The Reuter’s article [0] this points to gives more info. Basically the judge felt the plaintiff was unrepresentative of the claimed class and any benefit would accrue to plaintiff and their lawyers while also finding Google’s action wrongful.
Mildly OT, as you’re a blind tennis fan, have you ever tried the adapted version of the sport for blind and partially sighted participants? If not, and you’re interested, I might be able to point you in the right direction depending on where you’re based.
No. This is a fundamental misunderstanding of the law. IP addresses are considered PII if and only if they can actually be legally used to identify an individual. And even where they can be, what on earth are you doing with them that you imagine is non compliance?
GDPR is for the most part making explicit things were implicit in the pre existing EU legislation, many of which have been subject to EU court rulings. There is a ton of precedent.
IP addresses are only PII if you are able to actually use them identify an individual.
> The CJEU decided that a dynamic IP address will be personal data in the hands of a website operator if:
there is another party (such as an ISP) that can link the dynamic IP address to the identity of an individual; and
the website operator has a "legal means" of obtaining access to the information held by the ISP in order to identify the individual. [1]
So once the account info is deleted, that link is broken. This another piece of DP legislation that has been subject to a great deal of FUD since most of the headlines just went with ‘court confirms IP address are PII’ and omitted ‘in some cases’. TBH, this was already pretty explicitly obvious from the legislation defining Personally Identifiable Information (hint: clue’s in the name).
You make this assertion elsewhere in the thread. It is incorrect. The entirety of the legislation is 88 pages long and it is really quite straightforward (full link preserved) [1].
Here is a set of (easily available) interactive tools, explainers and guidelines from ICO in the UK which explicitly outline what compliance looks like and what steps you can take to achieve and demonstrate it [2]. It’s available as a 162 page PDF, if you insist on counting pages, but much of it relates to the processing of sensitive data or data relating to children which the majority or orgs can skip.
Maybe. But where was he, and where were the rest of his party when this abomination was being shoved through parliament? Abstaining in the commons and cheerleading it in the lords. So pardon me if I don't buy him being a decent chap having any bearing whatsoever on this issue.
I think everyone can understand why it's been done. Because parliamentarians have looked at the legislation and come to the conclusion that it would infringe on what they believe to be their legitimate privileges.
It's just that they don't believe those same privileges should extend to everyone else.
Note the use of the word 'privileges' rather than rights, because once parliament starts making that distinction between groups that have them and groups that don't that's exactly what they become.
"To ensure they do not succeed, we do not comment publicly on the methods or capabilities available to the security and intelligence agencies."
Oh but you don't need to, because it's obvious. All my encrypted traffic to my overseas based VPN will be logged (legal). Then you'll demand my keys so that you can decrypt it. If I don't or can't comply then I will be - by definition - a criminal and potentially a terror suspect.
Which is why 'just use a VPN' is not really a satisfactory response to this kind of legislative landscape. Just doing so paints a target on you.
Which is not to say I don't appreciate the VPN providers stepping up, the more VPN users there are the more expensive it is to persecute them individually.
Why would they oppose it? It was their idea in the first place. Putting the entire population under constant electronic surveillance may be the one thing they agree with Tories about.