rangerovers.pub
The only place for a coil spring is up Zebedee's arse.
Member
Joined: Sep 02 2016
Posts: 264

This is my favourite bit of GDPR (so far), from a US site:

" Sorry ;-(
You are visiting this website from a country belonging to the European Economic Area (EEA) which enforces the General Data Protection Regulation (GDPR) and therefore cannot grant you access at this time. We are unable to bear the GDPR compliance cost at the moment. Come back again some other time. "

Overall probably the real 'sticking point' remains this clause:

"Legitimate interest"

"In specific situations, we may require your data to pursue our legitimate interests in a way which might reasonably be expected as part of running our business and which does not materially impact your rights, freedom or interests"

Although I have asked a few to explain this (eg. who decides what is 'reasonable'and/or 'materially impacts', US or YOU ?) but have nor received any answers (so far)...

and which thus probably tells us all we need to know...?

Member
Joined: Dec 30 2015
Posts: 1249

Who decides? ultimately the courts - should someone make a complaint and bring a case.
It seems like a stretch for a US based forum to be worried about EU law. It only has teeth if the company concerned has UK/EU based operations which can then be fined.

Member
Joined: Sep 02 2016
Posts: 264

In effect this has already all happened of course with the FaceBook/Cambridge Analytica case and the key question "who owns our personal data ?" https://en.wikipedia.org/wiki/Facebook%E2%80%93Cambridge_Analytica_data_scandal

The "Social Media" Companies can't be trusted (and don't care) ! It is inevitable that further Regulation will occur....

Member
Joined: Dec 29 2015
Posts: 654

Just to clarify the situation, I don't give a shit about collecting your PII, but I take all practicable steps to ensure that all the site data is stored securely. If you want to add links to your blog, social media accounts or your phone number, photo or inside leg measurement to your site bio or signature, that's entirely your decision. Because this is non-profit, GDPR does not apply.

The site is currently hosted in England. If there are significant adverse effects from Brexit I'll most likely move the hosting to Germany, either on a dedicated server or AWS. If Scotland leaves the UK following Brexit, then I will plan to move the site hosting to Scotland once it regains EU membership.

I can't stress this enough, though. What you put on publically-viewable parts of the website is down to you. As long as what you post doesn't breach general standards of decency or actually break the law, I don't mind what you do, but it's entirely up to you to behave yourselves. No-one has offered to buy the site or your data, and even if they did I don't feel any great need to sell out.

If you have any questions about the security and integrity of your data on this site, please feel free to ask.

Member
Joined: Sep 02 2016
Posts: 264

Understood, Gordon !

  • and I trust everyone realised my 'trust' comments above are obviously not aimed at this site but at FB/Zuckerberg and the like. In particular that FB makes its money from advertising (and thus by direct implication from 'personalised' and/or 'targetted' advertising of course.)

eg. If you visit the likes of RRs.net they ask the question/s about using 'your' data (on the basis of their "Legitimate Interest") to pass on to others. Once you could accept Cookies from (just) them and reject their Thirs-Party cookiesThe key principal here should be that you opt in for that, not that it is a default if you use the site, and that is where the EU and USA are on a collision course.

Here's the thing; It is OK for FB/Zuck to say they 'got it wrong and will improve' (and other platitudes) but in the meantime all their User's data is fair game (and in perpetuity.....) ?

The EU (and so the UK !) are bound by certain established 'Consumer' and 'Customer/User' rules; For instance if you buy something from Halfords is it then somehow acceptable for them to pass the details of that transaction to other organisations ? Of course not (depending on any Ts&Cs you may may have signed....) but, for a variety of reasons, many Consumer's don't view the Digital World from the same points of Personal Privacy......

Similarly if your use a US-based e-mail platform is it right that they own the content... on the basis that you don't actually pay for it ? This is also the future, paying for our privacy too......

Member
Joined: Dec 30 2015
Posts: 1249

Hate to say it Gordon but GDPR applies to any personal information processed outside home use (Christmas card lists, personal social media, household gadgets etc)

Being non-profit doesn't create an exemption.

Member
avatar
Joined: Dec 30 2015
Posts: 2979

Whether it applies or not it is how the data is used that is important not that it is there. Anyone that registers here gives their personal details freely and provided Gordon doesn't decide to sell those details on to someone else, there isn't a problem If you choose to publish what could be considered personal information (birthday, etc) then that is immediately placed in the public domain. So is no longer considered personal but public. What isn't allowed is something I need to take up with another owners club I'm involved in. They send out a newsletter by email but looking at the To list, it shows every email address for all 200 odd recipients. That email address has been given in order that the club can contact them, not to publish it to everyone else who may then use it for other purposes. The advice we got at work under those circumstances is to send an email to yourself and put the other recipients in the Bcc list.

Member
Joined: Dec 30 2015
Posts: 1249

Even if I choose to publish my birthday on the face of the moon, it remains personal data. No-one else has the right to publish that data unless they are able to prove a lawful basis for doing so.

To be clear, I have no objection to the way Gordon runs this site. I just pointed out that GDPR applies here in case he ends up in a tangle in the future.

On the CC'd email point, assuming that you have not consented to your email address being shared with other members of the list, that's a textbook case of a data breach. This means that the data processor has not taken sufficient care to ensure the correct technical and organisational procedures are in place to guarantee data security under the 7th principle of GDPR and arguably they've failed to uphold the first principle (fair and lawful processing) as well. Go gettum :)

Member
Joined: Sep 02 2016
Posts: 264

Probably a bit of a Moot/Moon point Morat if you (willingly and willfully) wrote it big enough to read from Earth....!

Meanwhile back down here as I hope I had originally indicated the whole EU GDPR initiative was primarily predicated on a number of various US giants who assume our data is theirs (to do with as they wish and where they wish) of course.

PS: Whilst you are up there can you get me some 50th-Anniversary Moon-rocks please ?

Member
Joined: Dec 30 2015
Posts: 1249

GDPR certainly is designed to stop the likes of FarceCrook, Sploogle, Crapple et al from spreading our personal data around the globe but it's also aimed at everyone else from the public sector to "marketing database" sales types.

I think it is well inentioned but when bureaucrats start planning perfection, the best you can hope for is Milton Keynes :(

Member
avatar
Joined: Dec 30 2015
Posts: 2979

As I was once told by a lawyer, laws are drafted and worded by lawyers in such a way that other lawyers can then earn a fortune arguing over the precise meaning of them......

Member
Joined: Dec 30 2015
Posts: 1249

Well I bet he was soon thrown out of the Magic Circle!! :)