to your site bio or signature, that's entirely your decision. Because this is non-profit, GDPR does not apply.

The site is currently hosted in England. If there are significant adverse effects from Brexit I'll most likely move the hosting to Germany, either on a dedicated server or AWS. If Scotland leaves the UK following Brexit, then I will plan to move the site hosting to Scotland once it regains EU membership.

I can't stress this enough, though. What you put on publically-viewable parts of the website is down to you. As long as what you post doesn't breach general standards of decency or actually break the law, I don't mind what you do, but it's entirely up to you to behave yourselves. No-one has offered to buy the site or your data, and even if they did I don't feel any great need to sell out.

If you have any questions about the security and integrity of your data on this site, please feel free to ask.

Member
Joined:
Posts: 736

Understood, Gordon !

  • and I trust everyone realised my 'trust' comments above are obviously not aimed at this site but at FB/Zuckerberg and the like. In particular that FB makes its money from advertising (and thus by direct implication from 'personalised' and/or 'targetted' advertising of course.)

eg. If you visit the likes of RRs.net they ask the question/s about using 'your' data (on the basis of their "Legitimate Interest") to pass on to others. Once you could accept Cookies from (just) them and reject their Thirs-Party cookiesThe key principal here should be that you opt in for that, not that it is a default if you use the site, and that is where the EU and USA are on a collision course.

Here's the thing; It is OK for FB/Zuck to say they 'got it wrong and will improve' (and other platitudes) but in the meantime all their User's data is fair game (and in perpetuity.....) ?

The EU (and so the UK !) are bound by certain established 'Consumer' and 'Customer/User' rules; For instance if you buy something from Halfords is it then somehow acceptable for them to pass the details of that transaction to other organisations ? Of course not (depending on any Ts&Cs you may may have signed....) but, for a variety of reasons, many Consumer's don't view the Digital World from the same points of Personal Privacy......

Similarly if your use a US-based e-mail platform is it right that they own the content... on the basis that you don't actually pay for it ? This is also the future, paying for our privacy too......

Member
Joined:
Posts: 2441

Hate to say it Gordon but GDPR applies to any personal information processed outside home use (Christmas card lists, personal social media, household gadgets etc)

Being non-profit doesn't create an exemption.

Member
avatar
Joined:
Posts: 8081

Whether it applies or not it is how the data is used that is important not that it is there. Anyone that registers here gives their personal details freely and provided Gordon doesn't decide to sell those details on to someone else, there isn't a problem If you choose to publish what could be considered personal information (birthday, etc) then that is immediately placed in the public domain. So is no longer considered personal but public. What isn't allowed is something I need to take up with another owners club I'm involved in. They send out a newsletter by email but looking at the To list, it shows every email address for all 200 odd recipients. That email address has been given in order that the club can contact them, not to publish it to everyone else who may then use it for other purposes. The advice we got at work under those circumstances is to send an email to yourself and put the other recipients in the Bcc list.

Member
Joined:
Posts: 2441

Even if I choose to publish my birthday on the face of the moon, it remains personal data. No-one else has the right to publish that data unless they are able to prove a lawful basis for doing so.

To be clear, I have no objection to the way Gordon runs this site. I just pointed out that GDPR applies here in case he ends up in a tangle in the future.

On the CC'd email point, assuming that you have not consented to your email address being shared with other members of the list, that's a textbook case of a data breach. This means that the data processor has not taken sufficient care to ensure the correct technical and organisational procedures are in place to guarantee data security under the 7th principle of GDPR and arguably they've failed to uphold the first principle (fair and lawful processing) as well. Go gettum :)

Member
Joined:
Posts: 736

Probably a bit of a Moot/Moon point Morat if you (willingly and willfully) wrote it big enough to read from Earth....!

Meanwhile back down here as I hope I had originally indicated the whole EU GDPR initiative was primarily predicated on a number of various US giants who assume our data is theirs (to do with as they wish and where they wish) of course.

PS: Whilst you are up there can you get me some 50th-Anniversary Moon-rocks please ?

Member
Joined:
Posts: 2441

GDPR certainly is designed to stop the likes of FarceCrook, Sploogle, Crapple et al from spreading our personal data around the globe but it's also aimed at everyone else from the public sector to "marketing database" sales types.

I think it is well inentioned but when bureaucrats start planning perfection, the best you can hope for is Milton Keynes :(

Member
avatar
Joined:
Posts: 8081

As I was once told by a lawyer, laws are drafted and worded by lawyers in such a way that other lawyers can then earn a fortune arguing over the precise meaning of them......

Member
Joined:
Posts: 2441

Well I bet he was soon thrown out of the Magic Circle!! :)

Member
Joined:
Posts: 1356

Hehe.. It is a load of bolx though the way they talk etc eh? Can imagine there was once a time when that sort of language was more the norm, in which case why hasn't the language moved with the times?

I was once done for having no insurance on my son's Corsa when I was teaching him to drive. Had just dropped my daughter off in his Corsa, I was driving with my son in front passenger seat. I didn't have my docs on me but told the copper I had a trade policy that also covered me to drive any vehicle tptf. The copper didn't believe my policy would cover me if I wasn't driving for business purposes so I got a letter, could either accept 6 points and a fine or go to court. I knew I was covered, checked my docs, replied to the letter saying I was covered and included a copy of the policy but they stuck to their guns... accept the points or argue the toss in court. I chose to go to court (Leeds magistrates), they kept me there all day before I went into the actual courtroom... and then I was suddenly discharged without trial. At that point I was disappointed not to have been tried, I was fired up and looking forward to it! But I think I know why I was discharged... I recognised the prosecution barrister, couldn't place him at first, then I remembered where I knew him from.. He was a customer who I'd converted a BMW740 for! Quite a coincidence. But there was another coincidence with the same bloke... Before I converted his BMW I once saw him launching his boat at Acaster Marine when I was launching my boat, we didn't speak at all on that occasion but I knew his face when he brought his BMW to me and then when I dropped his car off for him at his house I saw his boat outside.. He was launching his boat with his 740 the first time I saw him when we didn't speak. I have to wonder whether they discharged me without trial because they realised they were wrong (I showed a copper or a court clerk my docs), or because the prosecution barrister knew me, or because the prosecution barrister had allowed me to drive his car without checking my insurance situation lol...

Member
Joined:
Posts: 995

Lpgc wrote:

Hehe.. It is a load of bolx though the way they talk etc eh? Can imagine there was once a time when that sort of language was more the norm, in which case why hasn't the language moved with the times?

If everyone could read the law and make proper sense of it the solicitors and barristers and all the rest of them would largely be out of a job :P

Member
Joined:
Posts: 1141

Lpgc wrote:

Hehe.. It is a load of bolx though the way they talk etc eh? Can imagine there was once a time when that sort of language was more the norm, in which case why hasn't the language moved with the times?

I was once done for having no insurance on my son's Corsa when I was teaching him to drive. Had just dropped my daughter off in his Corsa, I was driving with my son in front passenger seat. I didn't have my docs on me but told the copper I had a trade policy that also covered me to drive any vehicle tptf. The copper didn't believe my policy would cover me if I wasn't driving for business purposes so I got a letter, could either accept 6 points and a fine or go to court. I knew I was covered, checked my docs, replied to the letter saying I was covered and included a copy of the policy but they stuck to their guns... accept the points or argue the toss in court. I chose to go to court (Leeds magistrates), they kept me there all day before I went into the actual courtroom... and then I was suddenly discharged without trial. At that point I was disappointed not to have been tried, I was fired up and looking forward to it! But I think I know why I was discharged... I recognised the prosecution barrister, couldn't place him at first, then I remembered where I knew him from.. He was a customer who I'd converted a BMW740 for! Quite a coincidence. But there was another coincidence with the same bloke... Before I converted his BMW I once saw him launching his boat at Acaster Marine when I was launching my boat, we didn't speak at all on that occasion but I knew his face when he brought his BMW to me and then when I dropped his car off for him at his house I saw his boat outside.. He was launching his boat with his 740 the first time I saw him when we didn't speak. I have to wonder whether they discharged me without trial because they realised they were wrong (I showed a copper or a court clerk my docs), or because the prosecution barrister knew me, or because the prosecution barrister had allowed me to drive his car without checking my insurance situation lol...

In the few dealings i've had with anyone of that profession, they don't just talk like that, its like anything they do is conveyed by either carrier pigeon or messages in a bottle given how long it takes to get something simple sorted and how many letters it seems to require.

Member
Joined:
Posts: 736

Back on GDPR I just had a chat with someone about the importance of OPT OUT / OPT IN stuff which reminded me I originally meant to ask how many of us have BT Broadband and if so did you know that you were automatically 'opted in' so that your Home Hub is a BT WiFi Hot Spot ?!

In fact it has been like this for about 10 years; the basic idea is that if you sign up to use "BT FON" when you are out and about then that means it is then OK for BT to use (a part of) your Home Mub Bandwidth for their service (!); BT have been quite guarded about how much of your Speed is lost as a result but those who have measured it say it is up about 1/2 Meg... depending on how many others are sharing it)

Yes, it is possible to opt out but that's the point, It should clearly be something absolutely requiring an OPT IN !

EDIT: Check it out in your own area: https://www.btwifi.com/find/

(On my road there are "LOTS" of Hot Spots; This being lots of folks who don't know others are using part of their
Bandwidth that they are paying BT for of course ?!)

Member
Joined:
Posts: 1141

Theres a bit more to it than that - they actually charge others to use it if they aren't a bt customer, try logging into the wifi network you will see it prompts to enter account or payment details.

On the face of it, it seems to be a good deal until you try using it - most places it works so poorly you just wouldn't bother if you had any other option.

But yes, it should be made clearer when you set it up, and probably shouldn't be on by default.

Member
Joined:
Posts: 736

Yes, you are right BrianH it is quite a limited 'service': I only found about it because a chap used to frequently park near my house late at night, obviously using his mobile for (a WiFi) SMS App. - and when I (eventually) investigated just why he did that I realised there was an (open) "BT-with-FON" WiFi signal operated at high signal strength (not so surprising as it was from MY hub.. !)...... When challenged he did not like it (as in " I am a BT Customer so I have paid to use it") so I had to resort to other means to dissuade him....

Member
Joined:
Posts: 2441

The wifi thing doesn't give away any personal information, so it's nothing to do with GDPR. Just very sharky practice very everyone's favourite monopoly :(

Member
Joined:
Posts: 736

I could probably reasonably contend that it relates to the aspect of GDPR as it applies to OPT IN/OUT requirements Consent [ Art. 4(11) ] for example::

https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/lawful-basis-for-processing/consent/

Technically BT (on that link posted above) are thus publically revealing the specific location/s of their customers (without explicit permission) of course !

Similarly it is possibly a complex legal issue but, as you indicated, monopolies seem to think THEY make the rules.....
.

Incidentally BT say 'it eats 2%-10% of your available bandwidth', so who know what it really is....

http://bt.custhelp.com/app/answers/detail/a_id/11015/~/bt-wi-fi%3A-common-questions-about-sharing-your-connection-with-other-people

Either way, it is a default liberty !! (How many BT Broadband Customers on here were also unaware for example ?)