To be fair to them, they do a pretty decent profit share every year. It is compensation based, so it's nothing life-changing (only say, 5-10% of your total compensation) but it was nice!
First and only place I've ever participated in profit sharing.
The Privacy and Electronic Communications Regulations (PECR)[1] do not supersede GDPR as such, they sit alongside it.
Section 22 is the relevant section they are hoping to rely on, specifically section 22(3) which allows them to:
----------
(3) A person may send or instigate the sending of electronic mail for the purposes of direct marketing where—
(a) that person has obtained the contact details of the recipient of that electronic mail in the course of the sale or negotiations for the sale of a product or service to that recipient;
(b) the direct marketing is in respect of that person’s similar products and services only; and
(c) the recipient has been given a simple means of refusing (free of charge except for the costs of the transmission of the refusal) the use of his contact details for the purposes of such direct marketing, at the time that the details were initially collected, and, where he did not initially refuse the use of the details, at the time of each subsequent communication.
----------
So in this case, they are obliged to let you withdraw your consent every time they email you. It is not a blank cheque for them to keep emailing you simply because you've purchased something; it is consent-based and therefore uses the same consent processes as the GDPR.
Yes, I quite agree that the prospect of success appears remote. They would have an arguable case for negligence regarding data inaccuracy though, so I wouldn't be surprised if they submit that as an additional claim and abandon the GDPR claim if that seems likely to fail.
The GDPR primarily focuses on the intent of the person processing or collecting the data rather than whether the activity you engaged in was private or public, although it does take into account reasonable expectations around privacy as well. I suppose it focuses on that because it's more flexible to enforce.
1. There have been breaches of data protection law (GDPR as implemented in the Data Protection Act 2018), e.g. players did not consent to data transfer, the data isn't accurate, etc. and it's done on a commercial basis.
2. These breaches were injurious to the economic prospects of the affected players and therefore damages should be awarded.
I would imagine that the cause of action will be the tort of negligence against whoever sold the data on, and/or the gaming, betting, and data-processing companies. This is because they arguably had a duty of care to the players, the duty was breached, and the players suffered some harm -- based solely on the facts in this article.
Regarding personal compilation of statistics, that's fine - there's an exemption for activities of a purely personal nature in the GDPR - which is why you wouldn't get caught, but commercial exploitation of the data falls outside of that.
> What bothers me the most is that Assange only crime in the UK is that he had skip bail from a crime without evidence.
Yes, but extradition works on the basis that if they committed a crime abroad and it would be a crime in the UK, extradition can typically go ahead. Even if they didn't commit the crime in the UK.
> Where is the European Court of Justice ? Human Rights ?
The European Court of Justice doesn't hear appeals on extradition. It is a competence reserved solely for Member States.
The European Court of Human Rights (ECtHR) might hear an appeal if a Convention right is engaged (e.g. the right not to be tortured) so it is possible that an appeal is lodged after this case if extradition is granted, but Assange first needs to appeal to the High Court and then the Supreme Court if that happens.
This is because all domestic remediation routes must be exhausted before the ECtHR will hear a case. In any event, the ECtHR cannot directly block an extradition: they can only order the State to pay damages.
The only ultimate court in the UK that can block any extradition is the Supreme Court.
Yes, £500k doesn't get you much here. This is why I champion remote working and possibly relocating to more affordable areas of the United Kingdom, thus spreading the wealth around a bit more.
I earn more than my family or my peers earn, but living in London often feels like my money comes in and goes out again immediately. As a result, I currently live with my family in an extraordinarily nice house that I would never be able to afford myself. I pay them a nominal sum for rent; they refuse to take the market rate even though I am happy to pay it...
I look at the rental cost of a standard 1 bedroom flat in my part of London, and they want £1,200/month just in rent. It would be cheaper to get a mortgage, but I fail the "affordability" tests. Perhaps I am selfish, but I am not so desperate to move out to a relatively inferior property in which I possess no interest (since I will merely be renting) for that sum.
I don't believe I'll ever be able to afford a house, especially as wage growth allegedly stagnates and then seemingly declines past the age of 40. If these are my "peak earning" years, then I'm quite sad because at this rate I'll be trapped at home forever. It would be fine if rents were about the same as a mortgage: one could rent while saving.
At the moment though, renting while saving seems eminently unaffordable.
It didn’t make them unlawful (they were already unlawful), the European Data Protection Board just updated its guidance to make that clear.
Specifically, they clarified that scrolling, etc. or navigating cookie consent walls prior to accessing the site did not constitute valid consent for GDPR purposes.
This is because it wasn’t freely given — to access the site, in most cases you were required to consent to cookies.
The Court of Justice of the European Union also ruled that pre-filled consent checkboxes for cookie banners, etc. were unlawful in October last year.
Yes. For example, HMRC requires that you keep various business records for 6 years (or longer, circumstance-specific) after the end of the company's financial year.
Generally, the rule is "Delete the data unless there's a law that requires you not to" — and the UK's implementation of the GDPR (the Data Protection Act 2018) makes various explicit exemptions for this.
First and only place I've ever participated in profit sharing.