Posts by Doctor Syntax 40413 publicly visible posts • joined 16 Jun 2014
"Credit check"
In that case they don't need to keep it. If that's the only reason and they keep it anyway they fail data protection principle 5: Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
That, of course, is in addition to failing 7: Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.
ISTM that the only way round this is to add a requirement for type approval that a device have its default creds only effective for an initial login and at initial login the user must enter new values before it will become operational. A factory reset will restore the defaults and the user must then enter new values again. In order for this to become effective there must be no means of carrying out a remote factory reset.
I've recently had some success in enticing SEO spammers into an exchange of emails but as I've no website to offer them I've not succeeded in wasting too much of their time so far. I'm tempted to work out some complex phraseology that means "don't click this" when analysed carefully but at first glance seems to say the opposite and then drop in a link from whatever phishing scam has turned up recently.
"Windows 10 however, upon being told to look for printers on the network, found all of them almost instantly and set itself up with absolutely no intervention from me."
Quite the contrary to my experience with the brief insider test. Firstly it confined itself to a subset of my LAN & would never have found the printer. Secondly, once some fixes had been rolled out to change subnet masks it still didn't help because it didn't have a driver for the printer, HP2030. I went to the HP site & downloaded the W8 version which worked OK. Maybe they ported more drivers later but this was getting close to release date.
"Needless to say my answer, in short, was 'no'."
Bad answer. The correct answer is to name a price that will require authorisation well above the manager's limit so what he's done, and its consequences, will be visible further up the ladder. Only then, unless you're actually available for the gig, do you say 'no'.
Go one step further & read Computerworld's linked article analysing it. They compare it with an earlier severance clause used by the bank and there are some differences. The earlier clause is much more restrictive on the circumstances in which it can be invoked. The intention may have been similar and the differences due to some casual editing by HR. However it's the agreement as it actually exists that matters and everyone in tech should have learned to pay attention to what a document doesn't say.
"This is going to cause major problems for a lot of European healthcare providers who might use US based or US owned labs for testing batches of samples."
Not necessarily. All they need to do send a sample with just an ID code and keep the patient's details to themselves. Otherwise the ECJ has already caused them major problems.
"Nice idea but for the most part, impractical. Lawsuits cost money "
If this were evidence that the prosecution were attempting to put forward for a criminal offence you'd be in court anyway. They'd have to prove reasonableness in order to get the evidence in. I don't know about US criminal proceedings but I hope that's how it still works hereabouts.
Another example from this side of the Channel.
Castle Hill, near Huddersfield is a scheduled ancient monument. It's a hill fort (late Bronze Age IICR the excavation report) converted by the Normans into a motte & bailey castle. In the late C19th a pub was built in the bailey & a tower to celebrate Queen Victoria's jubilee was perched on top of the motte - not things you'd get away with now. From what I can remember of my only visit to the pub many years ago it was in quite an attractive Arts & Crafts style, as is the tower.
A few years ago the owners of the pub applied for planning permission for an extension and incredibly - remember that this was inside a scheduled monument - got it. The permission covered a limited amount of demolition. They demolished rather more and TPTB stepped in, stopped work and told them to reinstate using the original materials. They'd (cough) failed to retain the original materials on site (dressed stone in that style is quite valuable) so they couldn't do that. The consequence was that they had to demolish the rest of the building & make good.
Incredibly once in a while there are renewed attempts to get a new pub built on the site quite ignoring the fact that it's still an ancient monument.
According to the ECJ's statement the DPC weren't aware that they had the right to investigate. Presumably there was no precedent in the matter to make it clear that that right existed. It's as well to remember that at the core of the matter is the behaviour of government bodies acting illegally. It isn't reasonable to expect the DPC to act if they had no right to do so when that's what we're all complaining about. So Schrems sued them in the Irish High Court who then booted it up to the ECJ. If the ECJ hadn't agreed with him he might have found himself paying the DPC's costs. Remember that he started it out in his own court system in Austria & they told him to raise it with Ireland.
Overall what's happened is that due process of law has been followed and it's due process, or the lack of it, which is the basis of the Safe Harbour's failure. It needed to go to the ECJ to get everything clarified. It may seem wrong that it required an individual to do this but that's the way case law works; it needs cases. Now there are rulings which can be used by other DP regulators.
Again it's worth remembering that if you want to complain about due process not being followed you can't really cavil about due process being followed when that complaint is handled.
The Safe Harbour agreement was a product of the Commission and one of the matters the ECJ had to rule on was whether a national authority could investigate it at all or whether the Commission's decision prevented that. See the court's press release on the matter at http://curia.europa.eu/jcms/jcms/P_180250/
I don't see anything suspicious at all about this. If the DPC were not allowed to investigate but had done so in spite of that they would presumably have been facing action from Facebook. The matter had to be pushed up to a level which was able to give a definitive ruling which was a level capable of over-ruling the Commission at the same time. Don't complain; not only has this clarified procedure in general it's given us the ruling that Safe Harbour wasn't.
According to the site linked in the article there are further complaints against Apple (Ireland), Skype & Microsoft (Luxembourg) and Yahoo (Germany). Presumably the judgement will get the Apple case moving again. What happens with the others remains to be seen.
As regards social networks this is something the Irish DPC has to consider - remember the immediate outcome of this case is that they can now go ahead and investigate the complaint. They may still decide that some or all of the complaints aren't justified but if they are justified the networks don't have Safe Harbour to hide behind.
As regards international trade your customers would be sending their data to you and if you're in the EU you need to handle it in accordance with the EU's requirements. The problem comes if you then send it to a cloud CRM in the US because you can't be sure about it's handling. If you have a desktop database instead then the data doesn't leave the EU.
It seems as if his new safe harbour is just like the old one except that authorities are allowed to get at US data subjects' data when held in the EU.. I'm surprised. Under the circumstances I'd have expected him to argue that, if EU data subjects' data is kept by a US company's EU subsidiary in the EU, safe harbour would be the US barring itself from any attempt to get at it except by due process of law in the country in which it's held. It makes Microsoft's position in the email case the odd man out in that it seems to be the only example of them trying to do the right thing.
"Example: libel law. It does not apply on to MPs within the Parliament's building."
Think that one through. Let's way you have an issue about something but you lack the proof which would stand up in a court of law or, even if you have proof, you couldn't afford to defend yourself against libel. So what do you do? You can take it to your MP. Would you really think it a good situation if they were to respond that they're bound by the same rules as you? As things stand they can raise such issues in Parliament or with a minister and not be stuck with the limits you have.
It's part of the toolkit that enables a good constituency MP to work on behalf of constituents.
It may be slow but realisation of what's happening is gradually spreading. At some point it will become unsustainable to maintain indiscriminate surveillance contrary to the weight of public opinion. Now that MPs in general are included in the weight of public opinion that point might have become a good deal closer. We're getting there, one step at a time.
Presumably, however, at such a distant future epoch those sentient beings will look out at what they can observe at that time and make some interpretations of it. As there will be no way to perform experiments on a cosmic scale those interpretations will be untestable. Those observations will miss out some of what we can see today so their interpretations will be wrong according to our interpretations based on our observations but they'll not be in a position to know that. AIUI that's what's being said in this article.
Now, about our observations and our interpretations of them....
"As for me, I keep thinking about how everything in quantum mechanics such as the uncertainty principle, Planck length / Planck time, etc. are exactly the sort of choices you'd make in a computer simulation."
OTOH it could be observational bias.
"my D7 Bantam and its Wipac Rectified that kept blowing up batteries."
Was that the oblong rectifier hidden behind the little toolbox? Someone stole the rectifier off my dad's Banty in the works car park and because it was normally invisible anyway he didn't notice until he touched the horn button and the bike stopped because the battery was so low.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
