KatsBits Community

General Category => News => Topic started by: kat on May 21, 2018, 01:31:50 PM

Title: General Data Protection Regulation and your consent to use a site or service
Post by: kat on May 21, 2018, 01:31:50 PM

In the coming weeks many online sites and services based in the Europe (and optionally elsewhere) will be emailing various notification of consent messages, or provide updated cookie consent pop-ups online, so as to be in compliance with the new EU General Data Protection Regulation (https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/) (come into effect 25 May), required to be issued for visitors (continued) use of a site or service.

It's not exactly clear how this affects forums and other community or participatory services like KatsBits because the regulations carry the implication (http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32016R0679) that if consent is not given, any content, user accounts or other material must be removed with immediate effect (because consent for its continued use has not been/is no longer given). Needless to say the consequences of having to do this where more than one person is involved in a conversation potentially means/implies all associated content need be removed (and likely permanently deleted), which then obviously breaks context and continuity, of particular importance for technical support, fixing issues and getting appropriate degrees of community assistance.

For updates on GDPR bookmark or subscribe to this post.
Title: Re: General Data Protection Regulation and your consent to use a site or service
Post by: ratty redemption on May 21, 2018, 04:02:36 PM
what's the point of them doing this?
Title: Re: GDPR and your consent to use a site or service
Post by: kat on May 21, 2018, 07:49:40 PM
No idea. GDPR supposedly forces companies to take data security seriously (https://iconewsblog.org.uk/2018/05/09/raising-the-bar-consent-under-the-gdpr/), like they don't already. Its being framed as giving consumers more extensive legal or legislative tools to have any data on them revealed if requested, and deleted if so desired.

That might work fine in terms of mailing lists and advertising where the individual isn't actively contributing anything to the service they receive - in this situation its possible to see how consumers might want to refuse their data, including IP addresses, being used by email harvesters and other 'junk' services that grab and scrape internet users data, typically emails, to use in ways they didn't consent to.

In situations where they are, its not entirely clear what GDPR considers 'personal data'... or rather it is but the definition is so broad as to include content like social media, forums posts and the like. GDPR makes that type of 'overt' or 'exposed' personal content (posted by a person) appears subject to the same data retention requirements as 'hidden' data that might be collected when using a site or service.

And of course, smaller sites and services don't have the legal or compliance personnel in place to ensure they're operating within the regulations.
Title: Re: General Data Protection Regulation and your consent to use a site or service
Post by: ratty redemption on May 21, 2018, 10:44:02 PM
understood, thanks.

Title: Re: General Data Protection Regulation and your consent to use a site or service
Post by: kat on May 22, 2018, 12:14:05 AM
Of course... all this stuff only applies to site and services already essentially conducting themselves 'properly' within existing legislation. Scammers, spammers, scrapers, trawlers and all the other operators that 'acquire' data though questionable means, are not affected by any of this nonsense... how does a person get their data removed from spam lists if they didn't subscribe in the first place. And how are these entities to be held accountable when they already don't care - try sending an abuse claim on a domain that's actually run by the scammer. It. Doesn't. Work.
Title: Re: General Data Protection Regulation and your consent to use a site or service
Post by: ratty redemption on May 22, 2018, 12:32:08 AM
yeah, years ago when i first started getting email spam, i clicked on a couple of "unsubscribe" links. which led me to pages where i was prompted to enter my email address. with the "assurance" that the companies would remove me from their mailing lists and not bother me again... that apparently had the opposite effect, and i received a lot more spam afterwards. up until the point where i eventually changed my address (for various reasons). i assume they were not acting in good faith, and instead had confirmation that my email account was active.
Title: Re: General Data Protection Regulation and your consent to use a site or service
Post by: kat on May 22, 2018, 10:18:32 AM
Exactly. So taking that as exemplar of personal information abuse situations, how does GDPR address this when there is literally nothing a person could do that wouldn't then make the problem worse. As with all these regulations they assume good faith adherence to what's being asked.