cloudy cloudy

Author Topic: GDPR  (Read 792 times)

0 Members and 1 Guest are viewing this topic.

Offline Dale Reid

  • Posts: 163
  • Eau Claire, Wisconsin
  • OS/Browser:
  • Win 7/Srvr 2008R2
  • Firefox 60.0
Re: GDPR
« Reply #15 on: May 17, 2018, 01:45:24 AM »
confusion reigns.

My employer sees clients in the US from around the world.  When that happens, they are on our soil and the GDPR does not apply (according to a very expensive 39 page report from some outside counsel.)

However if we opened an office ON THEIR TURF, things would change dramatically.

Questions become fuzzy when we answer emails from them while they are in their home area (right now the opinion is that email isn't quite the same as having a location there).   

Also our laws and some state laws require 'forever' data points to be maintained when  we provide service, here at least.  So when the EU person wants to be forgotten, I'm pretty sure it ain't gonna happen, folks.  Maybe the stuff generated if we ever open an office over seas, but only to the stuff pertaining to data generated there, and not here. 

Otherwise, it is a big mess.  Parts are in contradiction to one another from what our, did I say expensive?, attorneys have advised. 

For many, it won't be worth the threat of being fined 4% of your GROSS sales, not net, and not from that particular transaction. So if you sell a widget and get $10 from the sale, it isn't 4% of that, it is 4% of anything you sold, so if you sold a few hundred ships to some Dutch company, it is 4% of everything.  Clearly this is punitive beyond common sense, and one must speculate as to how in the world they even dreamed anything like this up.

Google, Microsoft, Apple and others are huge cherries to be picked by them finding an  infraction and milking it for all they are worth.

I'm not even a cheap attorney, but from what we've been told, you can do all the business you want remotely and answer emails and all, but just don't open a business in their countries.

I'm sure there will be those who reconsider opening a branch in an EU country.


Offline Weather Display

  • Posts: 84,183
  • Davis VP2
  • New Zealand
  • OS/Browser:
  • Android 7.1.1
  • Chrome 66.0.3359.158
    • Weather Display
Re: GDPR
« Reply #16 on: May 17, 2018, 02:26:43 AM »
I have been told its 4%of your customers gross sales?

Offline broadstairs

  • Stuart
  • Posts: 7,001
  • Broadstairs, Kent, UK
  • OS/Browser:
  • (Linux Mint)
  • Firefox 56.0
    • Broadstairs
Re: GDPR
« Reply #17 on: May 17, 2018, 07:25:16 AM »
You can now see why in many ways this is the worst piece of legislation that has been drafted. I very much doubt that anyone who does not actually have an office within the EU jurisdiction will be successfully caught and prosecuted. As Dale has pointed out much of this bill conflicts with US law and we all know whose law will take precedence the US law of course. Obviously people like Google, Paypal etc who actually have offices in the EU need to comply but I honestly believe Brian has no need to worry. I am not a  lawyer just my opinion.

Stuart

Offline Dale Reid

  • Posts: 163
  • Eau Claire, Wisconsin
  • OS/Browser:
  • Win 7/Srvr 2008R2
  • Firefox 60.0
Re: GDPR
« Reply #18 on: May 17, 2018, 11:33:58 AM »
In the USA, at least, there is a popular marketing endorsement called non-GMO, for identifying items that are produced from non-genetically modified plants or animals.

Perhaps we can come up with a fancy symbol and have it be " Non-GDPR" as a sign to the EU's trolling lawyers that no personal data are stored?  Any graphic designers out there to draw up something catchy and slick?

Brian, yes it is 4% of any gross sales, and I assume it is for the year the 'infraction' as they view it, is found to have been done. 

If  your product is say $100 each, but you sold $2,500,000 of them last year, they want 4% of that, not the net profit of $1000 that you made after production costs.

As far as I can see, there are no exceptions.  I'm puzzled by how insurance companies, medical businesses, and even car companies with warranties for example with a 5 year bumper to bumper coverage can show how long the owner had the vehicle, if they were told by the buyer to 'forget me' and then come in for service.

Or banks, to identify their customers with stored passwords, etc.

The great danger, I think, is to the consumer if they decide to be forgotten, ever regaining their legal status.  Are passports protected or exempt somehow?  How about criminal records?  "This is the tenth arrest for driving while intoxicated for this arrest....No, wait, he was 'forgotten' so well, I guess this is his first offense."

You can see the poorly thought out and not well defined scope of this thing.

Offline Weather Display

  • Posts: 84,183
  • Davis VP2
  • New Zealand
  • OS/Browser:
  • Win NT 10.0
  • Chrome 66.0.3359.139
    • Weather Display
Re: GDPR
« Reply #19 on: May 17, 2018, 06:04:42 PM »
for me, I only kept the customers purchase emails for when someone wanted to re register WD
now it is up to the customer to prove that (i.e they need to keep that email, etc)

I can see that is the sort of change some businesses will make ,yes?

Offline Dale Reid

  • Posts: 163
  • Eau Claire, Wisconsin
  • OS/Browser:
  • Win 7/Srvr 2008R2
  • Firefox 60.0
Re: GDPR
« Reply #20 on: May 17, 2018, 10:11:12 PM »
Brian, the shifting of the responsibility to the consumer does eliminate the risk of some attorney from the EU knocking on your door, but it certainly does upset the apple cart of how things have been done in the past.  I, like others, have had computer crashes, and with it most of the emails that I've 'saved' but never in years past had the need to back up to another form of storage.

All vendors are going to be doing what they need to try to avoid any oppressive action by the EU, but going forward is one thing, having erased all the past history when those of us who have, in essence, depended upon the various vendors having a record that our products are still eligible for upgrade or re-activation by folks like you who offer a once purchase and good forever, ara now in a pinch, not having a record of having bought something.

All this goes to prove that the baby can be thrown out with the bathwater when dealing with this issue.  And just how poorly thought out the after effects of this law will be.

I'm thinking it willl implode once a major business gets a complaint and takes this unworkable law to their courts.  One reason to not open a branch office anywhere near the EU.

Dale

Offline Weather Display

  • Posts: 84,183
  • Davis VP2
  • New Zealand
  • OS/Browser:
  • Win NT 10.0
  • Chrome 66.0.3359.139
    • Weather Display
Re: GDPR
« Reply #21 on: May 17, 2018, 11:49:45 PM »
paypal though does keep that info and so I can search for the order via email address or name on the paypal web site when I log in
its then puts the burden on paypal to make sure they are secure in with peoples personal information
(its all designed to lesson chances of data breaches..i.e make businesses take security of peoples personal information more seriously...there has been data breaches from companies in the past (i.e they are hacked etc)

Offline niko

  • syzygy
  • Global Moderator
  • Posts: 27,239
  • Crystal Ball broken! Please post the URL.
  • Northern California, U.S.A.
  • OS/Browser:
  • Win 7/Srvr 2008R2
  • Chrome 66.0.3359.181
Re: GDPR
« Reply #22 on: May 18, 2018, 12:02:40 AM »
I was just reading about paypal and gdpr. I note that PayPal's Chief Operating officer's name is Bill Ready  :lol:

Offline hcorrin

  • Posts: 1,197
  • Ballaugh Isle of Man GB
  • OS/Browser:
  • Win NT 10.0
  • Mozilla compatible
    • Ballaugh Weather
Re: GDPR
« Reply #23 on: May 19, 2018, 07:15:33 PM »
Hi Brian
in 2003 you were using worldpay when I purchased my first copy so where do you stand with worldpay info
Harold

Offline Weather Display

  • Posts: 84,183
  • Davis VP2
  • New Zealand
  • OS/Browser:
  • Win NT 10.0
  • Chrome 66.0.3359.139
    • Weather Display
Re: GDPR
« Reply #24 on: May 19, 2018, 07:17:35 PM »
I got rid of world pay many years ago

Offline hcorrin

  • Posts: 1,197
  • Ballaugh Isle of Man GB
  • OS/Browser:
  • Win NT 10.0
  • Mozilla compatible
    • Ballaugh Weather
Re: GDPR
« Reply #25 on: May 19, 2018, 07:53:50 PM »
Ok have saved the worldpay email as a pdf for a rainy day

Offline Weather Display

  • Posts: 84,183
  • Davis VP2
  • New Zealand
  • OS/Browser:
  • Win NT 10.0
  • Chrome 66.0.3359.139
    • Weather Display
Re: GDPR
« Reply #26 on: May 20, 2018, 07:49:58 PM »
good info here
https://www.lawsociety.org.nz/practice-resources/practice-areas/privacy/gdpr-compliance-in-four-steps

it mentions social media even
I might need to remove the WD Facebook page even?


Offline Weather Display

  • Posts: 84,183
  • Davis VP2
  • New Zealand
  • OS/Browser:
  • Win NT 10.0
  • Chrome 66.0.3359.139
    • Weather Display
Re: GDPR
« Reply #27 on: May 20, 2018, 09:36:20 PM »
I wonder if I should remove link to the world wide WD location map too?

Offline Dale Reid

  • Posts: 163
  • Eau Claire, Wisconsin
  • OS/Browser:
  • Win 7/Srvr 2008R2
  • Firefox 60.0
Re: GDPR
« Reply #28 on: May 21, 2018, 12:36:15 PM »
Brian,
I've read through the link you furnished for four "easy" steps to compliance.

Needless to say, the information presented there seems to summarize their opinion, but may I follow on saying the vague gist of their arguments is in conflict with the advice our outside attorneys have given after a 6 month effort to understand this.

Confusion reigns.

One key part of the link's discussion is the realization that IF you have a non-EU location, they have no way in hell of assessing any penalties on you, even if they come to the conclusion that you violated this provision.

With software such as yours where users can download to try, and then buy later, it would be very difficult to gather the permission that this new law requires in a manner it requires, such as silence, pre-checked boxes, and so on.

And your concern about a world map of your software's installations is also interesting, since it can't really give you name, face, address or even audio recording of that information.

If you were to just provide a pin on a map with the city, and no link to the web page of the individual to see their weather data, I cannot fathom how that would be identifying.  I've not looked at that in some time, but don't know how that is set up currently.

The web site you provided is interesting and today I will contact our privacy officer to share that and discuss her understanding of it.

This whole thing is such a mismash, and I'm thinking that any politician who has stuck his or her foot in the mouth can suddenly declare that he wants all his video and audio recordings to be forgotten.  Now what?  I'm thinking that will bring a real challenge to the conflict between media and the elected liars (at least this is what they are called in the USA)

The implication from this web link you've referenced also has enormous over reach.  Yes, a person may live in the EU, but they are interpreting this to mean that even non-EU places must obey their rules.  Well, when in Rome do as Romans, and this ain't Rome.  To imply we out of EU folks give a flying darn about their laws if we don't have a physical presence there is laughable.  We in the USA have some laws about freedoms and rights, yet while there are groups who oppose oppression of women and allow them to drive and vote, the mid-eastern kingdoms have more concern about a fly than our anti-discrimination laws.

Mark Twain (Samuel Clemens) was a brilliant writer and cynic and political satirist in the 1800s.  He wrote (supposedly) that in a town too small to support one lawyer, two will live quite nicely.  I think there will be a LOT of lawyers' fees generated over this one.  Even a non-lawyer like myself can see obvious contradictions in this first attempt at a law to give enormous protection to EU citizens (but not all citizens of this planet.)  One comment I read was it seems that the provisions of this law were collected during an afternoon and all night drinking session in which people yelled out ideas that seemed good but hadin't been vetted for legality, possible enforcement, or even the standard to be used to judge compliance.

I'll see if our legal and privacy office has a reaction to the web site.

Oh, one last Mark Twain quote.  If one wishes to stay out of trouble, stay at home.  In bed.  Alone.


Offline Weather Display

  • Posts: 84,183
  • Davis VP2
  • New Zealand
  • OS/Browser:
  • Win NT 10.0
  • Chrome 66.0.3359.139
    • Weather Display
Re: GDPR
« Reply #29 on: May 21, 2018, 07:16:24 PM »
someone made this comment to me:
Quote
For freeware, you need opt-in consent. For payware, you have a contract, no explicit consent required, and no GDPR. Contract laws take over, and usually require you to keep (a lot of) data anyway.

 

cumulus