back to article GDPR: Four letters that put fear into firms' hearts in 2018

If dictionaries awarded an acronym of the year as well as a word, we'd put our money on it being GDPR. At the start of 2018, these four letters generally only signalled you were about to get a very smelly sales pitch, an annoying email or a "computer sez no" style excuse. But as the year progressed, a data harvesting scandal …

  1. Stephen Lindsey

    "If dictionaries awarded an acronym of the year as well as a word, we'd put our money on it being GDPR. "

    You'd lose it all then 'cause it's not an acronym.

    1. DavCrav Silver badge

      "You'd lose it all then 'cause it's not an acronym."

      Not clear. Some people say that acronyms must form words in their own right, like NATO or sonar, but most people, and hence dictionaries, don't include that stipulation.

      1. Stephen Lindsey

        I can give you many links to dictionaries that define "acronym" , what is your evidence for the assertion "most people..."

        1. Mephistro Silver badge

          *I can give you many links to dictionaries that define "acronym"*

          Such as the Merriam-Webster Online Dictionary?

          "Acronym: a word (such as NATO, radar, or laser) formed from the initial letter or letters of each of the successive parts or major parts of a compound term

          also : an abbreviation (such as FBI) formed from initial letters : initialism"

        2. This post has been deleted by its author

        3. DavCrav Silver badge

          "I can give you many links to dictionaries that define "acronym" "

          The dictionary closest to hand doesn't have a definition of 'acronym', going from acrolith to acropolis. That's what you get for having a dictionary from 1925, I guess.

          "what is your evidence for the assertion "most people..." "

          Hits on Google for acronym: 143m. Hits on Google for initialism: 1.52m. There aren't 100 times as many acronyms as initialisms, so it must be that many people are using acronym for both concepts.

      2. robidy

        GDPR isn't pronounced as a word...I suspect it's actually an initialism as opposed to an acronym.

        However if we move from the realms of the English language to geekery then WTF, ROFL and CUNT are called acronyms but are technically initialisms.

        Of course MYSQL and SQL could be either or a hybrid.

        So this boxing day everyone's a winner ha ha :)

        1. KernelMustard

          You mean it's not pronounced guduperr? :P

    2. Wade Burchette
      Joke

      I think you should embiggen your vocabulary because it is perfectly cromulent to describe GPDR as an acronym.

      1. J. Cook Bronze badge
        Go

        Enjoy your upvote from me for making me giggle at the $20 words. :D

  2. Anonymous Coward
    Anonymous Coward

    Too many words for this time of year!

    Can we cut the pedanticalness? Too much for the brain on Boxing day!

    1. 89724102172714182892114I7551670349743096734346773478647892349863592355648544996312855148587659264921

      Re: Too many words for this time of year!

      It's "Pedanciosity"

  3. TRT Silver badge

    Ah.. GDPR...

    H&S for the digital age.

    1. Teiwaz Silver badge

      Re: Ah.. GDPR...

      H&S for the digital age.

      For some sites it's been a laxative, as they been shitting themselves over it, many just decided to sew it up, others took too much stool hardner, for stubborn constipation, revealed by their unrelenting opt out panels.

  4. Commswonk Silver badge

    Oh No It Isn't...

    The already tired adage "if you're not paying, you're the product" has been so over-used this year it must be fit for retirement.

    It may seem to get used a lot (perhaps to the point of tedium) by those who understand the implications of it, but there are far, far, too many people (mainly, I suspect, "the young") who need the message ramming home time and time again because they either don't know or don't care about their privacy enough to care.

    There was a hint yesterday (yes, Christmas Day) that a 15 year old was about to take a picture of a family gathering and upload it to Snapchat or the like so I stated quite firmly that I did not give my permission for my image to be uploaded anywhere. Yes there were one or two perhaps cross faces, and no photograph was taken AFAIK; Christmas Day or not I was not going change my opinion about what I firmly do not want to happen with my likeness.

    The "if you're not paying..." mantra can wait for another day, although I suspect it will be wasted until said 15 year old is about 50, by which time it will be too late anyway. With parents who cannot see any downside to social media in between, what chance do grandparents' have?

    Bugger all, I fear...

    1. Doctor Syntax Silver badge

      Re: Oh No It Isn't...

      Well done!

    2. Gene Cash Silver badge

      Re: Oh No It Isn't...

      What needs to be retired is "if you have nothing to hide..." and "think of the children..."

      1. Anonymous Coward
        Anonymous Coward

        Re: Oh No It Isn't...

        What needs to be retired is "if you have nothing to hide..." and "think of the children..."

        And also: "We take users privacy and sercurity very seriously" after a major breach of either.

        1. Commswonk Silver badge

          Re: Oh No It Isn't...

          "We take users privacy and security very seriously"

          Has anyone ever seen some management drone say this, or does it always emerge in written form?

          I suspect that the sentence is impossible to say without at the very least having to pucker up the mouth to prevent an outburst of laughter, particularly if the words "are our first priority" are added.

          I would love to see someone from an errant organisation actually speak the sentence.

          1. Alister Silver badge

            Re: Oh No It Isn't...

            Has anyone ever seen some management drone say this, or does it always emerge in written form?

            I'm pretty sure Dido Harding said it live on television, but then she was so clueless she probably thought it was true...

        2. Doctor Syntax Silver badge

          Re: Oh No It Isn't...

          And also: "We take users privacy and sercurity very seriously" after a major breach of either.

          I'd like to see journos point blank refusing to print such a statement without an answer to a question as to how the company squares this with what's just happened.

          1. theblackhand

            Re: Oh No It Isn't...

            “And also: "We take users privacy and sercurity very seriously" after a major breach of either.

            I'd like to see journos point blank refusing to print such a statement without an answer to a question as to how the company squares this with what's just happened.”

            Or allow PR people to say it on video on the condition that suitable backing music will be added later. I’m torn between circus music and the Mickey Mouse club song...

        3. BrownishMonstr

          Re: Oh No It Isn't...

          We take users privacy and sercurity very seriously" after a major breach of either.

          I suppose it is possible. Rules were in place that a particular person didn't follow and it was only noticed when the breach occurred (such as don't open attachments), although I'm sure there are ways to test this. Alternatively, it could have been an unknown unknown kind of data breach, which is to say they put stuff in place about they stuff they knew about and stuff which they knew they didn't know, but not stuff they don't know they don't.

    3. Whitter
      Unhappy

      Re: Oh No It Isn't...

      Alas if it were true.

      Alas, even if you are paying, you are still the product.

      Take a bow MS Office and no doubt many others.

    4. Anonymous Coward
      Anonymous Coward

      Re: Oh No It Isn't...

      Said 15 year old didn't need your permssion, grynch.

      If you are so bothered, wear a paper bag, or stay at home.

    5. Dan 55 Silver badge

      Re: Oh No It Isn't...

      There was a hint yesterday (yes, Christmas Day) that a 15 year old was about to take a picture of a family gathering and upload it to Snapchat or the like so I stated quite firmly that I did not give my permission for my image to be uploaded anywhere. Yes there were one or two perhaps cross faces, and no photograph was taken AFAIK; Christmas Day or not I was not going change my opinion about what I firmly do not want to happen with my likeness.

      Well that's kind of sad indictment. Not that you didn't want your image to be uploaded, but that the 15 year old didn't think the photo of everyone around the table was worth taking because it wouldn't be uploaded to Snapchat or whatever.

  5. a_yank_lurker Silver badge

    The Result of Arrogance

    The GDPR and other rumblings are the result of arrogance by Suckerberg, et. al. When an industry becomes very critical too the masses it inevitably gets scrutiny from governments. The only way to minimize the inevitable regulations is to have the ethics of a saint and guarantee your successors will even be more saintly. Otherwise, there will be regulation and is severity will be in proportion to the perceived evil the industry is committing. If you are perceived to doing evil (or could do serious evil) you get some serious regulations shoved down your throat. You can ask the healthcare industry, auto industry, or a variety of other industries how they got regulated and you will find a story similar to what the tech industry is facing now. Arrogant, unethical members of those industries coupled with some honest mistakes caused misery in some form to innocent people. Thus, the local national government stepped in to curb problems often with very similar legal frameworks. Suckerberg, et. al. thought they were immune to the normal patterns of business and government interest; they are not. Become big enough and be unethical enough, you will get governments sniffing around including the grandstanding politicians. And they have the power to act and restrict what you can do to what should have been doing anyway.

    1. Doctor Syntax Silver badge

      Re: The Result of Arrogance

      "The GDPR and other rumblings are the result of arrogance by Suckerberg, et. al."

      Not really. In Europe the antecedents are the DPAs of the 1980s. It may have taken the US a few decades to realise that there's a problem but unless I missed one somewhere this is now the 3rd such Act in the UK. The current version reacts to the need to bring the penalties up to date with inflation and to make them scale with the size of the offender and to penalise the usual weaselling actions of offenders.

      1. Bigg Phill

        DPA III

        Yes, yes and thrice yes.

        Been saying all year that most of the important stuff in GDPR was already in the DPA legislation. All they needed was to link the fines to turnover.

        On the other hand I'm somewhat concerned that the much heralded portability rights will backfire.

        Used to work for life assurance companies and your competitors could find out a lot about your products from the personal data you retain vs what you discard.

        It'd probably result in you having to keep even more customer data to help mask the really useful stuff

      2. Anonymous Coward
        Anonymous Coward

        Re: The Result of Arrogance

        Trying to link GDPR to the large US social media organisations misses the reality of organisations in the UK (I’m less familiar with breaches within other European countries).

        TheReg has had stories on many of the smaller cases that the ICO has handled and the reality is that the UK is a long way away from GDPR breaches being a common occurrence. While the increases in fines will help larger private sector organisations focus a little more, the public sector and smaller private sector organisations will take longer to improve. Years longer unfortunately.

  6. Anonymous Coward
    Anonymous Coward

    Speaking of Facebook.....

    WTF is going on with this "Integrity Initiative" thing?

    https://www.zerohedge.com/news/2018-12-25/inside-temple-covert-propaganda-integrity-initiative-uks-scandalous-information-war

    1. amanfromMars 1 Silver badge

      Re: Speaking of Facebook.....

      WTF is going on with this "Integrity Initiative" thing?

      https://www.zerohedge.com/news/2018-12-25/inside-temple-covert-propaganda-integrity-initiative-uks-scandalous-information-war ... Anonymous Coward

      Quite a bit more than just desperate shenanigans, AC, but it is not proving itself all seeing and almighty and that is surely problematical and invites both opposition and competition from more than just earlier established spooky forces and sources both at home and from abroad.

      Imagine it as a bastard child without a caring family and one gets a flavour of the operation?

  7. Pascal Monett Silver badge

    What's this about "Facebook's demise" ?

    I'm sorry, I wasn't aware FaceBook has shut down and stopped trading. Mind you, I wouldn't shed a tear if it had, but I think the word "demise" is a tad premature.

  8. Paul 87

    Interesting thought exercise, if, by means of automatically inferred location data, a company targets you for special offers via adverts, could you argue that the decision making process harms another person by virtue of them not meeting the criteria, and therefore the decision made automatically and with no oversight, isn't permitted under GDPR?

    Could kill off the entire targeted ads business once and for all

  9. LDS Silver badge

    "home regulator for various tech giants headquartered in the nation, is about a fifth of the size"

    This is a missed opportunity. GDPR should have stated minimum requirement for regulators staff based on the actual number of users managed by companies based on their territory - it would have solved any Irish unemployment issue as well...

  10. devTrail

    Rules already flouted

    The article seem a little bit optimistic given what I saw, since the beginning the private companies flouted the rules without worrying of any backlash. Yes when the law came into force I received a lot of notifications, but 99% were illegal, they offered two options: grant them the right to use my data or unsubscribe, but what it means unsubscribe? Unsubscribe means that you don't want further notice, but you let them keep the data. So basically both of the options had the same result, they didn't let the people ask for the data deletion as the law required.

    Furthermore, more than 30% of the notification I received came from companies I never heard of (notwithstanding I never had a Facebook account and I have a very limited amount of public data), they acquired my data from third parties and held them without letting me know. Not only this is already upsetting, but the availability of the unsubscribe option was really appalling, for sure there was nothing to unsubscribe from given that they never sent me an email and the denial of the possibility to delete the data was really a shame.

    Going down this road I can bet that the GDPR will never be enforced, they will chase and fine small spammers to have some publicity, they'll go on with few show cases to let people think they are doing something, but the real issue, the power that big corporation are accumulation over private citizens will never be addressed.

  11. spold Bronze badge

    Data Subject Access Rights (and the Right to be irritating...)

    Hmmm - needs the right type of fear - GDPR facilitates a number of Data Subject Access Rights - these are both insightful at an individual level, and very irritating should they be applied extensively or en masse (not that I encourage privacy activism/terrorism) as the Privacy Officer and their dog can get rather overwhelmed. Also the IT challenges of some of these are very interesting.The California Consumer Privacy Act also covers many of these so that should be entertaining as things get close to home...

    the right to be informed about the collection and the use of their personal data

    >> meh but ask them to list all the uses - probably interesting

    the right to access personal data and supplementary information

    >> I want it all Mr. Facebook! In paper please, I can probably heat my house for the year

    the right to have inaccurate personal data rectified, or completed if it is incomplete

    >>I think <random element> is inaccurate please change...repeat

    the right to erasure (to be forgotten) in certain circumstances

    >>You don't need that bit any more please delete it, including in backups

    the right to restrict processing in certain circumstances

    >> ask if they are processing any information on a legitimate interest basis and the justification for it

    the right to data portability, which allows the data subject to obtain and reuse their personal data for their own purposes across different services

    >>hey Whatscrapp please bundle everything up for me and send it to Weshat! (OK you might be creating another problem but still...)

    the right to object to processing in certain circumstances

    >> ask to restrict processing pending erasure

    rights in relation to automated decision making and profiling

    >> notify them that you object to any form of profiling and request them to declare current uses

    the right to withdraw consent at any time (where relevant)

    >> find one of the uses above and dissect it - say you consent to this bit but not to that

    the right to complain to the Information Commissioner

    >>if you don't like any of the answers above you know who to complain to

  12. 89724102172714182892114I7551670349743096734346773478647892349863592355648544996312855148587659264921

    As usual, small businesses get arse raided while Facebook and the like hire flotillas (pods? gaggles? Ah, Turd Herds) of crack lawyers to circumvent having to comply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019