since this is the Guardian you might be interested …
Google is to move the data and user accounts of its British users from the EU to the US, placing them outside the strong privacy protections offered by European regulators.
The shift, prompted by Britain’s exit from the EU, will leave the sensitive personal information of tens of millions not covered by Europe’s world-leading General Data Protection Regulation (GDPR) and therefore with less protection and within easier reach of British law enforcement.
Google intends to require its British users to acknowledge new terms of service including the new jurisdiction, according to people familiar with the plans.
GDPR and security ISO standard sound great, but after a major database is hscked and private data goes out in the wild all the “security” is worth zero.
I like to keep my data safe away from the cloud except my private cloud, safety depends on the user also what sites he visits softwre etc, better to teach users how to be safe then to tell them they have legal options in case of a hack.
No thank you after a hack legal options or no legal options It all sound really the same to me.
I have the impression you misunderstand GDPR: It is not about protecting the data that already is in a database or to be able to punish someone stealing it.
GDPR gives users the right to decide what data is allowed to enter databases. It allows severe punishment of companies that do collect data without user consent and it allows severe punishment of companies that do not follow security processes to protect the data they store - before anything happens.
E.g.: Huge fine for Provider 1&1 for not putting measures to protect customer data in place (before anything got stolen), me complaining about a private company that uses my data to send me ads without my explicit consent - didn’t have to pay, but had to take measures it would not happen again to any of their customers and will be fined on next issue.
I absolutely agree that the best way to protect oneself is to not store data outside resources oneself fully controls. It cannot be done by anybody, because one needs to have some knowledge, but it is the best way and what I do.
The GDPR is really strong at controlling what data can be collected about you without your help or knowing: Thanks GDPR - nearly none!
We have already incorporated GDPR as part of our national law - this is how EU directives work. There’s a central mandate which gets hammered out, then each member state makes their own law implementing it (in the case of Airstrip One, it was called the “Data Protection Act 2018”).
I imagine that the real motive here is for Google to start testing how much they can get away with on what is now a relatively insignificant little country and not a gigantic part of the developed world’s economy.
I have not I probably explained it in a bad way since I did not care too much to read it since it means I need to trust that certain company will follow certain rules and not break them, after many data leaks its pointless.
Take for example the right to be forgotten part of GDPR, delete something from certain company data etc, even if the company follows the rules, how do I know that their databases was not shared or even certain public information were never recorded by some online archive website, even if they delete I was ever user for example some post I posted somewhere might exits and making the right to be forgotten have zero value.
for me GDPR is zero is just a legal promises that companies can be trusted to do the right thing.
well sadly in the past after many data leaks I don’t believe that can be true.
Give companies the least amount of data points for you and you will be safe, GDPR is just a promise to make customers feel safer, not a 100% sure guarantee that you cannot get your data stolen or abused by someone.
If you mean Purism by WE that is good might make people feels safer, but I would trust Purism more then lets say Facebook even if Facebook has a GDPR and Purism doesn’t have it, Facebook can get all the certificates they want but after all the “mistakes” I will never trust them (only have empty account to prevent someone from opening account in my name and contacting people I know as me, also everyone knows I don’t do social m.).
even if the company pays a penalty your data will remain stolen it is like spilling oil in the ocean and paying a fine, ocean will still have oil, maybe not the best comparison, but once data is stolen you cannot get it back.
Correct. GDPR defines the right to do so and fines companies who hinder you using services because you reject giving out unnecessary data.
GDPR also gives you legal control over the data you need to share to have business with companies (order online, take part in this forum, etc. pp).
GDPR severely fines companies collecting data about customers without explicit consent (talking about the data you didn’t give to them consciously, but you generated by being out here ).
GDPR pressures companies not to loose the data you had to share like mentioned above.
Short: If you use electronic communication you generate data. If you order electronically you have to give away some of your personal data. If you are not willing to stop doing so GDPR is good for you, because it protects this data.
And again: Yes, do not give data away without real need.
Just one simple example - because of GDPR the old model of past job referals is not possible anymore. As you cannot tell anyone anything about your past employee without employee’s consent of what exactly you will be telling about him.
But yes, for most common people gdpr is just annoying banner prompting for action spoiling their convenient surfing the internet
well in germany and my home country where I am resident citizen, as far as I know banks cannot ask that only govm can check and if in case and if needed they can check or ask you, usually I pay my taxed and I never had anyone even banks asking me questions like that, not sure they can do it in germany.
Legal cover only means you can ask money for damage done (if you get it after many years + lawyers fees) and it means in case of mistake company can pay penalty to the state or gov or whatever, but again your data is stolen and after that whatever you do nothing will change that your data is online or some web hacker site.
It depends how much money the company will make from the data and data collector companies are ready to pay that money from start.
Don’t agree with this 100% since I tested it on Linkedin and few other professional social media groups,
One of this work social media (name is not important) companies has shared my work email with marketing companies (even when they have GDPR) after that it happened to my GF I then took it personally, I opened new email aliaes that no one except me my cousin my lawyer and my other cousin the security and the social media work company where I had the account (the email was the username), the account email was private I never msg anyone never used the email anywhere. I repeated this few times, every time within one week email ended up on a marketing database and people emailed me about sales, I had a security ISO certified person confirm that I have only been using security network and we gave the data to the social media company they said we don’t care we filed a lawsuit, court said I cannot prove they did it they have all ISO and security certificates so they are 100% legally safe and I cannot ask for compensation if they I cannot prove they did it.
explanation was I did not record every second of my 2 weeks and I could have used the email in a public coffee shop and since I cannot prove I did not do it it was my mistake email was shared not companies.
After 10 hours wasted I payed the legal fee and lost the case. I even offered to hire outside people and take 1 week work break and have a camera record me 24x for the court, but the company said then the mistake is probably that I use unsecure OS Fedora and not their secure and recommended WIndows 10 with all updates and recommended anti virus, they offered to give me some free marketing credits in order not to go with lega option again. Hence my GDPR experience in practice and social media company, I know GDPR= zero.
Legal agreements are always left with room for interpretation in order to also protect the company, FYI.
DHL for Germany offers PO box number where you can receive shipments, or with certain vendors you can add addressees of the postal office and code, and with the code you can pick it up. I also order tech to be delivered at the office building that has 100 offices from 10 companies, with lots of people 1,000+
In Germany and in my town and in my case my bill for electricity, internet cable etc, is address to the company I rent the room / apartment / house from so my name is not on the electric bill.
DHL also offers PO Box for secondary bank account. Banks in Germany offer the option for privacy protection to have a PO Box address as long as they can check and verify your primary address, I use the secondary address and that credit card online, my primary bank account and related card has no online payment.
Also passports and ID Card from certain states like Germany have no addresses on them or the PERSONAL ID NUMBER (in some countries personal ID number is the same with the social security number), they need to be scanned with special machine like police has to get that data.
Their should be more like awareness “education” or “traning” about sharing stuff online, but who will use facebok then right?
IF your personal ID state number gets stolen it is the same like my analogy with the oil in ocean.
You can change home address but not your personal ID state number, right?
it turns out they can … and refusing to conduct the money transfer AFTER they checked the bills UNLESS you provide them a legally binding document that attests the source of the money … witnessed personally in 2020 after the person in question was required to sign a form that asked “are you politically exposed ?”
I home country and as far as I know Germany as nothing like it, only govrment check that not the banks.
But different countries different rules, so I cannot comment on something I don’t know. sounds very “big brother”.
i mean to say that if your bank has it … then your government can DEMAND that at any time … with or without a court order … turns out it’s mostly without according to what Snowden said
if it’s intercepted in transit then even more governments/entities have it … which is even worse
I have no comment since different countries have different rules, but I will probably not give a confidential contract to a bank or whomever since contracts contain details that someone can maybe use for personal gain.
for examples when I was in Israel many years ago for the first time to visit friends I did not know it was illegal to drive a car without AC (air condition unit) it is mostly a safety law but still a law that is not in Europe anywhere.
if you think about it … the id card is also a “contract” of sorts between every-person and the police or whatever entity emits it … we could find many other discrepancies if we started to split hairs but this is just HUGE
well I trust my native / home govrment to protect my privacy, same for germany where I work.
I am not a constpiracy person I trust govrtm, I just like my privacy.
Most B2B deals are based on trust and most cities even some in germany recongize a handshare no paper deal, with a witness. not a topic of the discussion but my point was Confidential Contracts have the name for a reason, not sure why my not giving a hypothetical confidential contract to a hypothetical entity huge
EDIT: in my case I trust my bank and some of my friends and relatives work their (my reason for choose them over many others knowing the people in that bank) in turn trust me and don’t ask stupid stuff like contracts.
but again different countries s have different rules, cannot comment on something I don’t know about.
my point is that NO contract is based on trust ! by HUGE i meant to say that if you show your ID card at the bank or any other place similar to a bank then it’s almost the same as if you give your contract …
but yeah it’s a good idea if we stop this conversation because English is not my first language and we’ll end up not understanding each other in the end …
My bank requests IDs as any other, but only managers IDs customers and ID information is only kept in a paper archive no address in the online database of the bank. anyways it was nice talking to a security minded person.
Big companies do not care about GPDR. See the noyb process, it is going for 6years +. FB will continue in their paxis, even if they have to pay 2% of their wet income. It does not matter when still 98% are made by selling your data.
it’s better than nothing … perhaps it raises awareness for some of us …