May 2018 archive
It's hard not to have noticed that this month was when the GDPR's rubber met the road. I especially like the notices some companies have sent saying I'd better review their terms or else they'll have to stop sending me emails trying to sell me stuff.
The GDPR reads like it was intended to make you—no matter how liberal and/or privacy-minded you are—agree with every conservative in the USA who thinks the EU is the epitome of bureaucratic hell. One cannot help but sympathize with any company that has to figure out what the GDPR even says. Anything that makes me feel sympathy for Facebook, even if only for a moment, makes me want to scream.
The GDPR implores controllers (entities responsible for how personal data is processed) to communicate with data subjects (people) "in a concise, transparent, intelligible and easily accessible form". To that end, the GDPR sets a fine example. Nothing says "concise, transparent, intelligible" better than, say, the GDPR's 97th whereas paragraph (out of 173):
Where the processing is carried out by a public authority, except for courts or independent judicial authorities when acting in their judicial capacity, where, in the private sector, processing is carried out by a controller whose core activities consist of processing operations that require regular and systematic monitoring of the data subjects on a large scale, or where the core activities of the controller or the processor consist of processing on a large scale of special categories of personal data and data relating to criminal convictions and offences, a person with expert knowledge of data protection law and practices should assist the controller or processor to monitor internal compliance with this Regulation. In the private sector, the core activities of a controller relate to its primary activities and do not relate to the processing of personal data as ancillary activities. The necessary level of expert knowledge should be determined in particular according to the data processing operations carried out and the protection required for the personal data processed by the controller or the processor. Such data protection officers, whether or not they are an employee of the controller, should be in a position to perform their duties and tasks in an independent manner.I get that there are real problems the GDPR seeks to address. But does the remedy have to be expressed in a document that sucks the life out of you to read it?
As to whether the GDPR applies to this meager, non‑commercial, cookie‑free, based-in-the-USA blog: I don't think so.
California is having a primary election next month. This person wants to represent my district. Screenshot excerpt (red quote marks mine):
dog & water & power.