You are assuming GDPR is good. I don’t think so. I don’t want GDRP in the US. The worst abuser of privacy - right now - is the government. I don’t think putting redtapes on startups will solve anything.
Just because we can't limit all players, we shouldn't even try to limit the vast majority of them? I'm not sure I agree with that logic...
Yes, the federal government is as bad (in reality, worse) than you say, but that's no reason to not take action against the thousands of other players that are blatantly following in their footsteps in terms of data collection.
If the government were serious about personal privacy, it wouldn’t mandate the storage of large amounts of personal information by banks on innocent people via KYC/AML laws.
Government is pretending to save people’s privacy with one hand, while forcing private companies to store people’s personal information with the other.
That is a somewhat valid concern, but here in Denmark (EU) GDPR har actually been helpful to highlight some of the data collection by the state, and some of it, has been set on standby or at least been postponed because of concerns (student mental health/well beeing, was so to be registered, and stored on a SSN level “for research”)
In Sweden (before GDPR) some inofficial list of "known elements of problems" or somesuch was kept by some police officers. This was already illegal before GDPR and lead to a lot of problems and news.
Heh, several EU countries already have FOI laws in place. Together with the GDPR regulation one has a handy and effective combination of tools to reign in governmental abuse. Oh, I’d never imagine I would ever use the word “synergy”! :D
> The worst abuser of privacy - right now - is the government
Lol, that could not be further from the truth, you have no idea of the amount of data private companies gather, the government has nowhere near as much data as Facebook, that's why the NSA has programs to incorporate Facebook data, the reason being that it's much better than anything they have got by themselves.
They have more now but only because Facebook gathered all of that, by themselves there's no way they could have the same kind of precision Facebook had.
There's no government program which records your position in real time, your interests, all the messages sent to your friends, the list of your friends, their occupation and where they are in real time, the news you read, all the information you are looking for... All of that in real time with an accuracy similar to Facebook (and aggregated as well, people often forget that most government files are not as neatly organised as Facebook...) . I could go on forever on the data Facebook has, no government program gathered as much as this, it's not even close. Not even the Soviet Union managed to get that much data on their citizens.
Do you also think that food industry should not be regulated, I mean is it important that rats could walk on your food ingredients as long as users don't know and are happy with the final product? Do you think that food businesses are affected by this regulations and we do not see the a move fast and kill people in the industry?
Same for fire safety,road safety, air transport safety regulations, I am sure that many business people would benefit by ignoring this laws, so let's do what is better for some business people and who cares about society.
Related to GDPR specifically, don't collect personal data that your product does not need, is it hard? Maybe you need to put a bit of effort to be in compliance but if your product is hones then you are fine, if you are not honest and you were collecting data in the hope you maybe could sell it later then I understand why you don't like it,
You are right, the business could fail but they have the option to pivot and sell rat hide, regulation would harm the possibilities of making money on the back of society.
Article 2d "This Regulation does not apply to the processing of personal data: [...] by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including the safeguarding against and the prevention of threats to public security." exempts data collection by gov't for security purposes.
Article 6.1c "Processing shall be lawful only if and to the extent that at least one of the following applies: [...] c) processing is necessary for compliance with a legal obligation to which the controller is subject;" exempts data collection by private parties if ordered by gov't, e.g. if they require communications operators to track subscriber identities or something else, then GDPR consent requirements don't apply.
So I'd say that it's materially true that "Data collection for security and intelligence purposes by governments is exempt from GDPR rules", as long as governments are doing this data collection according to whatever other laws they have passed and not in violation of them (which sometimes has been the case, though, with executive branch doing what legislative branch has forbidden them).
Member states have argued that intelligence services aren’t covered by EU law (their management is reserved to the member states), but since the basic principle of data protection is embedded in the European Charter of Human Rights, you can argue that EU residents (indeed, everybody) should be protected. It’s just that, unless individual countries write it into their law or a court successfully asserts its jurisdiction, there is nobody to enforce it against the intelligence services.
Weird. Libertarians keep on saying that government is less efficient in producing practically all possible services than private sector. Why would that not apply to service "collecting and using private data for gain"?
This doesn't mean Facebook should get a free pass. If anything it should get less of a pass because governments love to use the hands of corporations to do what they do (e.g. Hollywood blacklists of communists back in the day, dipping into Facebook's or Google's data stash with a warrant, etc.).
At this point private corporations 'helping' the government is exactly the worrying part because the government at least has some decorum and is keeping up some pretenses and you have to really be in the wrong place, at the wrong time and have an ethnicity that somewhat matches the supposed crime.
Meanwhile with corporations it's starting to look like a free for all between machine learning, big data, hidden internal Terms of Service kangaroo courts and so on. You can get blacklisted, flagged, (shadow)banned and not even know it. And then government or other corporation buys that Big Data DB and real fun starts.
If the government actually wants to capitalize on the data it has there is a lot of instant red tape applied. You can't just get arrested, told you're a terrorist and put in jail for 10 years with 0 process, 0 appeal and 0 documents (well, except with Gitmo but it's a special case).
Meanwhile the corporations can turn you into a functional half-leper in the modern increasingly online society and deny you business arbitrarily (or even secretly) as hell because their deep learning said so (and what they feed in there, what comes out, who made it and how - you don't get to know that), they don't care enough to admit a mistake and the most appeal opportunity you get is customer support ran by lobotomy patients. There's 0 recourse to being shadowbanned, hellbanned, blacklisted, whatever, sometimes even 0 contact option other than making a new account (which breaks their ToS in itself) and unlike the government that has watchful eyes on it from all sides for abuses you'll be told it's "a private business so they can do anything" or that you deserved it because it's a Cool and Good Company.
There was a story that some Palestinian guy got arrested because Facebook translated his "good morning" in some Arabic dialect into "attack them"[0]. If it wasn't the Israeli police arresting him but instead Facebook doing some deep mind big data crap and covertly flagging him as a potential terrorist then he might have found out 5 or 10 years from now that he can't get a plane ticket because some airline or other secretly sourced Facebook's DB and he has no way to even find out where that flagging came from because corporations are free to be secretive in their decision making.
Government also follows some logic (simplistic, biased, populist, racist or reductionist - sure, but still), while corporations can just spit out a verdict with 0 explanations with a link to 20 page ToS written in pseudo-lawyer pseudo-English and say that a video making fun of a mass shooter is suitable for advertisers and one of eating a carrot in a silly hat or swinging a banana around (it's not an euphemism, I mean an actual banana) is not[1].
