Started by An_dz, June 02, 2018, 02:57:03 AM
0 Members and 1 Guest are viewing this topic.
Quote from: Isaac.Eiland-Hall on June 02, 2018, 04:55:02 AMAre we a Disorganization?
Quote from: IgorEliezer on June 02, 2018, 05:01:51 AMPerhaps a Nopany?
Quote from: An_dz on June 02, 2018, 05:46:25 AMThere are propanies and conpanies.
Quote from: An_dz on June 02, 2018, 05:46:25 AMWell, I like your company
Quote from: An_dz on June 02, 2018, 02:57:03 AMThe GDPR applies only to organisations and companies, we are neither.
Quoteby a natural person in the course of a purely personal or household activity
Quotedurch natürliche Personen zur Ausübung ausschließlich persönlicher oder familiärer Tätigkeiten
Quoteby natural persons to perform exclusively personal or family activities
Quotedurch eine natürliche Person im Rahmen einer rein persönlichen oder haushaltsmäßigen Tätigkeit
QuoteThis Regulation does not apply to the processing of personal data by a natural person in the course of a purely personal or household activity and thus with no connection to a professional or commercial activity. Personal or household activities could include correspondence and the holding of addresses, or social networking and online activity undertaken within the context of such activities. However, this Regulation applies to controllers or processors which provide the means for processing personal data for such personal or household activities.
QuoteDiese Verordnung gilt nicht für die Verarbeitung von personenbezogenen Daten, die von einer natürlichen Person zur Ausübung ausschließlich persönlicher oder familiärer Tätigkeiten und somit ohne Bezug zu einer beruflichen oder wirtschaftlichen Tätigkeit vorgenommen wird. Als persönliche oder familiäre Tätigkeiten könnte auch das Führen eines Schriftverkehrs oder von Anschriftenverzeichnissen oder die Nutzung sozialer Netze und Online-Tätigkeiten im Rahmen solcher Tätigkeiten gelten. Diese Verordnung gilt jedoch für die Verantwortlichen oder Auftragsverarbeiter, die die Instrumente für die Verarbeitung personenbezogener Daten für solche persönlichen oder familiären Tätigkeiten bereitstellen.
Quote from: jamespetts on June 02, 2018, 10:33:01 AMIt is not at all clear either from the definition or the recital whether an individual running a non-commercial, non-professional website for the pursuit of a personal hobby but which is accessible to the world at large falls within the definition of "personal or household". Arguably, it may well so fall: it is not commercial or professional, and the world at large may access data relating to "social networking and online activity undertaken within the context of such activities".
Quote from: Leartin on June 02, 2018, 01:05:02 PMThe question to ask in case of private websites is not whether it's a personal hobby, nor whether it's accessible to the world. The question is who it is aimed at. Similar to how it applies to those living in Non-EU-Members who aim their offers to EU-citizen (eg. this forum, which not only claims to be international, but also provides subsections in swedish and czech, both only official languages in EU members - as opposed to dutch and italian, which is at least second language somewhere else- and allows the user to pick EU members as their nationality), you'd need to ask if the private website is just for friends and family, or has offers aimed at strangers. Eg. if you make a website/forum for your gaming clan, the intended audience is people from that clan - friends you already know through other means - and not total strangers. On the other hand, if you make a fansite for the game as a whole, the intended audience would be everyone who plays the game, and unless the game itself has some kind of restriction to it (eg. it's your game you made for friends), that means the site needs to comply with the GDPR. While this still leaves room for corner-cases and debate who the intended audience is, it's a lot clearer then asking whether it is a "hobby" or "commercial/professional", since those pretty much don't matter at all for GDPR. (Eg. to consider whether this website falls under GDPR, you don't need to question whether Simutrans is a hobby to Isaac, nor if he hosts because he is a professional host. Both are irrelevant. Is it aimed at a group of friends and family or total strangers? Yes it is. Since it's not hosted in the EU, is it targeted at EU members? As said before, yes it is. Technically, even the international Simutrans Forum would require all the GDPR ***star***.
Quote from: Ters on June 03, 2018, 09:01:10 AMI don't think a 1990s style online guest book counts as personal or household as it is usable (read and write access) by the entire (online) world. However, an old fashioned physical guest book might, as long as the guests are limited to friends and family. GDPR is as far as I understand not limited to data stored and processed electromagnetically. The exemptions are likely aimed at the kind of casual personal information collection taking place in everyday life. Such as your collection of names, phone numbers and maybe birth dates, whether on a piece of paper pinned to the wall next to the rotary phone in the hall, or stored in your personal cloud for use on your smartphone. Or the log of SMS messages received from various people.
Quote from: FrankSticking point is the IP. This is at least in Germany under the personal data.And since the IP is practically always transferred and stored, the GDPR also applies to everyone.
Quote from: jamespetts on June 03, 2018, 08:28:26 AMMay I ask what in the text of the GDPR itself supports that specific construction of "purely personal or household activity" (i.e., that a purely personal or household activity is one that is exclusively aimed at the person's personal friends and family)? That would seem to suggest that a 1990s style "personal home page" with a guest book would not be exempt, which does not seem entirely consistent with the wording of article 2(2) nor recital 18.
Quote from: jamespetts on June 03, 2018, 09:05:29 AMAgain, may I ask: where is this in the text?
Quote from: jamespetts on June 03, 2018, 09:05:29 AMBut what in the text supports this specific interpretation that "purely personal or household" is confined only to interactions with friends and family?
QuoteAn IP is data that can be used to identify a natural person
Quotethe activity of running a hobby website for a non-commercial computer game can well be personal, but if you are aiming that website at strangers, you reach out of your personal bubble, so it's not personal anymore
Quote from: jamespetts on June 03, 2018, 12:12:56 PMWhether something is "aimed at strangers" does not seem to be entirely consistent with the notion of a "purely personal activity" in article 2(2)(c) and expounded upon by recital 18 - one might have a purely personal activity aimed at strangers (as in posting photographs to one's Facebook account with the privacy set to public, for example, or posting photographs to Flickr, assuming in both cases that the photographs are just a personal hobby and not commercial). A good example of a purely personal activity aimed at strangers is online dating: although the companies running the websites are not exempt because their activity is commercial, those who use online dating websites clearly gather and process others' personal data in an activity that is very specifically aimed at strangers, yet it would be odd if that activity were one that is not "purely personal".
Quote from: Leartin on June 03, 2018, 09:48:33 AMI found out that the best way to deal with personal information is to kill everyone, since dead people have no right to privacy. Still, it makes perfect sense to me, so I'm inclined to believe it.
Quote from: Ters on June 03, 2018, 12:46:52 PMI think the vagueness is because technology is moving way faster that legislation.
Quote from: Leartin on June 03, 2018, 01:24:22 PMWhether something is aimed at strangers is only relevant if you also collect their data, since you need to make sure such a data collection would comply to the GDPR, unless the GDPR does not apply. If you are on a dating website, you would trust the provider of that service to handle all the GDPR-things, show a form to every user, let them sign that they are okay with sharing their data etc. - in the end, the user only sees data they are allowed to see under the GDPR anyway, because the service provider needs to make sure that's the case. It's no different from looking for a number in a phone book, or even asking for a number in person.
QuoteSame is true for sharing photos on Facebook: You are fine, since Facebook mostly deals with GDPR-related shenanigans. But once you create your own website and share the photoes there, YOU are the one collecting Information first hand (eg. IP adresses, guestbook data, comments,...) - so now we must decide whether that data collection is "personal-household" or not. As you said, just because it's accessible by everyone does not mean it's not personal. Which criteria would you use to decide, if not the target audience (or in this case: What's on the fotos, and who could be interested in them?).
Quote from: jamespetts on June 03, 2018, 06:10:53 PMThe whole thing is deeply authoritarian and really very, very sinister.
Quote from: jamespetts on June 03, 2018, 06:10:53 PMThat is not a good analogy, as the users would then be data processors rather than exempt, and they would be obliged to handle the data that they see in accordance with the Regulation (and the website providers would have to audit each and every one of their users to demonstrate compliance); but the users do not process data on behalf of the site - they process the data for their own use, and so would be data controllers unless exempt, and thus obliged to have detailed written policies and serve Article 14 notices on each and every person whose profile that they visit (unless they can demonstrate that this would involve "disproportionate effort").
Quote from: jamespetts on June 03, 2018, 06:10:53 PMI would suggest that a sensible interpretation of an activity that is "purely personal or household" is one that is undertaken by a singular individual or a family/household that is not commercial/professional in character. That would be consistent with, e.g., clubs being required to comply with the Regulation but individuals' websites being not so required.
Quote from: Ters on June 03, 2018, 06:49:57 PMWell, I consider those the law is against more sinister. Companies are collecting more information about people than Gestapo, Stasi or KGB ever did.
Quote from: Ters on June 03, 2018, 06:49:57 PMGDPR also restricts what governments can do with personal information. (Although I guess they have some ability to make exceptions for themselves, especially if they play the national security card.)
Quote from: killwater on June 03, 2018, 09:32:46 PMThe difference is they only collect what you want to give them
Quote from: killwater on June 03, 2018, 09:32:46 PMThis is a death switch to free internet.
Quote from: An_dz on June 03, 2018, 10:52:45 PMThat's not true, I don't want to give any information to Google but they still get it and create a profile about me wherever there's a site that has their stuff (Analytics, JS libs, fonts, custom searches, etc.). And even if you do sign up to their service they can collect data about you that you don't give to them but they "find out" inspecting your behaviour. Facebook bought WhatsApp exactly because of that, it reveals a lot about you.
Quote from: An_dz on June 03, 2018, 10:52:45 PMThat's true, the law has some requirements that are idiot, like demanding a "Director of Privacy" or whatever the name is. That's simple for a big company, but not for a small one.
Quote from: Leartin on June 03, 2018, 07:44:18 PMWould you say every company that owns a phone book has to serve such an Article 14 notice to everyone who is in the phone book? If you, as employee of a company, visit a company website for some quick information, and that website happens to include personal data, would you be forced to write that Article 14 notice, or delete your browser history, or both?
QuoteThe difference I wanted to highlight is that as a user of a service, you only give data away, and recieve data that was given by the data subject willingly and for that very purpose, who were informed about all the implications as required by the GDPR. While not as public as a phone book, it's as public as a companies deed (=anyone who pays a fee can get it), hence comparable. But that would mean if I created my own Facebook alternative as a private individual, no matter how large it would grow, as long as I would keep it as a garage project I could own millions of users data all while the GDPR wouldn't apply to me... Yeah, I'm sure that protects user data alright...
Quote from: jamespetts on June 04, 2018, 05:07:19 PMThe extent of the data processed does not appear relevant to the "personal or household[/family]" exception.
Quote from: jamespetts on June 04, 2018, 05:07:19 PMI am afraid that it is very naive to think that the GDPR is a way of the state protecting people from the actions of commercial entities. It is an example of the long-standing technique of myriad tyrants of taking a genuine issue and deliberately over-reacting with far more extreme repression of liberty than can possibly be justified in truth to solve the original problem in order to achieve sinister and repressive ends. Remember, the state is the institution with the most power, and there are huge exceptions for the state (e.g. anything to do with "national security", which is not clearly defined) in its compliance with the Regulation. Be in no doubt that the people who drew, sponsored and passed this legislation are deeply, deeply evil.
Quote from: Ters on June 04, 2018, 06:09:40 PMJust like the Soviet union was a nice friend to have 1941-1945.
Quote from: killwater on June 04, 2018, 06:39:06 PM Greatest buddies ever... https://en.wikipedia.org/wiki/Soviet_war_crimes#World_War_II https://en.wikipedia.org/wiki/Katyn_massacrehttps://en.wikipedia.org/wiki/NKVD_prisoner_massacresPlease think twice before posting such examples...
Quote from: Ters on June 04, 2018, 06:09:40 PMI can't think of any personal or household activity that involves keeping track of data about thousands of living persons. And genealogi is the only thing pushing this up from hundreds.
Quote from: jamespetts on June 04, 2018, 09:55:27 PMBut that is circular reasoning - you define something as being not "personal or household" because of the number of people whose data are processed, and then state when questioned on why there should be a connexion that you cannot think of any "personal or household" activity that involves processing the personal data of a large number of people. The conclusion appears therefore to be an essential premise of your reasoning, which is thus invalid.
Quote from: jamespetts on June 04, 2018, 09:55:27 PMAs to claiming that deeply evil individuals are a "good friend to have", that is very, very dangerous indeed and I am afraid never, ever valid. All evil must be opposed by any means necessary, come what may.
Quote from: Ters on June 05, 2018, 05:27:46 AMNo, I have long since defined personal and household activities as things relating to functioning as a person and being part of a household. Activities like buying food, washing clothes, keeping touch with friends and close relatives, paying taxes.
QuoteWell, I'm the pragmatic type. If I'm alone and a group of thugs is threatening me, I'll temporarily befriend a rival group of thugs if there is any hope that I will end better off. Evil won't be any more oppressed if I just let the first group of thugs beat me up. By playing the two evils against each other, I can wait it out until maybe one day, enough people will be willing to fight them both (or the one that's left). Currently, most people seem ignorant of either threat.
Quote from: Ters on June 05, 2018, 05:27:46 AMWell, I'm the pragmatic type. If I'm alone and a group of thugs is threatening me, I'll temporarily befriend a rival group of thugs if there is any hope that I will end better off. Evil won't be any more oppressed if I just let the first group of thugs beat me up. By playing the two evils against each other, I can wait it out until maybe one day, enough people will be willing to fight them both (or the one that's left). Currently, most people seem ignorant of either threat.
Quote from: jamespetts on June 05, 2018, 06:23:53 PMThat sort of "pragmatism" has been responsible for some of the greatest evil that humankind has ever known being allowed to thrive.
Quote from: Ters on June 05, 2018, 08:53:23 PMAs opposed to those who just let the thugs walk over them? I see no third group of "good guys" to join. But there is a hope of stopping one of the two evildoers, and using influence to lessen the other. Nobody has proposed another way out of this situation.
Quote from: Ters on June 05, 2018, 09:14:18 PMI only used the word join after killwater wrote that you can't interact with others without becoming part of their group.
Quote from: killwater on June 06, 2018, 07:46:02 PMWell I was referring to you writing of "befriending the rival group of thugs if there is any hope that I will end better off". Befriending is quite a peculiar type of interaction suggesting more than just hiding behind someones back.And unfortunately in such situations it is like that - let me cite the classic from 2001: "You're either with us or against us". This was addressed to friends - particularly allies of one of the mightiest nations ever. In soviet union if you did not join the best economic system ever you were arrested, beaten and imprisoned or simply executed...