Posts by Doctor Syntax 16426 posts • joined 16 Jun 2014
"There won't be POTS, instead fibre to the premises with a battery backed Optical Termination Unit."
You really think there'll be a 100% FTTP roll-out in that time period? And if there was how do you think it'll be paid for without dumping costs on people who didn't even ask for it and see no benefit?
"with BT FTTP (Infinity), there is no option to ditch the line rental, even if you don't (want to) use their phone service."
You still have the line, it's just made of a different material. It still needs to be provisioned and maintained. If someone else allows you to not pay an explicit rental you can be sure they've built the costs in elsewhere.
"When I do a search on Google for the name of my company, I get a plethora of websites with an info page based on data scraped from Companies House."
Much the same here for a company closed 10 years ago. And for take down in some cases their required information is more than required, e.g. email address and telephone number. Could be fun coming up in a month or so.
"If it finds unpleasant articles get those taken down rather than the search, then the search cannot find them."
The articles themselves are reports of then current events published from newspaper archives under journalistic protection.
All you have to do to accomplish your objective is get yourself elected to Parliament, put up a private members' bill to remove that protection from the DPA while simultaneously getting into the EU to get it removed from the GDPR as your amended DPA would cause grave problems if it didn't reflect GDPR.
An essential aspect of the court hearing was to establish what the law is in this regard. If you think that's in some way wrong you need to change the law.
@ markr555
When the Welfare State was set up NI was added to taxation supposedly to cover the costs of this. Likewise road vehicle taxation was introduced, in the form of the Road Fund Licence, to finance road construction and repair (the clue was in the name). The Road Fund, incidentally, was a solution to a problem that had plagued England and presumably many other places sing the middle ages.
The problem with this is the Treasury. It really doesn't like not being in control of all finances. It simply treats these as part of general taxation and doles out as little money as possible to the originally intended recipients. In the case of vehicle taxation it really did have to change the name - people might have started asking awkward questions such a show much money's in the fund and how's it spent.
In each case I think the solution is to tell the Treasury no. DVLA gets to keep the money and spend it on roads. It might make a payment to the NHS to cover the costs of dealing with RTAs but only when the roads are up to an agreed standard does any left-over money go to Treasury; if they're not up to standard then it goes back to the original tax-payers as compensation. A reconstituted DHSS would collect NI directly. NI could be set according to requirements, not according to what proportion of total taxation Treasury wants to shove under that heading.
This would bring transparency to large areas of taxation. NI could be set to meet requirements with a good deal more acceptance than at presence because it would be clear as to what it was being used for. The incompetence of DWP as it currently is would be an issue that affected taxpayers in general rather than just benefits claimants and get a much higher political profile.
@codejunky
Sometimes we agree. Jobs, and that means top jobs, need to be on the line and without golden goodbyes an case of failure.
I'd love to have the first A/C and the trust CEO appear together before the PAC. Ask the CEO their salary and then ask the A/C how much they could accomplish with that sum.
"More than a third of bank account takeover victims were over 60 years old. That was put down to the increasing popularity of online banking, and more fraudsters phoning victims claiming to be from the bank and asking to "verify" online passwords."
It's not necessarily popular. It's just enforced by shutting down more and more branches.
"AIUI, it effectively becomes illegal to use non-EU providers come 25th May."
Where does it say that?
It says what your responsibilities are. If you think you can meet those with non-EU providers then fine. If you think you can't then find an EU provider. If your EU provider is breached and spills your customers' PII then you're in violation. If you take a contact email purely to arrange delivery and then, without explicit permission, use it to spam customers then you're in violation no matter where your provider is; in fact your marketing pestering department might be a bigger threat to your business than a non-EU provider.
"I, and my colleague have our main business email accounts on a US hosted server provided by a US company, are we obliged to migrate it all to an EU based server / provider by the 25 May to comply with GDPR, or do we just need to inform clients via our privacy policy that client data is stored or processed in the USA ?"
You are required to process data in such a way as to keep it safe, not collect data you don't need,* don't keep it for longer than you need** and don't subsequently process it in some other way (e.g. being daft enough to spam your customers) for which you don't have the data subject's explicit informed consent.
It's up to you to work out how best to achieve that. Presumably you're primarily concerned with the safe-keeping aspect. You need to assure yourself that your email provider has adequate safeguards in that respect. Can you do that, to your own satisfaction with your existing provider? Does you contract with your existing provider indemnify you for any fines you might experience under GDPR for any shortcomings on their side? (It's not the only way to reassure you but if they're prepared to sign up to that it indicates that they believe their systems are good enough or at least they have good insurance). Note that you'd have to assure yourself in the same way in respect of an EU provider but you might feel that the different legal frameworks make that assurance easier.
But the bottom line is that GDPR determines your responsibilities in processing personal data of EU residents. How you fulfil those responsibilities is up to you and your skill and judgement. In that respect it's no different to any other aspect of your business, say taking customers' money in advance of providing goods and services, if that's what you do, are taking delivery from your suppliers before paying them. In each of those cases you, like any other business, have a responsibility not to defraud your customers but how you manage your financial affairs is up to you. Processing customer data within GDPR is going to be just another aspect of being in business.
* The need is in terms of providing the goods or service which the data was collected, not what your customer pestering department thinks they need.
** Ditto.
"This means the Tax-evasion pass-the-buck cookie crumbles as Amazapple USA can now, de rigeur, be considered the same company as Amazapple UK and thus cannot charge itself in order to avoid paying taxes."
An alternative take on this is that Amazapple UK* is a ready-made structure for a reverse takeover so that Amazapple US is left as a local sales operation, maybe, for arm's length sake, an independent franchise, and the real business has left the US to do business with the rest of the world.
* Other non-US countries are available
"Imagining that unencrypted on-premises data is secure indicates too much faith in your OS, your router/firewall software, your operational security an the trustworthiness of your staff"
That's a much shorter list than it would be for off-premises where you have to repeat that for your vendor's - or vendors' - premises and all the communications in between.
"US politics being the minefield that it is at the moment, MS would *far* prefer the politically expedient solution than getting ready for another round on the barricades against the DoJ and everything else trying to wade in."
It could be a very short term solution. MS are selling Azure to European govts - certainly to the UK govt. Are they serious about wanting that business to continue? The US govt can come along demanding Top Secret information from the UK Azure cloud if a US citizen is involved somewhere along the line, however peripherally. Surely somebody's going to realise that isn't a good idea.
"Any nation that might try to hold-out against the new USA law might find itself getting the same treatment as Tax Havens give the strength of opinion on the topic in the USA."
Just think that statement out again. We're talking about hosting of EU residents' personal data. Why should any EU country give a damn about what the US thinks? Either they play by EU law or someone else takes their business. It's not the US treating the EU countries the same way as the US treats tax havens. It's the EU treating the US the same way as the US treats tax havens. If the US hasn't the wit to realise that it's their loss, not Europe's and on present evidence it doesn't. Either the US corporations set up their own arm's length operations or there'll be EU businesses eating their lunch in a few years' time. Possibly some of those EU businesses will be ex-US.
Unfortunately, here in the UK, thanks to the numpties, we'll be stuck in the middle.
"Its also why politicians don't want to mess with Facebook / CA, as they're useful tools - for hire."
Governments might not want to. Select Committees give power to MPs who don't have the funds for that sort of hiring. ITYF they're rather keen on using that power if they see it as having popular appeal. Given that FB/CA etc. have rather dirtied their nappies now Committee members can probably see it as having public appeal.
"It used to be, back when the MPs had a smidgen of honour and sense of duty"
Back in those days a minister would accept that he carried the responsibility for his department's failings and resign. It even happened that a minister, might resign if the actual failing took place took place under a previous minister's period in office. Say something as serious as the Windrush business.
"Of which he clearly has neither."
I suppose if I were in his position my reasoning would be "Does attending give me a chance of dropping my former colleagues in it instead of me? If so, go, if not, try and stay out of it.". In that case my not going would be indicative of my thinking I had something to hide. I wonder what his reasoning is.
"What criteria is going to be used by Facebook to decide whether EU / non-EU data-rape rules apply:"
Their problem. They want to use that business model? Right, they have to work out how to use it and stay within the law. If they can't figure that out they either don't do it or don't complain when they get whacked..
"So what happens if, as I think I've read has been proposed, the US pass a law making it a statutory requirement for internet regstrars based in the US to make all this info publically available?"
I'd wondered about the existing situation in regard to that.
As far as can seen ICANN's role is not statutory. If the US were to make such a move and try to make it apply to non-US residents, effectively making the net US property, the likely consequence would be a push by other governments to move the whole internet under ITU. I don't think the US or most of the internet users would want that.
"Then there's Companies House: I do a lot of research using its data"
In which case I'm quite sure that, despite your protestations, you're aware that CH filings are statutory. Statutory data isn't affected by GDPR. It would appear that your complaint isn't about GDPR but about company law relating to what's accepted in filings.
"A very common misconception but not quite true. If you want to have an office based within the EU then any business performed from it must be compliant with EU laws."
And your second sentence also isn't quite true. It would mean that you couldn't send anyone over to conduct business in the EU nor would you be able to appoint agents there. In practical terms it would make it difficult to do business on a large scale if you couldn't do that.
"The EU does not forbid its citizens from seeking services outside the EU with organisations to which EU laws do not apply."
Apart from the logistical issues such an organisation would have to contend with being gaining a sleazy reputation. And if the nature of the service were B2B then its customers would be at risk.
"This would be news to most, well, everyone."
It shouldn't be news to anyone responsible for holding personal data of European residents. It wasn't even news to ICANN; they just hoped if they ignored it it would go away.
It would really be irresponsible of the EU to grant them a stay of execution. If they did that every other toe-rag in the data exploiting industry in the world would be queuing up next day. I think we can all guess who'd muscle to the front of the queue.
And didn't the US set up a new data protection ombudsman recently to "protect" EU data held in the US? Not law, mind you, just an "agreement" and a "promise"
Did they actually get round to appointing the actual official rather than a deputy? In any event, what was the department responsible for that? Wasn't it Commerce?
"So screw them. ICANN should just move all registrations in the EU to registrars outside of it."
There is an alternative. The rest of the world stops regarding ICANN as guardian ruler of that joint enterprise, the internet. They treat one of the existing DNS root mirrors as the definitive root, make any changes to that and point the other mirrors to it.
US businesses will have to go along with that if they want to be seen by the rest of the world. The most that would be left to ICANN would be to mirror the new root and just keep up the face-saving pretence to the US public of being in charge.
"Which is exactly what we'd imagine you would allege if you were trying to deflect attention away from the fact someone on your staff bungled and put the wrong files on the public internet."
Actually, no. I'd expect them to quietly fix the problem and do everything possible to avoid publicising that it ever happened. Are any of them called Streisand?
"I'm sure these people realise that once you pass laws where you can obtain data then the people whose data they want will just move it somewhere they can't get it."
I don't think they do. The thought patterns of legislators are such that they must believe that if they forbid something everyone wanting to do that will simply avoid their efforts. The history of taxation or banning of alcohol, for instance, has provided centuries long evidence of this in the form of smuggling and illicit distillation.
Living inside a bubble where a host of employees including the most senior officials are doing their bidding* seems to convince those who've reached the top of the government tree that they really are all-powerful.
* Or at least persuading them they are.
The Register - Independent news and views for the tech community. Part of Situation Publishing
Join our daily or weekly newsletters, subscribe to a specific section or set News alerts
Subscribe
