Re: It's not for everyone but for most it could be good
"company certified sharing systems that can be controlled, scanned and safeguarded"
By whom? And note that the "whom" might be different for each verb.
16426 posts • joined 16 Jun 2014
"Technology moves on, often in directions that we don't all approve of. Nevertheless you have to keep up"
Let's extend the direction metaphor. You're driving along when you realise the road you're on leads in the wrong direction, possibly in the direction of a dangerous flood. Do you keep up or do you take a turn in a better direction?
In your situation there may be no alternative. In the Unixy world there are: several BSD Unices and systemd-free Linux distros.
the people with the problem with it are more of the Torvalds type, old school who want to use Unix-like systems
I have no problem with Red Hat wanting their semi-proprietary system. Unfortunately, in order to preserve their data centre presence they had to eliminate competition from non-systemd distros by ensuring it got into the likes of Debian.
"Nobody is going to go after a customer/contacts database"
Some of us are going to do what we can to make life uncomfortable for those who don't behave.
One that I have saved up relates to an enquiry I made a few weeks ago. The enquiry was answered but soon after there was a "rate our service" request which, in fact came from a third party. The reply address was in the form first-party@third-party so I replied pointing out that my permission had not been given for my data (email address) to be passed to the third party, I wasn't going to click any links in a spam and I wanted my data deleted and confirmation that that had been done. The only response was a follow-up because I hadn't filled in their survey. Come GDPR day a letter will go out to the data controllers of both organisations asking them to explain themselves and pointing out the consequences if this were to happen now.
I suspect that in many cases the data controllers don't know what others, particularly sales and marketing are getting up to. If nothing else complaints like this are going to mean that many of the guilty get a well-deserved kicking from their data controllers.
"data processors are often engaged to form a contract between the subject and the controller e.g. a ticket sale for an event. If consent was not basis for processing, removal of consent is not applicable."
Once the processing for performance of the contract is over there is no ongoing basis for retaining the data. In your example there might be a basis for retaining the data until the event is over in case refunds have to be made but when that possibility has passed the entire basis for holding the data has gone. The data should then be deleted. However the entire basis for processing was performance of the contract and there is no basis in the form of consent for the ticket processing business to use the data whilst it exists for anything else such as trying to sell tickets for something else.
"First, you have to make clear to the subjects where you got the data and what you're doing with it, and – most importantly – why you have the right to do what you're doing."
Arse about face| You don't have to make it clear to the subjects where you got it. You have to make it clear to them what you want to do with it before you get it and ask them if you can have it. If they say no you can't have it. And if they change their minds subsequently you have to delete it.
(Note the exceptions of data used for the provision of a service, etc. or statutory requirements. Of course you need a name and address for delivery of goods but you can't then presume to use it for mailshots trying to sell other stuff.)
"I want to know when they will be affordable for an average guy, like me?"
I doubt they'll ever be affordable to buy.
The legislative basis for their use, at least in the UK, seems, quite rightly, to put the legal responsibility for safe driving on the manufacturer. That means that the manufacturer rather than the owner will have to insure themselves. The manufacturer will, of course, pass this on to the customer. In the event of a straight sale, however, the manufacturer will only be able to have one opportunity to do that so would need to charge the customer for the vehicle's life-time insurance as part of the purchase price. That would substantially increase the price of a new car. The likelihood is that these vehicles will only ever be available for lease.
"What is the point of buying such an expensive object, that depreciates faster than you can burn £50"
To have one available when you need it. If your prime use is in the rush hour when everyone else wants a ride you'll be in competition with everyone else. If the numbers of available vehicles are such that peak demand is adequately covered they'll be mostly idle during the day and the costs per mile will go up to allow for that. If you have your own car now you'll still need your own AV. If you can manage by taxi now you'll use and AV taxi.
This is basically the automotive industry version of what "the cloud" has done for IT infrastructure and everyone wants to be the new AWS.
Lets not forget that one of the features of "the cloud" seems to be massive breaches of personal data left swinging in the breeze in ill-secured cloud backups and the like.
With vehicles it will be unacceptable to leave safe operation* to the customers as the risks to life and limb dwarf the severity of the risks from cloud. There won't be a "new AWS". AWS can shuffle all the responsibility for third party damage onto its customers; vehicle manufacturers won't. It's not just a huge potential market for manufacturers, it's also a hugel risk.
* The opportunities for gathering, mining and subsequently leaking personal data are the same or worse than the cloud but now only a side-issue.
"when will people other than beta testers get in them?"
When they do the correct term will be "guinea pigs". The unfortunate aspect of this is that while the guinea pigs who get into the cars will be volunteers those in the surrounding traffic or on foot will be innocent bystanders.
I've made the point before but it still needs reiterating: compensation for death, injury or damage to innocent bystanders and their property should not rely on them having to take on manufacturer or insurance funded lawyers in court.
"I can't see anyone really using Notepad what with the superior better alternatives of Notepad++ and Atom"
I can. The millions upon millions of Windows users who just use the PC as it came without realising that a text editor is something for which there are alternatives other than a full-blown word processor.
Even so I assume that it will continue to be the case that if one wishes to distribute, say, a set of notes for which .txt would be perfectly adequate the only way to be sure the recipient will be able to read them easily is to use the overhead of a PDF as older machines will probably never get the revised Notepad.
"I have bought two new cars in my life too.. The Dan phase(s)."
Same here. I'm not sure how the 2nd hand MGB which was one of the cars in between fitted into the Dave and Dan scenarios. It was more a case of "this is the time to have one while we can still fit the children into the back seats".
Yes, I take the point that things were less critical then. That was, indeed, the point made in the article. My point was that if one were looking for reliability to match that one might first consider an integrated system from a vendor able to supply everything from hardware to application. We have, in fact, the converse. We are building architectures with multiple points of failure.
When I retired a decade or so ago we were moving in that direction. I worked on distributed systems where multiple service providers cooperated on contract: one specialist supplier might face the customer, collect data and passed it on to another to provide the actual service. There might even be more providers than that, possibly with a prime contractor in the middle. But the lead time to deliver might be hours and each provider's system would be relatively self-contained.
So why, having gone to a trading environment with no slack in it, are we seeing businesses accepting more and more possible points of failure? Is it simply over-confidence? The price paid seems to be in data breaches and TITSUP episodes.
Of the two scenarios the mainframe with everything from H/W to applications provided by a single vendor seems less risky then a tangle of boxes, network OS and apps sourced from everywhere. And yet the suggestion is that the former belongs to a time when, allegedly, the cost of failure was greater. Does this contradiction stem from familiarity breeding over-confidence?
The saga of Tim's attempts to get information out of Adobe suggests they weren't very good at personalising their approach to him.
And:"I haven't thought through all of the access and deletion requirements for that but that's something that we’re working on."
Isn't it a bit late in the day for that?
I can't help thinking that when we're able to push back* in a meaningful way it may well be that businesses start asking serious questions about what their marketing departments have really been doing for them all these years. If we can actually make them question the value of that it may be a more effective way of dealing with the data-slurping industry than more direct action.
* a typo almost made that into "punch back" which might even fit better.
"Personally, when I'm pressed for time and need fuel, any forecourt I'm passing is perfectly acceptable"
And you certainly don't want to waste time getting your car washed. The fact that they thought their scenario meaningful tells us a good deal about their thought processes.
Just this. It's marketroids who think selling products is beneath them; "experiences" sounds so much more prestigious (or something).
Customers, OTOH, just want products which are fit for purpose. If they get an experience it's likely to be the bad one of discovering the product wasn't fit for purpose.
"Clearly there was something wrong with the unit."
Isn't that what I've been saying? But not Japan/Taiwan in the 70s but the US in the '60s. Although it was a "product" it was probably a built to order job, maybe even a one-off. It's at least 40 years since I set eyes on the beast and I'm trying to rack my brains as to what the handle was actually on. I think it might have been a component that we eventually replaced with our own design, in part because it was the weakest link in terms of trying to get it to hold a vacuum.
If any part of the external chassis is "hot", for any reason, there is a flaw in either the design or the implementation.
Not necessarily hot but definitely giving a tingle that shouldn't have been there, hence the extra insulation. Having a satisfactory solution - and enough other problems - we never investigated further but put it down to insulation good enough for US mains not being good enough for UK.
In elfin safety terms in that lab it was relatively minor. One research student nearly burned down the lab twice. SMBO made analar meringues - at least the sucrose was analar - in the same oven we used in the open lab for evaporating benzene off of samples. Another drying oven ended up with no fan blades: the HCl content of what was being dried had eroded them. And it took me years to realise why one sink had always leaked: the HF that was sometimes disposed of in it had dissolved the glaze.
"A red anode was a warning from which you could recover."
We had a valve PA system (mono) in our hall of residence using a pair of 807s. Periodically it would go unstable with the familiar red anode syndrome. Simply swapping them round didn't work 807s were expensive on student finance in the early '60s so I bought an extra one. I then swapped one of the old ones for the new one. Periodically the same problem would reoccur and I then swapped them round again to get a stable combination.
"With proper controls, 240V AC is not a problem."
We had a piece of lab kit - a radiocarbon dating system, not less - that was made in the US. All the power supplies etc. were specced for 240V so no problem there. Insulation however... A piece of steel rod, part of a handle, acquired a length of rubber gas tubing solved that.
There is a "Legitimate Interests" loophole under Regulation (EU) 2016/679 (47) which will allow them to reply with a nice "Go away and pester us no more" letter I'm afraid.
And if the interests they cite aren't legitimate that's a letter that gets forwarded straight to the ICO or whatever you local regulator is.
"If anyone wants to feel a bit sad, have a look at the AA's new GDPR terms and see what they consider legitimate interest."
Any company who decides that what they consider legitimate interest is going to have to persuade the relevant regulator that they agree. Remember that it's trying to bend the rules that brings the really big fines.
"I wuld love to see a EU law using GDPR"
"A EU law using GDPR"? That's meaningless. GDPR is an EU law.
"to force all companies to wipe out all existing data"
It does that in that it gives you the right to be forgotten. You can go to any corporation and demand (within limits) that they delete any information about you. There are limits. These include any information which is held by statute so if you're the director of a business you can't tell Companies House to forget you. They also include information necessary for performance of a contract so if something was sold to you with a maintenance contract* you can't tell the vendor to forget you without giving up the contract.
"Too much palm greasing going on in politics"
It's out of the hands of politics now: it's primarily in your hands with the regulators watching your back. And recent news suggests that in the UK the regulator will be very keen to do just that.
*However I don't see that registering something for guarantee entitles passing on the data to someone trying to flog maintenance contracts. If Homeserve try once more....
"But I'm seeing a uniformity of posts here so far that seem kinda vicious, as if CA was staffed by actual demons in human form rather than living, breathing fellow humans."
I think there's more variance than that. Some of us are more interested in the enforcement of the actual C21st law rather than reversion to medieval practices.
"Directors claim data has been destroyed as per the request of Facebook before ICO were involved"
Contract - even if this was involved - does not override law. If they were destroying evidence having been told to do so by Facebook doesn't excuse them.
"nice delay the ICO provided btw, nothing suspicious in that at all"
I'm not sure of the law here off the top of ny head and CBA to go & read it but commentary on subsequent changes to the new DP Bill passing through Parliament suggests that their hand were tied by the current DPA. So no, nothing suspicious, but a need to get the forthcoming DPA right. Entitlement to turn up at 5am with a sledgehammer and preferably a few uniformed bobbies would be ideal.
"Who would you hold criminally responsible as there is more than one director?"
All of them.
"Will SCL now close?"
ICO has already said it won't make any difference. That was plainly stated in the headline.
"If it does what legal rights do the ICO have?"
It's not so much rights as authority. It has the authority to go after those who were officers of the company when the offence occurred.
"Would a judge side with the ICO?"
Side isn't the right word. Judges are impartial and will impartially conduct the relevant tribunal. If the defence haven't a leg to stand on (or, indeed, f they have) they'll proceed according to the law.
"What if they claim they don't have the data to give?"
They'll need to prove that they never had it, difficult given what they already supplied, so either they give it or they admit to having destroyed evidence which would be an offence in itself.
"I don't think they'll get anything."
Who's they? I think SCL or its directors are going to get what's coming to them.
"But hey maybe the fishermen won't have to abide by the hated fishing quota system?"
And those who depend on the hated EU as a market for their catch (because we're only really keen on a limited range of species) aren't going to be able to sell what they do catch.
"The mess that is the negotiation is just a convent excuse to plaster over the militant incompetence that is a government IT project."
I think you'll find it was the other way around in a year or so's time. The militant incompetence of a govt IT project will be used to explain the mess that was the negotiation.
Biting the hand that feeds IT © 1998–2019