GDPR: Four letters that put fear into firms' hearts in 2018 If dictionaries awarded an acronym of the year as well as a word, we'd put our money on it being GDPR. At the start of 2018, these four letters generally only signalled you were about to get a very smelly sales pitch, an annoying email or a "computer sez no" style excuse. But as the year progressed, a data harvesting scandal …
*I can give you many links to dictionaries that define "acronym"*
Such as the Merriam-Webster Online Dictionary?
"Acronym: a word (such as NATO, radar, or laser) formed from the initial letter or letters of each of the successive parts or major parts of a compound term
also : an abbreviation (such as FBI) formed from initial letters : initialism"
This post has been deleted by its author
"I can give you many links to dictionaries that define "acronym" "
The dictionary closest to hand doesn't have a definition of 'acronym', going from acrolith to acropolis. That's what you get for having a dictionary from 1925, I guess.
"what is your evidence for the assertion "most people..." "
Hits on Google for acronym: 143m. Hits on Google for initialism: 1.52m. There aren't 100 times as many acronyms as initialisms, so it must be that many people are using acronym for both concepts.
GDPR isn't pronounced as a word...I suspect it's actually an initialism as opposed to an acronym.
However if we move from the realms of the English language to geekery then WTF, ROFL and CUNT are called acronyms but are technically initialisms.
Of course MYSQL and SQL could be either or a hybrid.
So this boxing day everyone's a winner ha ha :)
This post has been deleted by its author
The already tired adage "if you're not paying, you're the product" has been so over-used this year it must be fit for retirement.
It may seem to get used a lot (perhaps to the point of tedium) by those who understand the implications of it, but there are far, far, too many people (mainly, I suspect, "the young") who need the message ramming home time and time again because they either don't know or don't care about their privacy enough to care.
There was a hint yesterday (yes, Christmas Day) that a 15 year old was about to take a picture of a family gathering and upload it to Snapchat or the like so I stated quite firmly that I did not give my permission for my image to be uploaded anywhere. Yes there were one or two perhaps cross faces, and no photograph was taken AFAIK; Christmas Day or not I was not going change my opinion about what I firmly do not want to happen with my likeness.
The "if you're not paying..." mantra can wait for another day, although I suspect it will be wasted until said 15 year old is about 50, by which time it will be too late anyway. With parents who cannot see any downside to social media in between, what chance do grandparents' have?
Bugger all, I fear...
"We take users privacy and security very seriously"
Has anyone ever seen some management drone say this, or does it always emerge in written form?
I suspect that the sentence is impossible to say without at the very least having to pucker up the mouth to prevent an outburst of laughter, particularly if the words "are our first priority" are added.
I would love to see someone from an errant organisation actually speak the sentence.
“And also: "We take users privacy and sercurity very seriously" after a major breach of either.
I'd like to see journos point blank refusing to print such a statement without an answer to a question as to how the company squares this with what's just happened.”
Or allow PR people to say it on video on the condition that suitable backing music will be added later. I’m torn between circus music and the Mickey Mouse club song...
We take users privacy and sercurity very seriously" after a major breach of either.
I suppose it is possible. Rules were in place that a particular person didn't follow and it was only noticed when the breach occurred (such as don't open attachments), although I'm sure there are ways to test this. Alternatively, it could have been an unknown unknown kind of data breach, which is to say they put stuff in place about they stuff they knew about and stuff which they knew they didn't know, but not stuff they don't know they don't.
There was a hint yesterday (yes, Christmas Day) that a 15 year old was about to take a picture of a family gathering and upload it to Snapchat or the like so I stated quite firmly that I did not give my permission for my image to be uploaded anywhere. Yes there were one or two perhaps cross faces, and no photograph was taken AFAIK; Christmas Day or not I was not going change my opinion about what I firmly do not want to happen with my likeness.
Well that's kind of sad indictment. Not that you didn't want your image to be uploaded, but that the 15 year old didn't think the photo of everyone around the table was worth taking because it wouldn't be uploaded to Snapchat or whatever.
The GDPR and other rumblings are the result of arrogance by Suckerberg, et. al. When an industry becomes very critical too the masses it inevitably gets scrutiny from governments. The only way to minimize the inevitable regulations is to have the ethics of a saint and guarantee your successors will even be more saintly. Otherwise, there will be regulation and is severity will be in proportion to the perceived evil the industry is committing. If you are perceived to doing evil (or could do serious evil) you get some serious regulations shoved down your throat. You can ask the healthcare industry, auto industry, or a variety of other industries how they got regulated and you will find a story similar to what the tech industry is facing now. Arrogant, unethical members of those industries coupled with some honest mistakes caused misery in some form to innocent people. Thus, the local national government stepped in to curb problems often with very similar legal frameworks. Suckerberg, et. al. thought they were immune to the normal patterns of business and government interest; they are not. Become big enough and be unethical enough, you will get governments sniffing around including the grandstanding politicians. And they have the power to act and restrict what you can do to what should have been doing anyway.
"The GDPR and other rumblings are the result of arrogance by Suckerberg, et. al."
Not really. In Europe the antecedents are the DPAs of the 1980s. It may have taken the US a few decades to realise that there's a problem but unless I missed one somewhere this is now the 3rd such Act in the UK. The current version reacts to the need to bring the penalties up to date with inflation and to make them scale with the size of the offender and to penalise the usual weaselling actions of offenders.
Yes, yes and thrice yes.
Been saying all year that most of the important stuff in GDPR was already in the DPA legislation. All they needed was to link the fines to turnover.
On the other hand I'm somewhat concerned that the much heralded portability rights will backfire.
Used to work for life assurance companies and your competitors could find out a lot about your products from the personal data you retain vs what you discard.
It'd probably result in you having to keep even more customer data to help mask the really useful stuff
Trying to link GDPR to the large US social media organisations misses the reality of organisations in the UK (I’m less familiar with breaches within other European countries).
TheReg has had stories on many of the smaller cases that the ICO has handled and the reality is that the UK is a long way away from GDPR breaches being a common occurrence. While the increases in fines will help larger private sector organisations focus a little more, the public sector and smaller private sector organisations will take longer to improve. Years longer unfortunately.
WTF is going on with this "Integrity Initiative" thing?https://www.zerohedge.com/news/2018-12-25/inside-temple-covert-propaganda-integrity-initiative-uks-scandalous-information-war ... Anonymous Coward
Quite a bit more than just desperate shenanigans, AC, but it is not proving itself all seeing and almighty and that is surely problematical and invites both opposition and competition from more than just earlier established spooky forces and sources both at home and from abroad.
Imagine it as a bastard child without a caring family and one gets a flavour of the operation?
Interesting thought exercise, if, by means of automatically inferred location data, a company targets you for special offers via adverts, could you argue that the decision making process harms another person by virtue of them not meeting the criteria, and therefore the decision made automatically and with no oversight, isn't permitted under GDPR?
Could kill off the entire targeted ads business once and for all
This is a missed opportunity. GDPR should have stated minimum requirement for regulators staff based on the actual number of users managed by companies based on their territory - it would have solved any Irish unemployment issue as well...
The article seem a little bit optimistic given what I saw, since the beginning the private companies flouted the rules without worrying of any backlash. Yes when the law came into force I received a lot of notifications, but 99% were illegal, they offered two options: grant them the right to use my data or unsubscribe, but what it means unsubscribe? Unsubscribe means that you don't want further notice, but you let them keep the data. So basically both of the options had the same result, they didn't let the people ask for the data deletion as the law required.
Furthermore, more than 30% of the notification I received came from companies I never heard of (notwithstanding I never had a Facebook account and I have a very limited amount of public data), they acquired my data from third parties and held them without letting me know. Not only this is already upsetting, but the availability of the unsubscribe option was really appalling, for sure there was nothing to unsubscribe from given that they never sent me an email and the denial of the possibility to delete the data was really a shame.
Going down this road I can bet that the GDPR will never be enforced, they will chase and fine small spammers to have some publicity, they'll go on with few show cases to let people think they are doing something, but the real issue, the power that big corporation are accumulation over private citizens will never be addressed.
Hmmm - needs the right type of fear - GDPR facilitates a number of Data Subject Access Rights - these are both insightful at an individual level, and very irritating should they be applied extensively or en masse (not that I encourage privacy activism/terrorism) as the Privacy Officer and their dog can get rather overwhelmed. Also the IT challenges of some of these are very interesting.The California Consumer Privacy Act also covers many of these so that should be entertaining as things get close to home...
the right to be informed about the collection and the use of their personal data
>> meh but ask them to list all the uses - probably interesting
the right to access personal data and supplementary information
>> I want it all Mr. Facebook! In paper please, I can probably heat my house for the year
the right to have inaccurate personal data rectified, or completed if it is incomplete
>>I think <random element> is inaccurate please change...repeat
the right to erasure (to be forgotten) in certain circumstances
>>You don't need that bit any more please delete it, including in backups
the right to restrict processing in certain circumstances
>> ask if they are processing any information on a legitimate interest basis and the justification for it
the right to data portability, which allows the data subject to obtain and reuse their personal data for their own purposes across different services
>>hey Whatscrapp please bundle everything up for me and send it to Weshat! (OK you might be creating another problem but still...)
the right to object to processing in certain circumstances
>> ask to restrict processing pending erasure
rights in relation to automated decision making and profiling
>> notify them that you object to any form of profiling and request them to declare current uses
the right to withdraw consent at any time (where relevant)
>> find one of the uses above and dissect it - say you consent to this bit but not to that
the right to complain to the Information Commissioner
>>if you don't like any of the answers above you know who to complain to
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
