this post was submitted on 23 Feb 2024
800 points (98.9% liked)

Privacy

31949 readers
697 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] delirious_owl@discuss.online 30 points 8 months ago (2 children)

Isn't it a violation once they do something?

Maybe its illegal to make impossible promises to investors, but the GDPR supervisor authority wouldn't be the place to make that complaint...

[–] AlteredStateBlob@kbin.social 16 points 8 months ago (1 children)

It is not clear if reddit has already engaged in this with Google, or if it is something that's only starting. However, as outlined in my post, they might have to consult with a DPA before engaging in this anyway, which I doubt they have done. So, no, DPAs are absolutely the right place to make that complaint.

Even if they hadn't started yet, might as well get their eyes on it, and force them to do it right from the get go (which they cannot do, as it currently stands).

[–] Firipu@startrek.website 5 points 8 months ago (2 children)

You really believe a large Corp like reddit decided on something as big as this without consulting with their lawyers? Fuck spez, but there's no way not a single lawyer working with reddit remembered the massive legislation that has by far had the largest impact on the internet in years.

[–] Ephera@lemmy.ml 6 points 8 months ago* (last edited 8 months ago)

Corporate lawyers tend to be ...optimistic. And then management will put a risk calculation on top of that. As a result, most larger companies violate the GDPR. See the popular use of Google Analytics or Microsoft 365, for example, which are illegal in the EU, if you ask a DPA¹. Giving them a reality check is never a bad idea.

¹) https://www.imy.se/en/news/four-companies-must-stop-using-google-analytics/
https://news.itsfoss.com/microsoft-office-365-illegal-germany/

[–] AlteredStateBlob@kbin.social 3 points 8 months ago

Especially US companies usually just do things and are willing to engage in lenghty legal battles after the fact.they are very, very litigous.

Another issue to consider is that the GPDR is held vague on purpose since it applies to your neighborhood yoga studio as well as Google or reddit. Entirely different use cases. So there is a lot of room for interpretation.

Looking at the conduct just within Europe, yes, I think it is possible GDPR considerations were either ignored or downplayed to the point of irrelevance. There was a recent study by noyb.eu which showed that DPOs are still often pressured to make recommendations that do not align with GDPR principles.

Either way, the DPAs will have to decide if the complaint has merit. Given new technologies are specifically mentioned im the GDPR, I am at least very curious to see how it turns out.

[–] Ephera@lemmy.ml 8 points 8 months ago

Yeah, a formal complaint isn't quite intended for this purpose. Just writing to your data protection authority/officer to let them know that this is important to look after, will do the same here. They can then hand out a warning to Reddit.