undefined | Better HN

0 pointssmarx0072y ago0 comments

G.D.P.R., it says so in the thread.

And Europe is not a litigious environment, we start with complaints first.

0 comments

There is a suggestion that some data sent is in violation with the GDPR. There is no specifics about what it would be that is in violation however. I think 90% of sites with cookie banners are blatantly violating the GDPR - but whether I'm correct in that assessment is anyones guess. It would depend on court processes that hasn't happened yet. It's based on my understanding and interpretation of the regulation, nothing else. I guess it's the same with the complaint here. If there is a question of a violation then it's probably due to microsoft and the commenter having different interpretations about specific data such as hashed mac addresses (Which certainly isn't clear cut).

smarx007OP2y ago

Yup, there are lots of violations: https://noyb.eu/en

And I do think Microsoft has good lawyers and believe they reviewed any activity prior to receiving consent quite carefully.

alkonaut2y ago

Are there any concluded legal processes that are concerning

1) the form of consent banners

2) consent vs legitimate interest for ip transmission as part of http request headers

3) whether ads are a legitimate interest for web sites?

Those seem to me to be the 3 “big questions” of the GDPR. The regulation and most legal processes however seem to focus more on large scale data storage cases, failure to answer user requests etc. And those are important from a privacy standpoint but from a technical standpoint to software developers the 3 above seem much more interesting, yet mostly ignored by courts? I get a feeling they don’t want to touch it because they are a can of worms

smarx007OP2y ago

1) YES https://noyb.eu/en/where-did-all-reject-buttons-come

2) Consent vs legitimate interest is not for data but for data processing purposes. A company, say Paypal, may have a legitimate interest to process (and, therefore, collect) your IP address in fraud detection systems. If you don't give consent, fraud prevention dept cannot share your IP address with the marketing dept (and would have to erase it once it's no longer used by the fraud detection system). Which is why you get pestered with more consent requests than needed. Consent also has to be freely given: https://edpb.europa.eu/news/national-news/2019/facial-recogn... + https://noyb.eu/en/pay-or-okay-tech-news-site-heisede-illega...

3) Ads are not personal data (data that came from you and/or data related to you, not necessarily PII). GDPR is only about careful handling of all personal data. It does not prevent a company from showing you ads. But GDPR does prevent tracking to show targeted ads: https://noyb.eu/en/norway-temporary-ban-behavioral-ads-faceb...

blackoil2y ago

The complaint should come from some authority or a legal backing. The poster assumes that they are breaking GDPR and seeking explanation with some shit talk to make it sound legalese.

Companies as a policy and by logic don't reply to such comments/post because the response becomes a legal document. So any expectation of answer is futile.

smarx007OP2y ago

Articles 16 to 21 provide you, the end user, a range of grounds for a complaint: https://gdpr-info.eu/chapter-3/

Article 12 requires a response in one month. However, you shall not post comments on a repo issue to get a response but write to a DPO instead: https://learn.microsoft.com/en-us/compliance/regulatory/gdpr...

Read more on your GDPR rights and how to exercise them: https://noyb.eu/en/exercise-your-rights

lnxg33k12y ago

Maybe you come from a place where citizens just kiss corporations and count nothing, but the complaint here for GDPR can come from everywhere, even citizen can sue https://commission.europa.eu/law/law-topic/data-protection/r...

ladyanita222y ago

You got no idea bud...

smarx007OP2y ago

Well, sure, it's just a general observation, so knock wood.

j / k navigate · click thread line to collapse

0 comments

alkonaut2y ago

smarx007OP2y ago

Yup, there are lots of violations: https://noyb.eu/en

And I do think Microsoft has good lawyers and believe they reviewed any activity prior to receiving consent quite carefully.

alkonaut2y ago

Are there any concluded legal processes that are concerning

1) the form of consent banners

2) consent vs legitimate interest for ip transmission as part of http request headers

3) whether ads are a legitimate interest for web sites?

smarx007OP2y ago

1) YES https://noyb.eu/en/where-did-all-reject-buttons-come

blackoil2y ago

The complaint should come from some authority or a legal backing. The poster assumes that they are breaking GDPR and seeking explanation with some shit talk to make it sound legalese.

Companies as a policy and by logic don't reply to such comments/post because the response becomes a legal document. So any expectation of answer is futile.

smarx007OP2y ago

Articles 16 to 21 provide you, the end user, a range of grounds for a complaint: https://gdpr-info.eu/chapter-3/

Read more on your GDPR rights and how to exercise them: https://noyb.eu/en/exercise-your-rights

lnxg33k12y ago

ladyanita222y ago

You got no idea bud...

smarx007OP2y ago

Well, sure, it's just a general observation, so knock wood.

j / k navigate · click thread line to collapse