(no title)
lajhsdfkl | 7 years ago
Completely unrelated. Not only are DMCA requests easier to handle than data access requests, the fines for not complying with GDPR are disproportionately larger for violating DMCA.
Work required for complying with a DMCA request: delete the offending material, a basic feature implemented on every single piece of forum software
Work required for complying with a data access request: Search every single service you potentially could have stored user data in and provide it to the user. A non basic feature that requires custom development.
Additionally any malevolent user (as is shown in this case) is incentivized to send a GDPR data access request while this is not true for DMCA.
I agree however that they are both horrible laws. So if your argument was to show that GDPR is just as bad as the DMCA I agree. GDPR is a horrible law and it is not obvious to me that the law wasn't created specifically to target non European business.
ascorbic|7 years ago
The only way this targets non-European businesses is because the litigious nature of US culture seems to lead to this sort of overreaction.
I'm also not sure how a malevolent user is any more incentivised to abuse this than DMCA. The DMCA lets them issue actual legal threats and action. This just allows requests.
The DMCA helps big business at the expense of the general public. This does the reverse. It's no wonder there's been so much noise and scaremongering.
zeth___|7 years ago
Getting sued in Europe is a huge deal, getting sued in the US is part of doing business.
lajhsdfkl|7 years ago
Completely besides the point, there are hundreds of different pieces of forum software that may not have that feature implemented.
>The only way this targets non-European businesses is because the litigious nature of US culture seems to lead to this sort of overreaction.
Did I ever bring up litigation? What is your point here?
geocar|7 years ago
People send fake DCMA takedowns all the time.
If someone sends you a GDPR data request, you can ask for administrative costs. You can even ask it to be mailed to you via post. If someone sends you a bogus and unreasonable GDPR data request, you can ask them to pay you a further reasonable fee.
This can almost be an auto-response. Trolls will get bored.
> Work required for complying with a data access request: Search every single service you potentially could have stored user data in and provide it to the user. A non basic feature that requires custom development.
This is not true. Recital 62[1] says you don't have to give them any data they already have, and Recital 57[2] says you aren't obliged to determine which of your data identifies them if you aren't going to do it anyway.
[1]: http://www.privacy-regulation.eu/en/recital-62-GDPR.htm
[2]: http://www.privacy-regulation.eu/en/recital-57-GDPR.htm
> I agree however that they are both horrible laws.
I like the GDPR a great deal, and I think it'll be good for companies big and small in the long run. Disclaimer though: I'm doing some GDPR consulting, so you might prefer to think I'm getting paid to like the GDPR.
The scary bit seems to be for companies that approach compliance from the point-of-view of centralising understanding, and minimising the impact and costs of that compliance. They're looking for someone to tell them "this is enough effort", but the point is that Europeans don't want people playing chicken with their data[3].
As soon as companies realise that embracing the spirit of the GDPR is cheaper, it starts becoming a real opportunity for them.
[3]: https://www.sec.gov/Archives/edgar/data/33185/00011931251815...
sameyolo|7 years ago
"1 - The controller shall provide a copy of the personal data undergoing processing. 2- For any further copies requested by the data subject, the controller may charge a reasonable fee based on administrative costs."
https://gdpr-info.eu/art-15-gdpr/