top | item 18016767

(no title)

mrmekon | 7 years ago

In my network of friends, which is within the EU and comprised entirely of EU citizens and spans multiple EU tech companies from dinky startups to Giant Unicorn, GDPR has been almost universally approved. We had to implement it, and generally feel better for having done so. The Giant Unicorn employees were dismayed by how little time they were given for such a giant task, but were in support of the law.

Everybody is completely and 100% against the copyright law.

There is a huge difference between the two from my point of view:

GDPR is not a law about "The Internet", it is a law about company records. It applies to Google, but it also applies to the Pakistani food stand on the corner. It affects Google a lot more, sure. I support the concept that a company does not have some inherent right to be a steward of my personal data without my explicit consent. GDPR is also easy enough for even tiny startups to comply with, and is significantly easier for small companies than large ones. It does not create a large barrier to entry for new startups or a rift between the existing small and large companies.

The copyright law, however, is a law about The Internet. It controls how businesses interact with the internet. It sets _technical_ restrictions on how they can do so. It sets technical restrictions that are probably not even feasible, at that. It absolutely does create a huge barrier to entry for small companies, and could possibly enshrine the existing tech giants into de-facto monopolies (I mean, if they aren't already...)

The copyright directive is horrible enough on its own. I don't see why everyone is in a rush to pull in mentions of GDPR to make it seem "worse". For a lot of us, it weakens the argument instead of strengthening it. Not everyone likes GDPR, obviously, but we can _all_ agree that the copyright law is garbage.

discuss

Tharkun|7 years ago

I disagree with the GDPR "success story" part of your comment. So far it's backfired entirely. The goal was to provide users with more control, and (from the standpoint of such a user) to reduce relentless personal data harvesting.

That hasn't happened. What's happened is more annoying "we use cookies and track you"-banners all over the internet. As a user who doesn't use cookies, these damned things won't even go away and keep coming back. It hasn't given me more control. At all. If anything, it's made me more trackable on the internet (because now I'll have to use cookies to tell people I don't want their god damned cookies).

Online newspapers are the worst. "Here's a front page you can read, and maybe the start of an article, if you want more, you have to give us permission to track you -- or you can just fuck off". What exactly has GDPR solved here? Nothing. Before this nonsense, I could simply tell my browser not to accept cookies from these sites, and I could tell my plugins to ignore their tracking stuff. But at least I could read the newspaper without any hassle. Now all I get is more annoying popups and less contents. Thanks, GDPR.

Yes, I'm being snarky. Yes, I know the idea of the law is pretty solid. But no, I'm not at all happy with the outcome.

tomp|7 years ago

Yea, I agree.

AFAIK GDPR does explicitly legislate against all that - dialogues should be "opt-in" and should include a simple "no" option, and that sites shouldn't "ban" you for not clicking "yes".

But unless EU actually starts delivering some hefty fines, the law is just a dead tree.

simion314|7 years ago

The law was not created to piss off the minority of users that do not use cookies or use plugins or extension to protect themselves, the law is intended for all users to be informed and to allow them to protect themselves.

There are many people, like my father that don't even realize that his data was collected and sold behind his back, hopefully we get some fines soon so the websites implement the law right.

What I do if I really want to read a news article I will open it in a private window, accept that crap and close the window when done, but most of the time I will not read that website and go to ones that respect the users like Europen new websites.

zwp|7 years ago

> Online newspapers are the worst

Oracle. Here's July's Critical Patch Update page:

http://www.oracle.com/technetwork/security-advisory/cpujul20...

On my my domestic ADSL line the cookie pop-up takes almost 10s to load. It presents 67 checkboxes to select from. There is no default selection, so this requires at least 3 more clicks (at least the non-obligatory cookies are grouped). Submitting the form takes another ~4s -- it even has a progress bar. (Thankfully they aren't using TLS so it's not quite as slow as it could be).

Earlier this summer this component was broken and I just couldn't use oracle.com.

mariushn|7 years ago

Same for offline businesses. Go to a bank, they'll ask your consent for handling personal data ("It's a GDPR law"). If you don't want to sign, they won't do business with you. No bank will.

So, it's just one more paper to sign, and doesn't help the actual consumer. I would have expected more of "Don't send me any promotional/survey questions unless I opt in", or "Never share my data with 3rd parties, period".

kruczek|7 years ago

> What's happened is more annoying "we use cookies and track you"-banners all over the internet.

Not exactly. What happened on many sites is that along with that notification you are given an option to opt out of tracking and view crazy-long lists of partners with whom data is shared. So on those sites the user is given both choice and greater transparency. (Although I admit usually the choice is presented in such a way that it is easy to accept and difficult to reject - which is actually prohibited by GDPR.)

However on the other hand, as you say, there are sites which only give notification without giving any choice - which is also prohibited by GDPR. So I'd say the law is good, now we need to see it enforced and actually punish sites which do not follow it.

pbhjpbhj|7 years ago

AIUI the "allow being tracked to gain access" is unlawful.

MiddleEndian|7 years ago

You may be interested in http://prebake.eu/ to block them.

davidhyde|7 years ago

I 100% agree with this. GDPR is a shining beacon of success and it blows my mind that it came from the same clowns that made the cookie law. They covered my internet with cookie banner graffiti and now they want to mess with something as fundamental as a hyperlink.

emilfihlman|7 years ago

GDPR is absolutely not the shining beacon of success. Let's review at some glaring, obvious and 100%-lets-make-this-law-shite points:

1. Application and enforcement: GDPR is 100% arbitrarily enforced, it is a "trust us, we could do no harm, trust us" law, that is extremely well suited to adding other such "trust us" laws.

2. Absolutely ridiculous overreach: on a technical level, GDPR is braindead. It applies ridiculous, stupid and unnecessary restrictions for no purpose.

3. You just added an obligatory "lol accept this or GTFO" thing to all sites.

AnssiH|7 years ago

> and now they want to mess with something as fundamental as a hyperlink.

Unless I'm missing something, basic hyperlinking seems to be excluded from the scope of the new directive, and it is instead targeting services that reproduce the publication more substantially.

Recital 33:

> This protection [granted to press publications] does not extend to acts of hyperlinking.

Article 11, paragraph 2a:

> The rights referred to in paragraph 1 shall not extend to mere hyperlinks which are accompanied by individual words.

http://www.europarl.europa.eu/sides/getDoc.do?pubRef=-//EP//...

garaetjjte|7 years ago

And now it is covered also in GDPR banner graffiti…

Jnr|7 years ago

Cookie law is still relevant. The only difference is that now companies can actually get penalties for not complying with those rules. Previously it wasn't really enforced. Without consent no 3rd party scripts and content that can track visitor should be loaded, and once the change period of 1 year passes, a lot of sites ignoring this will start receiving well deserved penalties.

Matticus_Rex|7 years ago

I'm having trouble figuring out what world you live in. The GDPR has accomplished nearly nothing at huge cost. Maybe the upsides will look better a few years down the line with some enforcement history, but this GDPR Compliance Coordinator strongly doubts it.

Dormeno|7 years ago

> GDPR is a shining beacon of success

I can't browse the internet with cookies disabled anymore because of all these horrible banners taking up the screen to take my consent.

For people who care about privacy, it's made the experience worse, not better, I even send a DNT header and still get this.

I am blocked from accessing certain sites, so now I have to route my connections through countries outside of the US, this is not a success for people like me.

If they had involved technical people, we wouldn't see such horrible implementations.

deltron3030|7 years ago

>GDPR is not a law about "The Internet", it is a law about company records. It applies to Google, but it also applies to the Pakistani food stand on the corner. It affects Google a lot more, sure.

It's about full stack owners vs. people who depend on modules to operate, not size of the company. And controlling or maintaining consistentcy across all those modules might be difficult when it comes to GDPR. Just think about plugin pipelines that many small businesses build with Wordpress and similar, where every service that sits between your app and your database needs to be compliant if you want to comply with GDPR.

The pakistani foodstand might be a full stack owner like Google, but in small, he controls his stack and can manually delete all records if neccessary.

But if you use modules/services you can't really reach into the DB's of your module providers.

charleslmunger|7 years ago

I am not a lawyer, but GDPR explicitly covers the plugin pipelines - they're "processors". The requirements for processors are basically that you can only use processors that are compliant with GDPR themselves. Any well designed regulation disallows skirting liability by subcontracting out functionality. Is that really unreasonable? It describes pretty clearly how to be a compliant processor, and it's basically saying that you have to have a contract with the "controller" that requires you to fulfill the same responsibilities that the controller would have under GDPR if they were doing the work in house.

https://gdpr-info.eu/art-28-gdpr/

Nursie|7 years ago

If you're using that many modules that you don't understand what's happening with your customer's data and can't easily control where it goes or what it's used for, I'm sorry, but I don't want to do business with you.

malvosenior|7 years ago

> I don't see why everyone is in a rush to pull in mentions of GDPR to make it seem "worse". For a lot of us, it weakens the argument instead of strengthening it.

I have the opposite feeling. A lot of us rejected to GDPR on the basis that it's not the government's domain (any government) to impose its will on the internet. Even if the content of GDPR is well meaning it opened the door to further laws, such as the new copyright law.

By saying "GDPR is a good idea, but the EU has no right to police the internet" it saves us from further legislative efforts.

By saying "GDPR is a good law but the copyright law is bad" it means we have to have this debate over and over and the message to law makers is a tacit green light to keep going down this path.

throwaway122378|7 years ago

Can you elaborate on the specifics of the copyright law?

mrmekon|7 years ago

It's all still up in the air, and the wording is vague. GDPR's wording is also vague, as EU laws are. When we read between the lines, GDPR's vagueness sounds promising (hard to over-reach, easy to understand intentions), and the Copyright Directive's vagueness sounds terrifying (easy to over-reach, hard to understand intentions).

https://en.wikipedia.org/wiki/Directive_on_Copyright_in_the_...

A big difference is in the boundaries. GDPR is bounded by your customer records. One customer, one collection of personal data. There's a hard upper limit: about 7 billion. Companies tend to scale with customers, so generally bigger companies will have bigger customer bases and bigger employee bases to handle protecting the records.

The Copyright Directive's bounds is user content. One customer, any number of potential infringements. A single person can run a company with 100 customers who upload 10,000 images each per year. Managing the customer base is pretty easy, managing the data storage is pretty easy, GDPR-protecting 100 people's data is pretty easy. But 1 million potential copyright infringements per year, each one of which could even be claimed by multiple rights holders. Your risk exposure grows with data, not with people. That one-man show probably can't handle tens of thousands of take-down requests, nor build an AI Machine Learning Cloud Native Copyright ID Blockchain System to automate it.

Pica_soO|7 years ago

[deleted]