HackerTrans
TopNewTrendsCommentsPastAskShowJobs

privacylawthrow

no profile record

comments

privacylawthrow
·3 jaar geleden·discuss
This is factually incorrect. The "Cookie Directive" wasn't from 2003, it was an amendment to the ePrivacy Directive. The ePrivacy Directive came into effect in 2002, and it was amendend in 2009. That amendment is what people generally call the "Cookie Directive" because it required consent for storage of information on end user devices.

It did not specify cookies, and did not actually specify any technical means. The ePrivacy Directive requires that companies get consent from users before storing information or gaining access to information stored on end user devices. This includes every kind of cookie you can think of, including LocalStorage. There is an exception for cookies necessary for the service requested, which typically includes things like auth cookies or shopping cart cookies, so long as that data is not used for anything else.
privacylawthrow
·3 jaar geleden·discuss
This is not true. The national implementation of the ePrivacy Directive are still law. You are correct that GDPR does not require cookie banners, but the law that does was not replaced by GDPR and remains in effect.
privacylawthrow
·3 jaar geleden·discuss
The FTC has been begging the complain-for-profit sector to give it a formal path to regulate AI. The FTC's only enforcement hook in this area is that it can take action against companies that have unfair or deceptive trade practices. This is how the FTC began regulating privacy and security in the US, and it's been waiting to use it for AI.

It comes as no surprise that this complaint is from Mark Rotenberg, former head of EPIC. He's very well aware of the boundaries of the FTC's power, and this complaint effectively serves as a letter to the FTC from an expert about how the FTC can position itself to begin regulating AI.
privacylawthrow
·4 jaar geleden·discuss
It's very much how most privacy laws work.

According to Revue's platform privacy policy[0], Revue processes subscriber emails as a data processor. Each newsletter publisher owns the email addresses of their respective audiences. Revue would have a legal obligation to make those email addresses available to the newsletter publishers until the shutdown date.

[0]: https://www.getrevue.co/privacy/platform?locale=en
privacylawthrow
·4 jaar geleden·discuss
You asked the wrong lawyers, at least for the US. The FTC's case against Sears in 2009 made it clear that consent to a privacy notice isn't valid if the privacy notice is buried deep in a licensing agreement, even if the notice is correct.
privacylawthrow
·4 jaar geleden·discuss
No. You need consent to store data on an end user's machine, regardless of whether you later track that data or not, unless such storage is strictly necessary for the operation of service explicitly requested by the user.
privacylawthrow
·4 jaar geleden·discuss
You're wrong. The ePrivacy Directive does require that a website get consent before storing information on the end-user's device. Prior to GDPR, the local country implementations of the ePD allowed for implicit consent in some EU countries, and opt-out consent in other EU countries. GDPR redefined what constitutes legitimate consent to process personal data. Consent that was previously valid under the ePD was no longer valid under GDPR, which is why GDPR is about cookies, and every other processing of personal data.
privacylawthrow
·4 jaar geleden·discuss
I'm a privacy lawyer that has worked on cookie consents for a number of commercial websites. Everything you said here is all too true. The real legal answer in a lot of cases is "Do what everyone else is doing. Don't be an outlier. Use industry tools because if there's a problem with an industry tool, they'll go after the tool and not its users."

The comments about cookies not being part of GDPR are grossly wrong. One of the early discussions in the privacy law community was how to handle the collision of the new consent requirements under GDPR with the fact that the ePrivacy Directive requires consent for cookies. Prior to GDPR, a large number of EU jurisdictions allowed for implicit consent through a variety of actions, like scrolling a page, or non-actions, like seeing a banner and not clicking "no". GDPR redefined consent and that's why cookie banners pop up.
privacylawthrow
·5 jaar geleden·discuss
EU governments are exempt from the requirements of GDPR. In some countries police can access large amounts of data without the need for a warrant. For example German police do not need a warrant to get passwords to email account, PIN numbers for mobile phones, mobile usernames, birthdates, telco information, or hospital data.
privacylawthrow
·5 jaar geleden·discuss
6 months is not compliant. Employees have to be made aware of the posting on the same calendar day the job is posted. For jobs that are in constant demand, the company has to either send a daily email or have some kind of banner on its corporate intranet.

There is also no geographic restriction so if a company has any offshore service centers, it would need to post any promotional jobs to its Colorado employees as well.
privacylawthrow
·5 jaar geleden·discuss
The law also requires that Colorado employees be informed of all promotional opportunities. A promotional opportunity is "a vacancy in an existing or new position that could be considered a promotion for one or more employees in terms of compensation, benefits, status, duties, or access to further advancement."

If a company doesn't already have Colorado employees, they may not be interested in having a remote employee in CO that requires special treatment.