HackerTrans
TopNewTrendsCommentsPastAskShowJobs

fenier

no profile record

Submissions

Risky Business in the New Year

cunderwood.dev
2 points·by fenier·7 mesi fa·0 comments

[untitled]

1 points·by fenier·3 anni fa·0 comments

[untitled]

1 points·by fenier·3 anni fa·0 comments

[untitled]

1 points·by fenier·3 anni fa·0 comments

[untitled]

1 points·by fenier·3 anni fa·0 comments

[untitled]

1 points·by fenier·3 anni fa·0 comments

[untitled]

1 points·by fenier·3 anni fa·0 comments

[untitled]

1 points·by fenier·4 anni fa·0 comments

[untitled]

1 points·by fenier·4 anni fa·0 comments

[untitled]

1 points·by fenier·4 anni fa·0 comments

[untitled]

1 points·by fenier·4 anni fa·0 comments

[untitled]

1 points·by fenier·4 anni fa·0 comments

[untitled]

1 points·by fenier·4 anni fa·0 comments

[untitled]

1 points·by fenier·4 anni fa·0 comments

[untitled]

1 points·by fenier·4 anni fa·0 comments

[untitled]

1 points·by fenier·4 anni fa·0 comments

[untitled]

1 points·by fenier·4 anni fa·0 comments

[untitled]

1 points·by fenier·4 anni fa·0 comments

[untitled]

1 points·by fenier·4 anni fa·0 comments

[untitled]

1 points·by fenier·4 anni fa·0 comments

comments

fenier
·3 anni fa·discuss
Even if you do not have to comply with GDPR, 12 States have passed data privacy regulations to date. You may still need to comply with data protection law regardless if you qualify for various State laws.

Even if State law doesn't apply - you have have HIPAA, GLBA, SOX etc.
fenier
·3 anni fa·discuss
The U.S. and the EU signed the Data Privacy Framework over this past summer. https://www.dataprivacyframework.gov/s/ This offers methods for EU residents to exercise claims against U.S. businesses.

Among other requirements, a participating organization must provide you:

  Information on the types of personal data collected
  Information on the purposes of collection and use
  Information on the type or identity of third parties to which your personal data is disclosed
  Choices for limiting use and disclosure of your personal data
  Access to your personal data
  Notification of the organization’s liability if it transfers your personal data
  Notification of the requirement to disclose your personal data in response to lawful requests by public authorities
  Reasonable and appropriate security for your personal data
  A response to your complaint within 45 days
  Cost-free independent dispute resolution to address your data protection concerns
  The ability to invoke binding arbitration to address any complaint that the organization has violated its obligations under the DPF Principles to you and that has not been resolved by other means
https://www.dataprivacyframework.gov/s/article/My-Rights-und...
fenier
·3 anni fa·discuss
While you asked about GDPR, the banners are actually required for many use cases by the EU ePrivacy Directive[1]. This use case is both more broad, and different than those afford by GDPR. However it's possible both can overlap and you can be sanctioned for both items at once.

Not every website is subject to GDPR - applicability is determined by GDPR Article 3[2]. When a site is subject to GDPR - you need a legal basis to process personal data[3] subject to Article 6[4]. Sites which use the 'consent' legal basis, thus get consent with a banner.

If you do not have a valid legal basis (such as consent) to process data, but are found to be - complaints with the relevant Data Protection Authority may be lodged and investigations may be carried out subject to Article 77[5]. In the event of an adverse decision corrective action, including fines may be levied. There are two fine structures in the GDPR, and those can be found in Article 83.[6]

Now, a site can use geofencing, to determine if you are in the EU (or other relevant location) and selectively show you a banner or not based on your believed location as is determined by a reverse IP Address lookup.

You may be re-prompted between visits depending on if the persistence mechanic you select is maintained. Some browsers delete cookies aggressively[7], and if the preference cookie is removed by the browser you will likely be issued a banner on the next visit to re-establish your preferences.

[1]https://gdpr.eu/cookies/ [2]https://gdpr-info.eu/art-3-gdpr/ [3]https://gdpr-info.eu/art-4-gdpr/ [4]https://gdpr-info.eu/art-6-gdpr/ [5]https://gdpr-info.eu/art-77-gdpr/ [6]https://gdpr-info.eu/art-83-gdpr/ [7]https://webkit.org/tracking-prevention/
fenier
·3 anni fa·discuss
Data Privacy efforts are heavily slated to impact Analytics quality / volume in the next several years.

On the technical side we have things like Apple's Intelligent Tracking Prevention, App Tracking Transparency, Mail Tracking Transparency and Link Tracking Protection, Chrome is finally about to phase out 3rd party cookies and browsers like Firefox and Edge lock down or block common web tracking technologies. - just to name a few. All of this combines to add noise, or a reduction in volume which impacts analysis efforts.

On the regulation side, we have global laws such as Europe's GDPR, 4 US States with current data privacy laws in effect, and a total of 12 US slated to take effect before 2026 - all of which are slightly different in impact scope. This results in scenarios that even if you technically can collect data, you may not be legally allowed to, or, alternatively prevented from using it in specific ways.

This will force companies to switch back to Media Mix Models for attribution and adopt new privacy focused solutions for existing use cases to some extent.

Data analytics is getting more complex, not less. However that results in a massive amount of needed learning on a continued basis - which may not be for everyone.
fenier
·3 anni fa·discuss
Write a blog (history is valuable here, speak on Podcasts, Present at Conferences, be active on social media.

This can lead to people offering you positions that aren't publicly posted, because via your engagement they feel they understand you enough that you should be able to fill the role they have in mind.

For example - I write 20 blog posts going in depth on some topic - there's a decent chance I may actually know that topic. When that skill set becomes critical to someone - the odds are higher they'll contact me for that skill set because chances are, I'll be top of mind through sheer volume or quality of information I have written about that skill.
fenier
·4 anni fa·discuss
The author does gloss over the fact that Twitter has FTC Consent & GDPR requirements to meet, which means it does have to slow down during feature development at the risk of fines.
fenier
·4 anni fa·discuss
2021
fenier
·4 anni fa·discuss
Not Legal Advice.

Once your request is verified by Lexis-Nexus, they should have kicked off multiple work streams (disclosure, limited purpose, deletion) which may resolve in different orders, but must resolve in 'x' days, where 'x' is related to the duration defined by law, plus any extra extensions they may have notified you of, this may mean that the entire request could reasonably take upwards of 90 days, depending on the specific scenario. Note that some data may qualify as exempt from deletion requests, when they are required by other laws (such as gun sale records) the specifics are very context dependent.

If, after that time you believe that Lexus-Nexus did not comply with the request, then they may be in violation. Currently, for California residents, that means you can file a formal complaint with the CA Attorney General (https://oag.ca.gov/contact/consumer-complaint-against-busine...).

Note that this process will change on January 1st 2023 when the amendments of the CPRA will go into effect and enforcement authority shifts to the California Privacy Protection Agency (https://cppa.ca.gov/). This will also subject Lexis-Nexus to additional requirements and more strict definitions of terms such as 'sale'.
fenier
·4 anni fa·discuss
https://iapp.org/news/a/new-eu-data-blockage-as-german-court...
fenier
·4 anni fa·discuss
I think we have to look at Recital 23 through 31 they clarify what 'goods and services' mean.

https://gdpr-info.eu/recitals/no-23/
fenier
·4 anni fa·discuss
Well I mean think of a store which doesn't accept EU payment or ship to EU addresses, nor target EU residents with Advertising. You'd be hard pressed to say they service EU residents even if the site was able to be visited by EU residents.
fenier
·4 anni fa·discuss
The last two data exchange agreements between US/EU were overturned. I think it's unlikely at this point unless the USA adjusts some of its surveillance laws.
fenier
·4 anni fa·discuss
It depends on Art 3.

https://gdpr-info.eu/art-3-gdpr/

Just because a website exists and may be visited by a EU resident, does not mean that the site automatically has to comply.
fenier
·4 anni fa·discuss
The author of the blog apparently also wrote about Zaraz in this post:

https://cunderwood.dev/2022/01/30/tag-management-is-no-longe...