upvote

points

by ch4s311 hours ago |
comments
upvoteby buzer7 hours ago|
next
[-]
What new requirements can be set by the board? As far as I understand EDPB can only issue guidelines, recommendations and best practices. All of these are just guidelines on how to interpret GDPR. Courts are the ones who ultimately decide if are complying with GDPR. Local DPA likely won't harshly punish you if you follow EDPB's recommendations if they end up getting overturned by court.

DPA won't punish you for not following EDPB's recommendations, they will punish you for breaking GDPR. You are free to ignore EDPB if you think your legal position is strong, but you carry the risk if you are wrong.

reply
upvoteby stavros11 hours ago|
prev|
[-]
As someone who has to implement it, it's really not bad at all: Ask the user for consent to use their data, and don't be misleading about it. That's it.

The rest of the "It'S So LaRgE AnD UndErSpEciFieD" is just FUD. The regulators don't just slap fines, they work with you to get you to comply, and they just want to see that you're putting in the effort instead of messing them about.

I have literally never been surprised by the GDPR. Whenever I thought "surely this is allowed" it was, whenever I thought "this can't be allowed", it wasn't. For everything in the middle, nobody will punish you for an honest mistake.

reply
upvoteby kentm8 hours ago|
parent|
next
[-]
Also, "Be able to track a user's data and delete it on a request."

This is not too hard if you do proper engineering work ahead of time and are purposeful about how you move and manage data (step 1 is just not collecting it unless its vital). But the industry encourages us to be very bad about that because we gotta "move fast and break things or you're not gonna make it."

reply
upvoteby ch4s39 hours ago|
parent|
prev|
next
[-]
> for everything in the middle, nobody will punish you for an honest mistake.

How do you know that? Again the law establishes a rules making body that can at any time change or add rules, and as far as I can tell there's no public review process.

reply
upvoteby troupo3 hours ago|
parent|
next
[-]
> Again the law establishes a rules making body that can at any time change or add rules

Please quote the exact text of the law that you claim does that. And since the law has been in force for 10 years, perhaps you can point at the website of said body.

If you say "DPAs", then...erm... perhaps learn something about the world around you? Who do you think monitors compliance, say, for food, or for construction? It just appears out of nowhere? Same here

reply
upvoteby stavros8 hours ago|
parent|
prev|
[-]
Which body is this? The EDPB?
reply
upvoteby redwall_hp11 hours ago|
parent|
prev|
[-]
Anti GDPR people: "it's so complicated not being able to walk into someone's house and take their things! Which things can I not take? How about this? And now I need a lawyer if I take someone's things? Ridiculous!"

Just don't spy on people.

reply
upvoteby stavros11 hours ago|
parent|
[-]
Yeah that's pretty much what it feels like, or sometimes it's "what if someone's stuff is lying on the street? Can I take it then?" and the regulator is kind of like "look around and ask if it belongs to anyone, and if not, sure".
reply