What do you think about GDPR?

Discussion in 'Programming' started by WizardOzz, Jul 3, 2018.

  1. What do you think about GDPR in the context of software development? Are this changes for good?
  2. Yes, I do agree with the GDPR. Before we had the GDPR, companies were literally going on a battle in trying to get as much information from people as possible, because why not. I find it extremely disrespectful how those companies were dealing and I'm happy to see there are now regulations in place that should stop this behavior.

    However, some parts of the GDPR are also a little too extreme.
  3. what parts of GDPR do you mean (a little too extreme)?
  4. Well, for one; when you have a job and you stay home for a day, maybe a few days, your employer is no longer allowed why you're staying home. All he needs to know is that you're ill. He's not allowed to ask you what kind of illness you have. In my opinion that goes a little far and it's too extreme; surely you'd like to know how long your employee is going to stay out of work? It's impossible to run a business without knowing the availability of your own staff.

    Another example which actually happened recently in with someone I know (though I'm not fully sure if it's a GDPR thing, could just be retarded Dutch privacy). So, someone got stabbed somewhere on the road, or something similar. The went to court and they were questioning whether the guy was guilty or not (whether he actually stabbed the other person). The entire damn thing was recorded on someone's personal home security camera. Pretty easy right? It got captured on video, he's as guilty as could be. But wait, here comes the glorious, absolutely retarded Dutch privacy law: That personal security camera had no permission to record that criminal, and for that reason the oh so freaking dead hard evidence may not be used as evidence to protect the damn privacy of someone who almost killed another man for no reason. It's been a few weeks now, and last time I heard he was still walking around free on the streets because "there is not enough evidence". Idiotic. 2018 never seizes to amaze me, nor does this absolutely retarded country.

    Well that was more of a rant than I expected.
    • Like Like x 1
    • Agree Agree x 1
    • Winner Winner x 1
  5. joehot200


    My aunt, who runs a hairdresser's, has got to constantly annoy her existing customers to sign for consent, just so that she can keep paper files on what their preferences of hair styles are. My aunt also has to delete this information in a year if they don't sign something again. Such a task is practically impossible even when the paper-based system is a small hairdressers with about 500 regular clients.

    And if you say "use a digital system", sure, but then GDPR is forcing my aunt to use a digital system for no other practical reason than to comply with the law.

    The point of my example is simple: A GDPR-Like regulation is necessary, however GDPR has been too strict and is affecting too many legitimate businesses. Asshole businesses will always be asshole businesses, however good buisnesses should be encouraged and helped to grow, rather than being held back unnecessarily by the law.
    • Like Like x 1
  6. I'm going to leave the burden of proof with you because this sounds way too much of an oversight. By doing a quick scan (https://edps.europa.eu/data-protection/data-protection/reference-library/video-surveillance_en https://netwatchsystem.com/blog/cctv-gdpr-data-protection/ ) I can see that while there are stipulations to recording someone, like only recording the minimum required information, notifying someone that there is CCTV on premises (not sure how this fairs on private housing seeing as it is not a public building hence my not require the same laws as a location that allows people to come and go frequently), and data retention (I'm sure if the assaulter asked for a copy of the tape, or their lawyer did then there wouldn't be much issue in handing a copy over). Like if you could show an actual example then that would nullify this argument.

    So yes and no on this. Finding hard to find concrete information on this topic, but seems to refer back to the "minimum required information" part. Can employees consent to sharing health information? yeah. Do they have to? Doesn't seem so. From what it seems that either employers manually add in provisions about health information or a case of, if the person is gone beyond a reasonable amount of time for sickness, they will be permitted to attain the health information through other legal ways, hence not by contacting the individual directly.

    Not trying to contradict your argument fully, just trying to get more info because GDPR seems very interesting since on the individual end it's great but a headache for businesses. Also I do believe the Dutch have extra security precautions on top of this that seem more harsh and invasive.
    • Like Like x 1
  7. What's troubling to me is that it's very unclear what specifically is required. In the page about 'privacy by design', they list "Minimize the amount of collected data" as an item (supposedly to be achieved to be in compliance with the law).

    What's the minimum amount of data? Who decides that? Is it dependent on context? I'd hope so!

    Can any site just 'do an end run around' the law by requiring their users to agree to allow them to collect whatever data they collect now or that they've already collected? If so, that seems like it'd be likely as helpful as current terms of service.

    Another item mentioned is "Where possible, pseudonymize personal data.". What's a practical example of that?

    Yet another item – "Don’t enable social media sharing by default.". Is the thinking that users shouldn't be able to share something via social media without first explicitly enabling that option? That just seem unfriendly. Or is the idea that doing so protects someone from doing so accidentally? This seems a lot like the 'cookie law', itself an annoying mandated nagging that probably backfired (because everyone was effectively trained to just do whatever necessary to get rid of the corresponding notification on every site they visited).
    It's a very complicated and "raw" theme. There are a lot of articles about GDPR. Here is one of them Maybe it will clarify some points for you.