this post was submitted on 26 Jul 2023
2177 points (99.9% liked)
Technology
59656 readers
4059 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
I don’t get the “/s”.
The #GDPR is absolutely a perfect example of ½-assed laws & loopholes. I have filed reports on dozens of GDPR violations; not a single one of them lead to enforcement. The GDPR is just a prop to make people feel comfortable as the EU destroys the offline infrastructure.
I did as well for the Catholic Church. I don't want to have my name associated with a gang of child molesters so I invoked the right to be forgotten. The church told me that baptism is sacred and cannot be undone. The Dutch institution for GDPR claims never did anything about it because they're overloaded with requests.
Oh well, I'm not willing to give it more energy either. It's mildly annoying but doesn't affect my day to day life.
Maybe you misunderstand the enforcement part of the GDPR. It's not made for you to get personal enforcement out of it. It works on the basis of multiple infractions being recorded and then escalating the agencies response level.
I work with many companies as IT consultant and I can assure you, that they all FEAR the GDPR and treat natural person data very well because of that. Enforcement of GDPR does happen and you can review every enforcement on a public website called enforcement tracker. There are almost 1980 enforcement actions in their database.
I have also personally requested information about me and my family through the rights bestowed by the GDPR regulations and have EVERY TIME gotten the information within 30 days.
You obviously have not read article 77. This article entitles individuals to report GDPR violations to a DPA for enforcement. Article 77 does not distinguish violations against an individual (which I suppose is what you mean by “personal enforcement”) and violations against many. Some of the violations I have reported can only be construed as violations against the general public. E.g. an org fails to designate a DPO.
The problem is there is nothing to enforce article 77 itself. When a DPA neglects to act on an article 77 report, there is no recourse. There is only a provision that allows lawsuits against the GDPR violators. But then when someone did that, and then claimed legal costs, an Italian court decided for everyone in a precedence-setting case that legal costs are not recoverable. Which essentially neuters the court action remedy. So we have an unenforced article 77 and a costly & impractical direct action option.
It’s not even doing that much, in some cases. The report has to get past the front desk secretary and be submitted into the litigation chamber before it’s even considered as something that would indicate a trend. If it doesn’t get past the secretary it does nothing whatsoever. Some of my reports were flippantly rejected by a pre-screening secretary for bogus reasons (e.g. “your complaint is ‘contractual in nature’” when in fact there is no contractual agreement, apart from the fact that the existence of a contract does not nullify the GDPR anyway).
So you’re only seeing the commercial response. Gov agencies & NGOs are also subject to the GDPR, which is where you see the most recklessness (likely due to the lack of penalty). On the commercial side banks also don’t give much of a shit about the GDPR because when they violate it there’s a shit ton of banking regs they point to and the DPAs are afraid to act against banks because of the messy entanglement of AML/KYC laws that essentially push #banks to violate the GDPR.
Indeed I’ve browsed through the enforcement tracker. It’s a good prop for making the public believe that the #GDPR is being well enforced. They are cherry-picking cases to enforce to convince the public that something is being done, but people who actually submit reports know better. We see the reports that are clearly going unenforced.
I have had article 15 access requests denied which I then reported to the DPA, who opened a case but just sat on it. For years, so far.
(edit) By the way, I suggest you leave Lemmy·world for a different instance. If you care about privacy at all, you don’t use Cloudflare nodes. I cannot even see the msg I wrote (which you replied to) because #lemmyWorld blocks me (which I give some detail here: https://lemmy.dbzer0.com/post/1435972). I had to reply to you based purely on your msg without context.