July 10, 2018 at 10:26 am
Could we leave the politics out of this. Whether you like the EU Parliment, US Congress, reps, etc., that's not relevant to the idea of adhering to or dealing with the legislation. We could certainly discuss whether we think it's a good idea to have rights to privacy, etc..
Personally, I think HIPAA in the US is good. It's provided data protection for me and limitations for companies for selling/sharing data. I know when someone wants to share my data, or it moves between providers, which I prefer. I'd be less happy if doctors were selling my data as a revenue stream to phrama companies, retail drug companies, etc.
July 10, 2018 at 1:29 pm
djessopeng - Monday, July 9, 2018 5:23 PMAnything that emanates fro the EU should be avoided like the plague. It is a corrupt controlling organisation that would have us subjected to the undemocratic control of a few unelected bureaucrats only interested in their own evil ends.xsevensinzx - Monday, July 9, 2018 3:41 PMThis will impact the advertising and even the BI sector a bit. Getting down to the user is pretty insightful.
Found the Brit
-------------------------------------------------------------------------------------------------------------------------------------
Please follow Best Practices For Posting On Forums to receive quicker and higher quality responses
July 10, 2018 at 3:12 pm
Steve Jones - SSC Editor - Tuesday, July 10, 2018 10:26 AMCould we leave the politics out of this. Whether you like the EU Parliment, US Congress, reps, etc., that's not relevant to the idea of adhering to or dealing with the legislation. We could certainly discuss whether we think it's a good idea to have rights to privacy, etc..Personally, I think HIPAA in the US is good. It's provided data protection for me and limitations for companies for selling/sharing data. I know when someone wants to share my data, or it moves between providers, which I prefer. I'd be less happy if doctors were selling my data as a revenue stream to phrama companies, retail drug companies, etc.
Careful Steve - what used to be true has been weakened substantially in recent years. There are unfortunately a number of holes htat have opened up, most notably by a number of federal initiatives (notably under the previous administration). The state run registers (for any number of conditions determined by each state DOH) give much more broad access than you will ever know to your data, and does NOT disclose it.
Hopefully you're in perfect health and not on any of those registers. If you are - those pharma's already have access *for free* simply by expressing interest in those particular medical conditions.
----------------------------------------------------------------------------------
Your lack of planning does not constitute an emergency on my part...unless you're my manager...or a director and above...or a really loud-spoken end-user..All right - what was my emergency again?
July 11, 2018 at 7:25 am
I believe it's way past time that digital companies were held to the same standards as other corporate entities and public institutions. The way it works now, information like medical symptoms and history you provide to your physician or while researching in a public library is considered private, but when the same information is provided (inadvertently without expressed intend) to Google, FaceBook, or your ISP during a web search, it can be archived, correlated, and sold to third parties.
I'm asserting that the 'Library Bill of Rights', or an equivalent new law, should be extended to cover not just public libraries but also corporate entities.
http://www.ala.org/advocacy/intfreedom/librarybill/interpretations/privacy
.. In a library (physical or virtual), the right to privacy is the right to open inquiry without having the subject of one’s interest examined or scrutinized by others. Confidentiality exists when a library is in possession of personally identifiable information about users and keeps that information private on their behalf.55Confidentiality extends to “information sought or received and resources consulted, borrowed, acquired or transmitted” (ALA Code of EthicsALA Code of Ethics), including, but not limited to: database search records, reference questions and interviews, circulation records, interlibrary loan records, information about materials downloaded or placed on “hold” or “reserve,” and other personally identifiable information about uses of library materials, programs, facilities, or services. ..
"Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho
July 11, 2018 at 8:25 am
Eric M Russell - Wednesday, July 11, 2018 7:25 AMI believe it's way past time that digital companies were held to the same standards as other corporate entities and public institutions. The way it works now, information like medical symptoms and history you provide to your physician or while researching in a public library is considered private, but when the same information is provided (inadvertently without expressed intend) to Google, FaceBook, or your ISP during a web search, it can be archived, correlated, and sold to third parties.I'm asserting that the 'Library Bill of Rights', or an equivalent new law, should be extended to cover not just public libraries but also corporate entities.
http://www.ala.org/advocacy/intfreedom/librarybill/interpretations/privacy
.. In a library (physical or virtual), the right to privacy is the right to open inquiry without having the subject of one’s interest examined or scrutinized by others. Confidentiality exists when a library is in possession of personally identifiable information about users and keeps that information private on their behalf.55Confidentiality extends to “information sought or received and resources consulted, borrowed, acquired or transmitted†(ALA Code of EthicsALA Code of Ethics), including, but not limited to: database search records, reference questions and interviews, circulation records, interlibrary loan records, information about materials downloaded or placed on “hold†or “reserve,†and other personally identifiable information about uses of library materials, programs, facilities, or services. ..
I cannot agree more with the principles here. The example of a library is great if for no other reason than people have trouble with abstract concepts (digital, internet, ftp, etc.) and more easily understand concrete things (bridges, buildings, library).
When I read the privacy notes contained within or from FIPPS, ACM, GDPR, FOIA, and DHS the devil is in the details. Implementation is key. That is what I look forward to in GDPR - even if it does not work it may help inch us closer to the goals and principles of privacy - both real life and digital.
July 11, 2018 at 10:03 am
Jeff Mlakar - Wednesday, July 11, 2018 8:25 AMI cannot agree more with the principles here. The example of a library is great if for no other reason than people have trouble with abstract concepts (digital, internet, ftp, etc.) and more easily understand concrete things (bridges, buildings, library).When I read the privacy notes contained within or from FIPPS, ACM, GDPR, FOIA, and DHS the devil is in the details. Implementation is key. That is what I look forward to in GDPR - even if it does not work it may help inch us closer to the goals and principles of privacy - both real life and digital.
The Library Bill of Rights recognizes that there is a right to privacy and that free inquiry and thought is a liberty worth protecting from government oppression. I believe the same concept could equally apply to monopolistic corporate entities like internet service providers or Google who act as an intermediary between citizens engaging in day to day activity or social interactions where there is an expectation of privacy. It's also worth mentioning that the government also has proxy access to the data warehouses accumulated by corporations, whether it be for active criminal prosecution or just passive surveillance.
"Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho
July 17, 2018 at 1:33 am
I've read through the GDPR several times. From the perspective of a data person it boils down to treating your customers with some respect and adopting data disciplines that you should be using already.
One thing I have noticed with anything that advocates disciplines is that certain groups push against those disciplines very hard. When placed under scrutiny those groups seem to have a lackadaisical attitude to disciplines per se, not just in the area that has caused them to protest. One of the most perceptive observations I have heard in IT is that each subject area in IT tends to be a microcosm of the whole and representative of the parts. If your DB design is OK but a bit scruffy around the edges then your network will be OK but a bit scruffy around the edges, your app code will be OK but a bit scruffy around the edges and your IT processes will be OK but a bit scruffy around the edges.
Of course, if you are looking at the application code and thinking "what is this abomination?" then it cuts the other way as well.
July 17, 2018 at 6:44 am
David.Poole - Tuesday, July 17, 2018 1:33 AMI've read through the GDPR several times. From the perspective of a data person it boils down to treating your customers with some respect and adopting data disciplines that you should be using already.
This struck me because it's so very true and, yet, there are a whole lot of idiots out there that don't actually give a damn either because they're a worker just trying to erg out a living and will do what their boss tells them to do, they're ignorant, they're greedy (there's dollars in the data and they don't care about people), or they actually have a DILAGAF attitude towards the protection of PII.
I did some temp work for a company that needed some help with performance. Once of the things that I couldn't help but notice was that they used clear text SSNs as the primary and alternate keys in a majority of their tables. When I confronted them with that fact, they "compliance officer" stated that the Social Security Administration doesn't actually require for SSNs to be anything other than clear text and certainly doesn't require them to be encrypted. She also instead that her systems were 100% impenetrable and, yet, here I am... a visitor with privs to see all the data and no one did any kind of background check on me at all.
I suggested that she prove her faith and goodwill in the system by entering her own data in the system. Of course, she refused. 😉
Just yesterday, I saw yet another post on this site that used SSNs in clear text . It's not an infrequent thing to come across such posts. Ironically, some of the posts are by people that are supposedly working on HIPAA-compliant systems. So much for that bloody idea.
I've been on the national "do not call/solicit" list for years. Yeah... that doesn't work, either.
I loath the idea of GDPR not because of the royal PITA that it is but because such things have actually become necessary. The world of IT has failed for all the reasons in the first paragraph of this rant. The other reason why I loath GDPR is because it's actually not going to fix the problem. Yeah, it makes it possible to sue the hell out of non-compliant companies and that's an easy way to "get rich quick" for another set of greedy bastards, but it's not actually going to fix problems like identity theft, unwanted SPAM, unwanted calls, etc, etc, etc.
--Jeff Moden
Change is inevitable... Change for the better is not.
July 17, 2018 at 7:22 am
I don't know exactly what impact GDPR will have on FaceBook (The Great Satan) or other companies like Cambridge Analytica (The Spawn Of Satan), but I hope it will be a profound impact.
"Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho
July 17, 2018 at 7:46 am
Reading through this topic, it's interesting to see the viewpoints...
Leaving aside the fact that GDPR, like so many other pieces of government legislation seems like a case of the politicians creating it and passing it in response to the latest outrage dujour (the "we must be seen to be doing *something* about this!" mindset,) as Jeff said, it's not going to actually work as advertised.
Now, do I think people should have a say (and ideally, complete control) over how their "internet persona information" is used. My attitude tends more towards, if Facebook (pulling a name out of a hat) wants to use my information that they've gleaned in whatever manner to make money for their company, then I want *my* cut of that money. If I sign up to take part in a medical trial for some new diet drug or hair growth drug or whatever, I get *paid* at the end of it. So why shouldn't I get paid by these companies that are using my information, often without my knowledge or consent?
And before anyone says "but you agreed to letting FB use your information when you signed up," that's one of the reasons why I'm not on FB. BUT come to find out, any site that has one of those FB "Like" buttons? Yeah, it gets used to track you even if you don't click it. So where's the EULA that I agreed to there? If it weren't for the fact that my wife does use FB, I'd add *.facebook.* to my DNS and point it to 127.0.0.1... Just blackhole the site...
Do other companies also gobble up and use my information? Absolutely. I have an Android-based phone, so I know Google is slurping up data about me all the time. I use Google to search the web, same thing. Right now, it's hard to get away from being slurped...
GDPR isn't going to change any of that. The companies will find ways to weasel around or out from under the requirements (FB: Oh, we don't have any presence in the EU anymore, all our servers are on a special-purpose freighter that never leaves international waters, and the freighter is registered in SeaLand.) They'll make the process to get your data removed so convoluted and annoying that most people will just give up (Did you know, if you delete your FB account, they actually keep it around for something like a month. If at any time you go back on FB during that period, your account delete is cancelled. Wonder how many people deleted their accounts, intentionally or accidently went on the FB site, and now their accounts are still there, still active...)
(Yes, I'm cynical, and not even an old man...)
July 17, 2018 at 8:05 am
jasona.work - Tuesday, July 17, 2018 7:46 AMReading through this topic, it's interesting to see the viewpoints...Leaving aside the fact that GDPR, like so many other pieces of government legislation seems like a case of the politicians creating it and passing it in response to the latest outrage dujour (the "we must be seen to be doing *something* about this!" mindset,) as Jeff said, it's not going to actually work as advertised.
Now, do I think people should have a say (and ideally, complete control) over how their "internet persona information" is used. My attitude tends more towards, if Facebook (pulling a name out of a hat) wants to use my information that they've gleaned in whatever manner to make money for their company, then I want *my* cut of that money. If I sign up to take part in a medical trial for some new diet drug or hair growth drug or whatever, I get *paid* at the end of it. So why shouldn't I get paid by these companies that are using my information, often without my knowledge or consent?
And before anyone says "but you agreed to letting FB use your information when you signed up," that's one of the reasons why I'm not on FB. BUT come to find out, any site that has one of those FB "Like" buttons? Yeah, it gets used to track you even if you don't click it. So where's the EULA that I agreed to there? If it weren't for the fact that my wife does use FB, I'd add *.facebook.* to my DNS and point it to 127.0.0.1... Just blackhole the site...
Do other companies also gobble up and use my information? Absolutely. I have an Android-based phone, so I know Google is slurping up data about me all the time. I use Google to search the web, same thing. Right now, it's hard to get away from being slurped...
GDPR isn't going to change any of that. The companies will find ways to weasel around or out from under the requirements (FB: Oh, we don't have any presence in the EU anymore, all our servers are on a special-purpose freighter that never leaves international waters, and the freighter is registered in SeaLand.) They'll make the process to get your data removed so convoluted and annoying that most people will just give up (Did you know, if you delete your FB account, they actually keep it around for something like a month. If at any time you go back on FB during that period, your account delete is cancelled. Wonder how many people deleted their accounts, intentionally or accidently went on the FB site, and now their accounts are still there, still active...)
(Yes, I'm cynical, and not even an old man...)
July 17, 2018 at 8:08 am
jasona.work - Tuesday, July 17, 2018 7:46 AMReading through this topic, it's interesting to see the viewpoints...Leaving aside the fact that GDPR, like so many other pieces of government legislation seems like a case of the politicians creating it and passing it in response to the latest outrage dujour (the "we must be seen to be doing *something* about this!" mindset,) as Jeff said, it's not going to actually work as advertised.
Now, do I think people should have a say (and ideally, complete control) over how their "internet persona information" is used. My attitude tends more towards, if Facebook (pulling a name out of a hat) wants to use my information that they've gleaned in whatever manner to make money for their company, then I want *my* cut of that money. If I sign up to take part in a medical trial for some new diet drug or hair growth drug or whatever, I get *paid* at the end of it. So why shouldn't I get paid by these companies that are using my information, often without my knowledge or consent?
And before anyone says "but you agreed to letting FB use your information when you signed up," that's one of the reasons why I'm not on FB. BUT come to find out, any site that has one of those FB "Like" buttons? Yeah, it gets used to track you even if you don't click it. So where's the EULA that I agreed to there? If it weren't for the fact that my wife does use FB, I'd add *.facebook.* to my DNS and point it to 127.0.0.1... Just blackhole the site...
Do other companies also gobble up and use my information? Absolutely. I have an Android-based phone, so I know Google is slurping up data about me all the time. I use Google to search the web, same thing. Right now, it's hard to get away from being slurped...
GDPR isn't going to change any of that. The companies will find ways to weasel around or out from under the requirements (FB: Oh, we don't have any presence in the EU anymore, all our servers are on a special-purpose freighter that never leaves international waters, and the freighter is registered in SeaLand.) They'll make the process to get your data removed so convoluted and annoying that most people will just give up (Did you know, if you delete your FB account, they actually keep it around for something like a month. If at any time you go back on FB during that period, your account delete is cancelled. Wonder how many people deleted their accounts, intentionally or accidently went on the FB site, and now their accounts are still there, still active...)
(Yes, I'm cynical, and not even an old man...)
On the subject of the Facebook buttons, you should see what companies like Double-Click.net capture about people without their knowledge (I used to work for a company that processed all their "spot-light pixel" data). They may not capture what people typically associate with PII, but the information they do collect could be used to eventually trace back to individuals. And all this stuff that's come up where sites are now using a popup to explain that they use cookies, etc? Yeah... that's their way of saying (and some actually do come out and say it) that their going to use your data in whatever way they want and if you don't want that, then don't use their site. Even the Microsoft tool that examines your system for upgrades and migrations sends a report to MS whether you like it or not. If you use the tool, it sends the info and the only choice is to not actually use the tool. As a result, I "winged it" for our migration to SQL Server 2016.
It's going to be difficult for me to give up the bloody internet because that's the way it has always been and always will be. "Usage Information" and "Preference Information" has high dollar value and is the only way that some sites can actually stay in business. I don't mind totally anonymous non-PII methods that do that but that's usually not the case. I'm even getting personalized SPAM from companies I never heard of simply because of my LinkedIn profile.... they have my damned email address in plain text!!!
--Jeff Moden
Change is inevitable... Change for the better is not.
July 17, 2018 at 8:10 am
Jason A. Long - Tuesday, July 17, 2018 8:05 AMjasona.work - Tuesday, July 17, 2018 7:46 AMReading through this topic, it's interesting to see the viewpoints...Leaving aside the fact that GDPR, like so many other pieces of government legislation seems like a case of the politicians creating it and passing it in response to the latest outrage dujour (the "we must be seen to be doing *something* about this!" mindset,) as Jeff said, it's not going to actually work as advertised.
Now, do I think people should have a say (and ideally, complete control) over how their "internet persona information" is used. My attitude tends more towards, if Facebook (pulling a name out of a hat) wants to use my information that they've gleaned in whatever manner to make money for their company, then I want *my* cut of that money. If I sign up to take part in a medical trial for some new diet drug or hair growth drug or whatever, I get *paid* at the end of it. So why shouldn't I get paid by these companies that are using my information, often without my knowledge or consent?
And before anyone says "but you agreed to letting FB use your information when you signed up," that's one of the reasons why I'm not on FB. BUT come to find out, any site that has one of those FB "Like" buttons? Yeah, it gets used to track you even if you don't click it. So where's the EULA that I agreed to there? If it weren't for the fact that my wife does use FB, I'd add *.facebook.* to my DNS and point it to 127.0.0.1... Just blackhole the site...
Do other companies also gobble up and use my information? Absolutely. I have an Android-based phone, so I know Google is slurping up data about me all the time. I use Google to search the web, same thing. Right now, it's hard to get away from being slurped...
GDPR isn't going to change any of that. The companies will find ways to weasel around or out from under the requirements (FB: Oh, we don't have any presence in the EU anymore, all our servers are on a special-purpose freighter that never leaves international waters, and the freighter is registered in SeaLand.) They'll make the process to get your data removed so convoluted and annoying that most people will just give up (Did you know, if you delete your FB account, they actually keep it around for something like a month. If at any time you go back on FB during that period, your account delete is cancelled. Wonder how many people deleted their accounts, intentionally or accidently went on the FB site, and now their accounts are still there, still active...)
(Yes, I'm cynical, and not even an old man...)
Truer words never spoken. I wonder how many people actually get that?
--Jeff Moden
Change is inevitable... Change for the better is not.
July 17, 2018 at 8:18 am
As a fun bit of contrast, which also seems to be correct... i.e. "Free with advertising"...
https://www.techdirt.com/articles/20121219/18272921446/stop-saying-if-youre-not-paying-youre-product.shtml
--Jeff Moden
Change is inevitable... Change for the better is not.
July 17, 2018 at 9:32 am
Here is how your FaceBook data is being used. Bribes, spies, sex workers, and political campaign manipulation: FaceBook users didn't sign up for this.
https://www.youtube.com/watch?v=mpbeOCKZFfQ
OK, maybe it's not FaceBook misusing the data but rather one of their rogue clients, but the bottom line is that due to FaceBook's core business model, they have no control over their data. Without government regulation, your data could end up anywhere. Companies have to be told how data can be acquired, used, and secured for essentially the same reason that manufacturers have to be told where and how to dump their industrial waste or else it will just end up in the river.
"Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho
Viewing 15 posts - 16 through 30 (of 53 total)
You must be logged in to reply to this topic. Login to reply