Posts by I_am_not_a_number 18 publicly visible posts • joined 7 Jun 2018
Yes actually a very good observation.
At the moment DC utilisation per unit space is limited by BTU cooling metrics "per tile" of space, right?
However, in reality once we reduce the cooling equation, won't they just pack the kit in, in increasing densities?
i.e. so called "efficiencies"?
With more kit again, it'll just drive up the failure rate again as a proportion of the assets. We only need a few pieces of kit dripping fluid for it just to be a hassle.
It reminds me of a time when the internet and computers were supposed to save us time and allow us to do the same work in less time, but instead we're just pushed to do more with less time (agile comes to mind).
OK, so for a single system this might be nice.
But, scale this up in a busy datacentre with 100s of parts being replaced per week, there's going to be lots of parts dripping with fluid:
-As they are transported across the data hall after removal.
-In situ as they are being removed.
-In boxes or anti-static bags in preparation for logistics return.
-In storage areas as they await collection (pooling).
-In field engineers cars if the DC doesn't allow parts to be stored onsite (3rd party/co-lo DCs charge per cubic m of space and even then there's a daily charge per day if part isn't collected after 48hours)
Also, how much additional weight will the data centre floor need to support if there'll be reservoirs of dielectric fluid?
If we treat cooling as a utility, would vendors share these reservoirs of fluid?
I can see the Health & Safety people tut-tutting already at the very least.
Agreed.
Softbank has a diverse portfolio of tech companies, which means it's less focussed on a specific sector and therefore (anti-)competitive behaviours.
To me, the quote below from Softbank was probably the main assurance to competition regulators, shortly after the Arm acquisition:
"..It is also intended that ARM will remain an independent business within SoftBank, and continue to be headquartered in Cambridge, UK..."
"Article 22 GDPR Automated individual decision-making, including profiling"
"The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her"
Where google says, "...it had "worked hard" to create a transparent and straightforward GDPR consent process for its ads personalisation settings"
For the first part, they're trying to reduce the fine by arguing against Article 83.2(c):
"[Regarding] the general conditions for imposing administrative fines)...the intentional or negligent character of the infringement..."
Ditto the second part regarding their concerns, relate to Article 83.2(k)
"..mitigating factor applicable to the circumstances of the case, such as financial benefits gained, or losses avoided, directly or indirectly, from the infringement..."
CNIL's final decision will likely be based on the perceived "m.o" of Google.
True.
But if you look more closely, it looks like their lawyers are positioning themselves using GDPR article 82(3):
"A controller or processor shall be exempt from liability under paragraph 2 if it proves that it is not in any way responsible for the event giving rise to the damage."
And in doing so, lay the grounds for a potential counter claim to their processors, if that falls through:
"... [controllers] shall be entitled to claim back from the other controllers or processors involved in the same processing that part of the compensation corresponding to their part of responsibility for the damage"
Hmm.. Singapore doesn't seem to be on the GDPR/Third countries with adequacy decision but they seem to have some kind of data protection under the Personal Data Protection Act 2012 (PDPA).
However:
"The data protection provisions in the PDPA (parts III to VI) generally do not apply to:
"Business contact information. This refers to an individual’s name, position name or title, business telephone number, business address, business electronic mail address or business fax number and any other similar information about the individual, not provided by the individual solely for his or her personal purposes.,,"
Penalties seem to be a bit weak (1 GBP = 1.72 Singapore Dollars) , I'm personally not convinced about the prison term below:
"...A fine up to SGD10,000. In the case of a continuing offence, the guilty person is liable to a further fine not exceeding SGD1,000 for every day or part of the day during which the offence continues after conviction.
Imprisonment for a term not exceeding three years."
That's pretty broad set of exclusions IMHO + anyone's guess whether their equivalent to the ICO will act to enforce...
Not sure what whether this answers the US centric view of "burden of proof" - I'm assuming that you mean by demonstrable losses, which obviously in this case, will be hard to prove, since ID theft isn't enacted until potentially years later...but perhaps the following might help..
The following section 168 of the UK Data Protection Act 2018 (which references GDPR) stipulates that, if you've suffered distress, then you have a right to claim compensation.
Here:
"168 Compensation for contravention of the GDPR
(1) In Article 82 of the GDPR (right to compensation for material or non-material damage), “non-material damage” includes distress."
Compensation mechanisms are referenced in articles 77-83. Since the hotel isn't a public authority, then none of the state level derogations will apply and therefore, fair game for any punishments..
Apologies for the brevity, not intended to be blunt...
Assuming I've not misunderstood:
"ICO stands for "Interesting Coat Outfitters" they've done nothing other than flash a couple of windcheaters..."
Would you count fines & prison sentence in one case as "nothing"?
https://ico.org.uk/action-weve-taken/enforcement/
"requirement to "promote the awareness of controllers and processors of their obligations under this Regulation" - both of which are apparently not happening."
Do Youtube, LinkedIn, Facebook & Twitter count?
https://www.youtube.com/user/icocomms
https://www.linkedin.com/company/information-commissioner's-office/
https://twitter.com/ICOnews?ref_src=twsrc%5Egoogle%7Ctwcamp%5Eserp%7Ctwgr%5Eauthor
https://www.facebook.com/ICOnews
Might be useful:
Art. 82 GDPR Right to compensation and liability:
"...Any person who has suffered material or non-material damage as a result of an infringement of this Regulation shall have the right to receive compensation from the controller or processor for the damage suffered."
Data Protection Act 2018:
Section 168:
Compensation for contravention of the GDPR
(1) In Article 82 of the GDPR (right to compensation for material or non-material damage), “non- material damage” includes distress.
Not sure I agree.
--> https://gdpr-info.eu/issues/third-countries/
"...At the time that the General Data Protection Regulation became applicable, the third countries which ensure an adequate level of protection were: Andorra, Argentina, Canada (only commercial organisations),"
It suggests that the "Supervisory Authority" in Canada are obliged to assist to the extent that the existing (canadian) laws that govern data protection requires.
Article 45 may also apply:
https://gdpr-info.eu/art-45-gdpr/
"Transfers on the basis of an adequacy decision"
If so, then article 47 applies regarding "Binding corporate rules", which commit those entities to ensuring "Data Protection" principles that make them "their legally binding [..in..] nature, both internally and externally;"
Here - https://gdpr-info.eu/art-47-gdpr/
I see alot of remarks here who regard the ICO as toothless. Perhaps before May 25th 2018 but after that date, less so.
Article 58 covers the powers bestowed upon the "Supervisory Authority" (ICO) and now can:
"obtain access to any premises of the controller and the processor, including to any data processing equipment and means, in accordance with Union or Member State procedural law."
"...to order the controller or processor to bring processing operations into compliance with the provisions of this Regulation, where appropriate, in a specified manner and within a specified period;"
(ref: https://gdpr-info.eu/art-58-gdpr )
The second of the points above is a bigger deal as the ICO can "order" them to comply. Related is Article 32 which is a key provision, as it covers "Security of Processing" which carries the burden of providing assurance of the CIA triad. I'm sure it'd be a major hassle if the regulator is breathing down your neck and publishing at the same time any (lack of) progress.
I can almost hear the people in the back row saying "yeah, yeah but it's never been tested in court, blah blah". True. Equally, the ICO will be keen to be seen as being able to flex it's muscles after it's relatively weak fine on FB.
That said, there's alot of unjustified glee about the potential fines.
Whilst it's true that it can be 2% or 4% etc, it also needs to be "effective, proportionate and dissuasive."
The operative word here is proportionate since it needs to take into account "the intentional or negligent character of the infringement" (Article 83).
If BA can show that they've had an ongoing programme of security audits, risk assessments and/or pen tests, then, I can see them arguing the toss and get away without a "total b*tchslap". At the same time, there's still sufficient scope for it to hurt.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
