TFW you follow a link to an article about Amazon Echo sending audio of recorded conversations to someone's friends, but you cannot get to the information about that serious privacy breach because:

@deadsuperhero For many non-EU companies, this is the only approach that is actually compliant. A lot of companies fake the compliance without being able to guarantee that all of their processors are compliant and without DPAs with every single one. Welcome to the nightmare of one region trying to regulate the entire world!

@raucao @deadsuperhero Obviously the answer here, is if they cannot account for what is happening to user data, they probably should stop whatever they are doing.

You keep assigning blame in the wrong direction, IMO. Yes the GDPR is a problem for businesses - but it's a problem the industry created for itself and it needs fixing.

@HerraBRE @deadsuperhero It's not about being able to account for anything. That's my point. It's only about being able to guarantee compliance with one specific regulation one economic zone. I suspect this is not even an accident and the EU intentionally tries to cut ties between its companies and foreign companies, in order to boost EU ones by giving them more business.

@HerraBRE @deadsuperhero The main issue is with your compliance being null and void if only a single one of your processors' processors is not compliant. Which is only possible if all of their processors is compliant, independent of if they actually process any of the original controllers user data.

@HerraBRE @deadsuperhero Sorry for my bad typos. I'm on painkillers from my bicycle accident earlier this week. :/

@raucao @deadsuperhero You keep saying stuff, but all I hear is sympathy for organizations that take personal data and throw it into a "processing machine" that they don't fully understand.

I know I'm a wide-eyed idealist about this, but I want them to stop doing that. If the red tape makes it unworkable, that's a feature.

But you're probably right about ulterior motives. I'm sure the EU is also hoping this will level the playing field a bit for EU based businesses. Politicians gonna politick.

@HerraBRE @deadsuperhero No, I have zero sympathy for them, and my argument is in no way a defense for that behavior. But I as a person want to be allowed make my own decisions about that, and from all the businesses I work with and on, I can just see what a trainwreck this is. The main offenders are not changing anything, and as demonstrated earlier, the truly evil companies are able to collect this data legally and without consent.

What would be the alternative? No regulation at all? Isn't it normal in many areas? You also have some rules for food security in Europe, if you want to sell your food here you have to comply. Same in any other direction. Or vehicles has to fulfill some requirements as well in all countries and as a manufacturer you can only sell in a country if you fulfill the requirements. Why should it be different when it comes to personal data?
Cc @deadsuperhero

Sign in to participate in the conversation

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!