undefined | Better HN

0 points1vuio0pswjnm74d ago0 comments

"You consented to installing the software and having it autoupdate. That covers it."

Were the terms something like

https://chromium.googlesource.com/chromium/chromium/+/refs/h...

"11.1 The Software which you use may automatically download and install updates from time to time from Google. These updates are designed to improve, enhance and further develop the Services and may take the form of bug fixes, enhanced functions, new software modules and completely new versions. You agree to receive such updates (and permit Google to deliver these to you) as part of your use of the Services."

https://www.gdpreu.org/the-regulation/key-concepts/consent/

"Where should the consent request go?

Consent information must be easily identifiable by the user. It should be presented separately from any terms and conditions."

https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-re...

"You cannot rely on silence, inactivity, pre-ticked boxes, opt-out boxes, default settings or a blanket acceptance of your terms and conditions."

https://www.edpb.europa.eu/sites/default/files/files/file1/e...

"The element free implies real choice and control for data subjects. As a general rule, the GDPR prescribes that if the data subject has no real choice, feels compelled to consent or will endure negative consequences if they do not consent, then consent will not be valid.13 If consent is bundled up as a non-negotiable part of terms and conditions it is presumed not to have been freely given."

https://www.dpo-consulting.com/blog/gdpr-data-consent

"GDPR Article 7 further tightens consent. It requires clear requests (separate from general terms), a right to withdraw at any time, and documentation to demonstrate that consent was validly obtained. In short, you must prove that a person knowingly opted in. Records of data consent (who, when, how) are mandatory so that you can show regulators you followed GDPR consent requirements."

"You wanted a banana but what you got was a gorilla holding a banana and the entire jungle." - Joe Armstrong

You installed a banana with autoupdates enabled by default. Therefore you consented to installing a gorilla and an entire jungle

Anyway, joking aside, what's missing from this blog post is discussion of potential remedies for the alleged violations

It may be acceptable to Google to violate GDPR, etc. if the remedies enforced are merely a "cost of doing business" and not a threat to business success

0 comments

AlexanderHanff4d ago

First of all I want to thank you for your intelligent and reasoned post. As the author of the article in question, I have been mostly shocked at how many people are excusing this behaviour and playing Google Apologist.

Now to answer your question on the remedies. I didn't put them in this article because I covered them in another article that went viral a week or so earlier (the first reference in the Google article). The Google article was already a long read, I didn't want to repeat information I had already posted elsewhere.

As for my actions - well I will take the same actions I took against Anthropic.

I am currently preparing two legal complaints:

The first is under the GDPR and ePrivacy Directive here in the EU and will be sent to the IDPC (Information and Data Protection Commissioner) who will then initiate a Cross Border investigation with the Irish Data Protection Commissioner (Google is "established" in Ireland for the purpose of GDPR) for the GDPR aspects and conduct their own investigation on the ePrivacy violations.

The second will be a criminal complaint against Google under Chapter 9 of the Maltese Criminal Code for alteration of the configuration of my device (Google remotely flipped a profile flag to enable the download which I witnessed in real time and have logs for) and for unauthorised access and use of my computer (to download and redownload the model) under computer misuse and access statutes (think CFAA in the US and how it was used against Aaron Swartz if you are looking for a way to file a criminal complaint against Google for this - the arguments used against Swartz are just as applicable to Google here).

So again, thanks for the post, it was nice to read someone actually understanding (unlike Reddit where it seems they do anything but read what they are talking about despite being called Reddit).

I also want to take this opportunity to thank everyone else in this thread for their time and comments and to YC for hosting the discussion.

Also my apologies for the 503's some people got yesterday (and thanks for posting mirrors) my blog runs on my home server and I had the rate limit set too low (I increased it once I saw the messages on here and it seemed to have fixed it).

Now that said - wait until you see what I am publishing next week (the project I was working on when I discovered this), it makes this look like child's play...

j / k navigate · click thread line to collapse