Careful what you promise - at the current rate of going you mightn't be able to afford a pint by then...
46 posts • joined 10 Apr 2017
That paper seems to have received quiet a bit of critisim for methodological flaws (e.g. https://journals.sagepub.com/doi/10.1177/0956797619872762). The authors have reissued a "corrected" version.
Regardless, "personal preference" is shaped in a range of ways, and many of the factors mentioned previously continue to be applicible.
50/50 may be unreasonable, but 93.2% is doesn't fit with genrally accepted models for behavioural distribution.
There's lots of research into this, and it shows the in gender divide in computer skills emerges, quiet early in primary schools in most countries - child physcologists are very clear that there's no significant cognative difference at this age, so it's essentially atributable to envrionmental factors.
There are various plausible explainations for the causes, including role models, peer pressure and other social barriers, levels of support and encouragement, etc, etc, but "it's just natural" isn't supported by the evidence.
Data transfers between the EU and the US: Still unclear on what you're supposed to do? Here's an explainer
Also seem to have missed "Client pressure" as an option. As a small organisation with significantly larger clients, it's not uncommon for them to "expect" as do do things Thier way, regardless if whether there's any advantage or it even makes sense in the situation.
Tick box compliance stuff...
Sharing medical records with researchers: Assumed consent works in theory – just not yet in practice
Anonoymisation is more complex than its given credit for. You get back to the same problem; who decides what's good enough?
As scrubber notes, positioning this as saving lives vs not is a false representation. It's macro research vs local service effectiveness, with an added bonus of providing an avenue for sought-out prejudice.
It's about trust
What we're weighing up here is the potential benefits of it getting to the right people Vs our confidence it won't get to the wrong people.
The problem is that trust in Government in the UK is at an all time low. With a PM who unashamedly lies to us, goes back on his word with our neighbours as a badge of honour and is already in discussions about rolling back data protection laws for profit, it's seems we're only we ever one casually waved though regulatory change from anything we might have though was satisfactory being swept away.
How can you expect people to to take a leap of faith in that context?
Cloudflare dumps Google's reCAPTCHA, moves to hCaptcha as free ride ends (and something about privacy)
This tone assumes Morrisons was powerless against KPMG's proposed mechanism,.
Morrisons is of course entitled to refuse a process they consider to be contrary to their data protection obligations.
They're required to be audited, they're not required to be audited according to a process invented by a third party they don't agree with. Of course they may not have reviewed it..
"That seems like an edge case to me. I'm purely speculating here, but it seems to me that an org that is so small that it can't sort out infrastructure is probably also so small that the infrastructure it needs is simple enough that they could sort it out themselves."
As someone in this position, I see both sides. We use o365, but that's because we're a dev shop working on MS stuff and get it free though the partner program. If we weren't a dev shop we'd likely not have the infrastructure / skills in house run something like that ourselves.
It takes care of a lot of bits of stuff - AD, Fleet admin, E-Mails, OneDrive, Office, various resilliance and audit issues.. so it probably would be worth the full cost if you were starting out with none of that. Once you learn a little bbit about it, there's also various approahes around to avoid the full costs (I mean the legal ones).
Re: How about blockchain
We had slighlty mixed messaged on that.
On one hand you've got "required to function" granting exception, and a clause (somewhere, can't find it right now) pharsed as "…taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures".
On the other hand, you've got the ICO publishing things (I think it was clarification statement about backups) that say "technical difficulties doing it aren't an excuse".
In which case, see standard process for someone who releases something into the public domain without your consent; liability lies with them, not the key server. Once in the public domain, there's not a lot that can be done.
I could have a local cache of your key recorded from the key server, which I did on the understanding you'd consented to typical use of the pgp system. Is the onus on me to monitor the key server for status changes?
US legal position
So complying with a US law will mean violating EU law. That comes with a set of follow up quetsions:
1. Is there anything in US law which permits "we can't do that, it'd be against someone else's law" as a defence?
2. If Microsoft refuses to comply, gets fined, and still refuses to comply, can it continue to be punished or is that the end of the matter?
3. Is there a limit to what they could be fined? Basically, on a pure buiness costs basis, what makes more sense, breaking GDPR or braking CLOUD?
Re: Data protection.
That exemption is a Member State Derogation. ie. Member states can execute discretion to legislate over these areas. The UK won't be a member state, so we won't be entitled to derogations of our own making unless we obtain an agreement to the contrary, dispite the fact we're pretty likely to stiill have to comply with thme.
Missing the point
One of the really important points of the census is to validate all the other data excercises going on day to day. ie. is the admin data any good, or does government miss big sections of the population (always shows that it does..).
This move threatens to render missed groups off the radar indefinately, which has all kinds of knock on in service provision, democracy etc.
Doing bits of it online to save postage is seems fine form that this point of view, but not doing it at all is a huge failing.
Re: I dont believe there is ever likely to be full privacy on the internet
"I dont believe there is ever likely to be full privacy on the internet"
That'd basically be oxymoronic. The internet exists to communicate data. "Full privacy" for everyone about everything would mean don't communicate any data... As you say, it's about agreeing boundaries. The system is still relatively immature (compared to walking down the street..), opinions vary, the scope is wide, and enforcement is difficult. We're a long way off.
You walk down your street with knowledge of the area / community, and having decided the risk is acceptable; there maybe some streets you don't walk down because you don't feel that's true.
The real difference vs the down the street analogy is the scale and extent at which it can happen. People elsewhere in the world can do it en-masse in your street, and every other street. That changes the discussion because you no longer know which streets are safe, or what communicty you're interacting with, so your ability to choose is being eroded. Oddly enough that's an inverse privacy problem, where those doing the monitoring have too much privacy.
That's rather mixed bag then:
"due domestic demands" - that would indicate the issue is socital bias in domestic responsibilities; not really within an employers scope to mitigate, but clearly a route cause for various other gender issues.
"gaming the system" - seems to be about experience rather than gender. It's probably still something Uber should address; presumably through tweaks to the pricing model to try and minimise the advantages so all fares yield equvilant rewards. They'll never get that perfect, but can probably do better that an current. This however, would be primarily for the benefit of the customers rather than the
That's my assumption as well, and I see the point of that; otherwise any crook can just turn round, claim to be a researcher and simply "not have reported it yet".
Whether 72hrs is the right number is a fair question, along with how extensive the report is.
If it's a simple "Dear ICO, I believe that combining X with Y can reveal Z, but I'm sitll working on. Cheers" then that could be reasonable. If we're talking about an indepth analysis, then that's a different situation.
Re: Not too bad, all things considered
I'm inclined to agree with jmch.
While there is some residual risk fo taking 10 days to notify, it's probably better average for something of this size.
it practice it does take a bit of time to confirm it's actually happened, evaluate exactly what data has been taken, and which people need notifying.
They could have used the 2 step-model; of a general "something has been breached, be alert, details to follow", followed by a "this does/doesn't actually imapct you peronsally, in this way...", but I guess that's being balanced vs reputational damage risk of broadcasting a worse meessage than they actually need to.
Re: It should be about where the user was, not the server, it seems to me.
It's more than difficut to manage. In infeasibly problematic without effectively a new interational agreement on it and a huge wodge of policy everyone has to find ways to implement.
There are issues around how to record such information, confidence in such information, burden of proof.
Then there are ambiguities around things made in multiple juristrictions (collaborative authoring), out of duristiction (international waters), the list goes on and on.
"Because, yeah, devs hate code and love GUIs."
I actually think that's a misunderstanding. There's quite a mix of people who do this knida stuff.
Devs who write it themselves where there's an off-the-shelf solution available have special circumstances or are doing it wrong.
The data science crowd prefer to save their smarts for the analytics bit, they'd probably rather just push some buttons and have the data automagically become available.
Re: "How can you possibly do statistics on a guess!?"
I think the response is "How can you possible do statistics without a guess!?". Given that there are no comprehensive models of the world, and practically nothing is truely independant, you always assume something, whether you realise it or not.
"If you already have a Nest device set up in your house, the new camera won't require you to enter any login or Wi-Fi password details, but will grab the information through your existing account."
How exactly; they're broadcasting your local network credentials out of your house into the www? Why?