Welcome to Centmin Mod Community
Register Now

Discussing General Data Protection Regulation (GDPR)

Discussion in 'Web Development & Web Performance' started by eva2000, Apr 14, 2018.

Tags:
  1. bassie

    bassie Active Member

    984
    236
    43
    Apr 29, 2016
    Ratings:
    +696
    Local Time:
    7:06 AM
    GDPR is quite useless in case of Facebook.

    Let me give an example.
    I have a contact person abroad.

    In short, my data is linked to that person and analyzed on systems elsewhere on a site governed by US law where regulation isn’t as strict.

    More or less the same if you don't have Facebook like me.
    But friends allow Facebook to their contact list with my number, tag me on photos, name me in posts etc. Which, of course, I do not give permission for. But Facebook don't care about that.

    Conclusion
    It is all about linking data and analyze it, and that remains.
    They go through the same way, just something different with a loophole.
    I.e. other countrys where regulation isn’t as strict.
     
    • Informative Informative x 1
  2. Revenge

    Revenge Active Member

    415
    86
    28
    Feb 21, 2016
    Portugal
    Ratings:
    +307
    Local Time:
    6:06 AM
    1.9.x
    10.1.x
    If you don't have Facebook, how will your friends tag you? They can't put your name in the photo, but that's it. Data analysers want data they can work with, not your name and a photo they can't do nothing with.

    With "data" i mean everything that allows them to create a profile from you. What you like, what you dislike, your age, where you work, where you studied, what you want to do, what movies and tv shows you watch, music you listen, etc etc... With that data, they can target things to you. That's exactly what Cambridge Analytica did to manipulate people opinions.

    If a company is in a country where regulation isn't as strict, and that company have your data and give it to others without your consent, they are committing an illegal act, and if you want, you can go with them to court. If that company doesn't care, Europe can simple forbid them from working in Europe. Its simple as that.
     
    Last edited: Apr 21, 2018
  3. bassie

    bassie Active Member

    984
    236
    43
    Apr 29, 2016
    Ratings:
    +696
    Local Time:
    7:06 AM
    Yes they can work with it. Profiling starts simple, linking and analysing basic stuff.
    You must have an entrance somewhere: Phone number, friend list, phoned to each other a lot, Facebook like buttons, photo with manual name so Facebook photo analyze software can already recognize that person. So you quickly get an interesting profile of that person, his interests, friends, , web history, personal details, his face.

    Simple as a company that already calculate fines in advance.
    Example is Facebook with Whatsapp. 110 milion fine and they don't care.

    Whatsapp is still running in Europe.
    No changes have been made.

    Europe is like a dog. Barks hard but does not bite.
     
  4. Revenge

    Revenge Active Member

    415
    86
    28
    Feb 21, 2016
    Portugal
    Ratings:
    +307
    Local Time:
    6:06 AM
    1.9.x
    10.1.x
    If i remember correctly, Europe gave the highests fines ever to Microsoft and Google. You really thing they don't bite?

    To Google it was only 2.4 Billion € or 2.8 Billion $.
    If Facebook doesn't comply, they will pay 2 Billion(its 4% of their anual income). Do you really think they will have a problem to make easy money?

    If you don't have a Facebook, all they can get is your photo, name, phone number. How do they get your Web History if you are not registered? Remember that in Europe Facebook will not be able to track you with cookies without your consent.
     
  5. bassie

    bassie Active Member

    984
    236
    43
    Apr 29, 2016
    Ratings:
    +696
    Local Time:
    7:06 AM
  6. bassie

    bassie Active Member

    984
    236
    43
    Apr 29, 2016
    Ratings:
    +696
    Local Time:
    7:06 AM
    • Informative Informative x 1
  7. eva2000

    eva2000 Administrator Staff Member

    36,479
    8,001
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,326
    Local Time:
    3:06 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
  8. eva2000

    eva2000 Administrator Staff Member

    36,479
    8,001
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,326
    Local Time:
    3:06 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
  9. jscott

    jscott Member

    102
    14
    18
    Aug 13, 2015
    Ratings:
    +33
    Local Time:
    1:06 AM
    I just blocked all the countries in the EU via CSF for now. Once some of the dust settles and the BS stops flying I may do something else.

    Not the most efficient way but my app is local to the US and I have the CPU available to filter IPs via csf for now.

    -John
     
  10. eva2000

    eva2000 Administrator Staff Member

    36,479
    8,001
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,326
    Local Time:
    3:06 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    wow drastic measures.. maybe instead of outright blocking you could do some nginx geo location redirects so all EU visitors get redirected to a static html cookieless notice page explaining stuff or linking to social media accounts etc ?
     
  11. jscott

    jscott Member

    102
    14
    18
    Aug 13, 2015
    Ratings:
    +33
    Local Time:
    1:06 AM
    I was thinking about something like that, but have not had a chance to look into it yet. I am in a release cycle, and figured this is a sub-optimum, but quick fix that gets it done until I have time to look into it in more detail.

    Have any links handy? I was thinking about something like your 'site under maintenance" page, but it does not do any of the geo-location stuff I would need.
     
  12. eva2000

    eva2000 Administrator Staff Member

    36,479
    8,001
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,326
    Local Time:
    3:06 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    Probably better to start a separate thread ;) Centmin Mod Nginx already has nginx geoip module and 123.09beta01 also added geoip2 nginx module.

    But here's some resources some for CentOS and some are Debian/Ubuntu but general directives are the same.
    Nginx GeoIP module is one of my most used modules - used extensively on centminmod.com site and now on this forum too. On centminmod.com site all rotated advertising banners and links are GeoIP targeted so that I show banners and web hosts specific to a GeoIP detected country where possible. Forum's cookie usage popup I recently setup is also using Nginx GeoIP targeting so I only show the cookie popup to EU continent and OC (Oceania) visitors. Nginx GeoIP and GeoIP2 are very powerful modules for Nginx. Looks like I need to also look into moving my usage from GeoIP to GeoIP2 as GeoIP legacy database updates are no more and will eventually end after January 2, 2019.
     
  13. Revenge

    Revenge Active Member

    415
    86
    28
    Feb 21, 2016
    Portugal
    Ratings:
    +307
    Local Time:
    6:06 AM
    1.9.x
    10.1.x
    Its just a matter of time, and US will do the same thing.
     
  14. bassie

    bassie Active Member

    984
    236
    43
    Apr 29, 2016
    Ratings:
    +696
    Local Time:
    7:06 AM
    How are you so sure you aren't blocking legit users?, given the fact that IPV4 addresses are are up and therefore, resold, re-leased atm.

    For example I have more often had an originally vague country address.
    Later turned out it was IP leased.
     
  15. eva2000

    eva2000 Administrator Staff Member

    36,479
    8,001
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,326
    Local Time:
    3:06 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    Yeah IP address geo location data isn't always up to date unfortunately. But then would GDPR rules apply to such visitors if you don't have an IP address identifying them as EU located ?
     
  16. bassie

    bassie Active Member

    984
    236
    43
    Apr 29, 2016
    Ratings:
    +696
    Local Time:
    7:06 AM
    Definitely Yes.

    It is you problem to determine if it is an EU visitor, residing in the EU.
    The rules apply to everyone that is collecting data from EU residents residing in the EU.

    As John is offering local US APP(s) to local US customers and collecting data.
    GDPR does not apply.

    For EU citizens outside the EU (for example vacation) when the data is collected, the GDPR would not apply either.

    So there is no reason to block anyone.
    Put the text about not offering services to EU customers, and therefore not collecting data from EU citizens residing in the EU. But only US in your privacy policy and you are done.

    If you are using services like Google Analytics on the website where you can download the APP. Lost EU visitors can come by accident. You could setup Google Analytics GDPR friendly to tackle that EU visitors problem.
     
    Last edited: May 16, 2018
  17. eva2000

    eva2000 Administrator Staff Member

    36,479
    8,001
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,326
    Local Time:
    3:06 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    @jscott you're not alone US websites block netizens in Europe: Why are they ghosting EU? It's not you, it's GDPR :)

    woah and some went to very extreme
     
  18. eva2000

    eva2000 Administrator Staff Member

    36,479
    8,001
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,326
    Local Time:
    3:06 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    More to come GDPRmageddon: They think it's all over! Protip, it has only just begun
     
  19. eva2000

    eva2000 Administrator Staff Member

    36,479
    8,001
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,326
    Local Time:
    3:06 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    The glorious uncertainty: Backup world is having a GDPR moment

     
  20. jscott

    jscott Member

    102
    14
    18
    Aug 13, 2015
    Ratings:
    +33
    Local Time:
    1:06 AM
    Now that the dust is starting to settle, the EU is getting better at getting information out about just how the GDPR violation process works.

    They are currently stating that they will work with anybody that is in violation, or that they believe is in violation to help clear the violation.

    They say there are many steps between a notice of violation and a fine. Also that large fines should only be for egregious violators.

    There is a Wikipedia page that has real links to more detailed information without some of the bias from people trying to sell GDPR services.

    I had use CSF to block the EU countries several weeks ago, and while it worked it had some unforeseen side effects like blocking CSF updates for example.

    I will be removing those blocks in the next week or so in light of more information coming out.

    But I will keep a script handy to put those blocks back in place if the GPDR landscape changes...

    -John
     
    • Informative Informative x 1
..