Reid D. M.Nov 23
Raphael Albert

Them: "Consider what having to comply with the GDPR means for small and mid-sized businesses!"

Me: "Consider what having small and mid-sized businnesses not complying with the GDPR means for all of us!"

I'm so tired of discussing digital privacy primarily from the point of view of companies, as businesses have always done and many politicians are increasingly doing.

We're talking about a human right! Our right! Don't let them frame it any other way!
--
#privacy #DataProtection #GDPR

Nov 22 at 7:50pmWeb
Show threadFalk πŸ‡ͺπŸ‡ΊπŸ‡¨πŸ‡¦πŸ•πŸ”‹Nov 22
@r_alb Compliance with GDPR is incredibly easy for any company: simply mind your own business without stealing or exploiting other people’s personal data.
Show threadRaphael AlbertNov 22
@falk
Agreed!
Show threadIvan CarapovicNov 23

@falk @r_alb it's not that simple. PII is way to strict for devs to have meaningful logging to actually fix some bugs. We are not even allowed to use anonymized data (random UUID) to check what flow did a user do before crashing the app. Because in theory, that UUID is still derived from PII and in theory could lead back to the user.

We rather not fix bugs than collect data which is absurd as a dev...

Show threadNeimanNov 22

@r_alb I guess the issue can be, especially for small businesses, not actually keeping privacy, but paying for the legal advise to make sure they keep privacy as GDPR intended, no?

I mean, I definitely encountered places that keep GDPR on paper, but definitely do not preserve my privacy.

Show threadRaphael AlbertNov 22

@neiman
Good question, thank you for asking!
In my experience, most of the privacy issues small and mid-sized businesses are facing come from the tools they are using. If they just used more privacy-friendly tools, their legal fees would be negligible.

If we want to make privacy easier for those companies, we should put money into building better tools for them instead of dismantling existing regulation, as the European Commission is currently doing.

Show threadNeimanNov 22
@r_alb Interesting. I get your point. Thanks.
Show threadMWTNov 22
@r_alb businesses are tools. They are mechanisms for providing products and services that we the people need. As soon as they stop being that, or start harming people or the environment, they need to cease existing.
Show threadβž΄βž΄βž΄Γ†πŸœ”Ζ.Ζ‡κ­šβ΄π”₯Ρ”ΙΌπŸ‘©πŸ»β€πŸ’»Nov 22

@r_alb Complying with GDPR is relatively easy for any business, but it's incorrect that it just requires you to not be selling personal data.

GDPR requires protecting PII, and PII exists all over anything that involves your name, phone number, or email. Like, your coffee ship membership and your fanzine newsletter.

However, you can just keep PII separate, and only accessible when you already have the PII.

Problem solved.

Show threadStreetDoggNov 23

@AeonCypher @r_alb Basically no business complies with GDPR because it's almost impossible to do fully. But nobody cares in 95% of the cases, because usually it has nothing to do with profiling customers or anything like that.

If your company uses any relevant amount of IT tools, it's always going to be a balancing act between doing enough to give the impression of compliance and ignoring most of it.

Most of the relevant data is about your own employees and often you can barely influence it.

Show threadGlowing Cat of the Nuclear WastelandsNov 23
@r_alb I mean, there's also the answer of "If it's so hard for small and mid-size businesses to comply, maybe we should provide them support so they can comply!"
Show threadRaphael AlbertNov 23
@deathkitten
True! This should go hand in hand with giving them better tools.
Show threadGlowing Cat of the Nuclear WastelandsNov 23
@r_alb We have the same problem with ADA here in the USA. The laws put all the weight on businesses to ensure they're accessible, and so people justify things not being compliant on "just think of how much it costs them to retrofit their building to be compliant!" like the government can't just give them money or access to services to help them! Employing people in public works jobs where they provided ADA accessibility renovations at a discount (or for free) would create a lot of jobs and improve society for everyone.
Show threadAnneHNov 23
@r_alb As someone who was a member of the team who set up GDPR procedures in a small business, it needs some work but is perfectly feasible for non-specialists to do and can have beneficial effects in the process, such as better visibility into data handling and improved privacy and security.
Show threadRaphael AlbertNov 23
@annehargreaves
Thank you for sharing your experience!
Show threadnot a martian, honestNov 24

@r_alb consider what having to comply with laws on murder means to small to medium sized assassin guilds.

They are basically killing a burgeoning new industry.