Textpattern CMS support forum
You are not logged in. Register | Login | Help
- Topics: Active | Unanswered
#337 2018-05-25 15:36:23
Re: Txp cookies, visitor logging, and GDPR stuff in general
“Facebook has even blocked accounts of users who have not given consent. In the end users only had the choice to delete the account or hit the ‘agree’ button–that’s not a free choice; it more reminds of a North Korean election process,” said Schrems in a statement. “Many users do not know yet that this annoying way of pushing people to consent is actually forbidden under GDPR in most cases.” – Activists Are Already Targeting Google and Facebook Over Europe’s New Data Privacy Law That Went Live Today
I agree with him. GDPR does seem much like a North Korean Election Process.
A number of high-profile US news websites are temporarily unavailable in Europe after new European Union rules on data protection came into effect. The Chicago Tribune and LA Times were among those posting messages saying they were currently unavailable in most European countries. – GDPR: US news sites unavailable to EU users over data protection rules
Going back to our earlier discussion…
I fear that the upcoming EU GDPR privacy regulations will also have serious consequences for the future of post-mass media. – To Facebook — and Its Critics: Please Don’t Screw Up Our Internet
Offline
#338 2018-05-25 15:49:31
Re: Txp cookies, visitor logging, and GDPR stuff in general
Here’s an interesting one.
I took this photo in Venice in 2010. Now. under GDPR, anyone in Europe can demand that Flickr delete it.
Rieck says the new protection of individual privacy means that anyone who appears in a photograph taken in the EU has an absolute right to refuse to be in that photo, especially if those pictures end up on social media. And it’s up to the person taking the picture to figure out whether subjects want to be in the photo or not. – New EU Data Protection Law Could Affect People Who Take Pictures With Their Phones
Fortunately, I took the time to backup all my Flickr photos to Google Photos last year.
Offline
#339 2018-05-25 16:32:58
Re: Txp cookies, visitor logging, and GDPR stuff in general
michaelkpate wrote #312088:
Here’s an interesting one.
I took this photo in Venice in 2010. Now. under GDPR, anyone in Europe can demand that Flickr delete it.
Fortunately, I took the time to backup all my Flickr photos to Google Photos last year.
If anybody does ask for it to be deleted, here is a quick one you can replace it with:)
Yiannis
——————————
NeMe | hblack.art | EMAP | A Sea change | Toolkit of Care
I do my best editing after I click on the submit button.
Offline
#340 2018-05-25 17:18:30
Re: Txp cookies, visitor logging, and GDPR stuff in general
Thanks, Colak. :)
Here is another GDPR Guide – aimed at WordPress users but probably some useful information.
Having said that, due to the dynamic nature of websites, no single platform, plugin or solution can offer 100% GDPR compliance. The GDPR compliance process will vary based on the type of website you have, what data you store, and how you process data on your site. – The Ultimate Guide to WordPress and GDPR Compliance – Everything You Need to Know
Offline
#341 2018-05-25 17:32:34
Re: Txp cookies, visitor logging, and GDPR stuff in general
Facebook and Google hit with $8.8 billion in lawsuits on day one of GDPR
GDPR may not be perfect (any law with merit in this area was going to face challenges), but it’s not a terrible law and reasonably well-written. The shakeup it’s already causing is long past due. It might be annoying to peons like us, but it’s going to hurt the unscrupulous social media and ad-tech industries, and I welcome that wholeheartedly.
Too many tech and media companies today have business models that rely on the abuse of our privacy and security and no law to date has been taking it seriously enough. Those companies want you to blame the GDPR so they can get off the hook and keep screwing you.
I’m glad I live in the EU now, where government does seem to care somewhat for its citizens (compared to US and N.K.). And the fact you see so many emails the last few days of orgs shitting their britches over it… Well, that’s a good sign if you ask me.
Offline
#342 2018-05-25 18:15:17
Re: Txp cookies, visitor logging, and GDPR stuff in general
US news companies going dark like crows in the night. Lol!
Oh, but wait… There is one phoenix burning bright in the night sky. USA Today used the 2 years wisely and made the ethical play. No ads, no cookies, no tracking, no third-party JS. Only minimal first-party JS that doesn’t seem needed (works fine with JS off, as far as I notice). And look at how fast compared to other media shite.
Apparently they’re still giving Americans the broom handle. That’s one good use of IPs. Yep, glad to be living in the EU right now.
That’s how you do it, media companies. Now USA Today will enjoy EU eyeballs on both sides of the Atlantic while others will watch their stats drop like rocks in the ocean. But who’s tracking. ;)
I suspect we’ll see many jumping on this train quick.
Offline
#343 2018-05-25 20:29:56
Re: Txp cookies, visitor logging, and GDPR stuff in general
Destry wrote #312093:
Oh, but wait… There is one phoenix burning bright in the night sky.
I hate to constantly be taking the contrarian view but here I go again.
You do know that meeting the technical requirements of GDPR is the easy part? That is just writing some code. The hard part is actually staying in business.
Constant layoffs and consolidations. Too many mid-level managers with little direction. The company’s priorities and “initiatives” change on a whim. -No long-term vision, constant layoffs
I left Gannett because I wanted to be part of a company where the environment isn’t heavily laced with fear of losing your job. With all the downsizing it was difficult to focus on tasks at hand especially when sales and marketing became the overall obsession instead of news and content. It became difficult to feel valued as an employee when senior teams were concerned with their own self preservation and were willing to throw you under the bus just to keep their positions. So many unending restructurings made the environment toxic and killed the morale of every employee. Instead of waiting to be RIFed I decided to be safe rather than sorry – I found a better position elsewhere. – Fear is the driving force
Gannett is the parent company of USA Today as well as a number of other local newspapers through the US. The transition from print to digital has been difficult, to put it midly.
“We know that news is in demand more than ever and journalism is more important than ever, so the fact that we’ve got a somewhat dysfunctional business model around how we get it to people, that’s our problem to solve.” – Can newspapers make real changes under the constant threat of layoffs?
And what GDPR does, no doubt with the best of intentions, is make newspapers less valuable to advertisers. Even though they were pretty bad at it, news companies could at least give the people who pay them money some sort of metrics. And now that will be much more difficult.
Still, consider the benefits for advertisers. Once upon a time, advertising was like carpet bombing. You paid a lot of money to put ads in newspapers and magazines or on television and billboards, but it was all hit and miss: you could never be sure what worked. As a US department store magnate, John Wanamaker, once said: “Half the money I spend on advertising is wasted; the trouble is, I don’t know which half.” But when Google and then Facebook arrived, all this apparently changed. The technology deployed by these outfits could ensure that only people likely to be receptive to particular messages would be shown those messages. Wanamaker’s heirs could be sure that their advertising dollars were hitting the spot. And on this foundation, Google and Facebook (and, for a while, Yahoo) made money like it was going out of fashion. It was, as the cliche puts it, a win‑win situation. – Bad news for online advertisers – you’ve been ’ad
I know the prevailing opinion around here is that Google and Facebook are about to see a reckoning. But they are also big companies with lots of lobbyists and lawyers who have spent a long time thinking about these things and building up relationships with their users/products. Newspapers haven’t.
—-
Quick Addition:
The law had been seen as focusing on Silicon Valley tech giants like Facebook and Google, but publishers and advertising companies have warned that it will harm their businesses in particular because it restricts how information is packaged and shared to sell advertising. It is common for websites to use tracking software to gather information about visitors in order to better target ads. – U.S. News Outlets Block European Readers Over New Privacy Rules
Also from the article: “Andrea Jelinek, chairwoman of the new European Data Protection Board, which will coordinate enforcement of the new law, criticized the blackout and said that companies had been given a long time to prepare.” I guess all those predictions about a soft launch were wrong and the Regulators are going to be out in force.
Last edited by michaelkpate (2018-05-25 20:39:08)
Offline
#344 2018-05-26 02:50:01
Re: Txp cookies, visitor logging, and GDPR stuff in general
Dreamhost has finally updated their Privacy Policy to be GDPR compliant. Just in time, I think they posted it May 25, 23:59 GMT…
- Privacy Policy
- Announcement (skip the usual incontinent babble and cheesy jokes at the beginning – second half is more to the point)
From a quick reading, their Privacy Policy appears mostly inline with the GDPR. They do not appear to make an explicit DPA available at first sight. Perhaps signing up for an account with them is an implicit DPA? They seem to promise additional tools to control the collected data (the blog post mentions their server log retention is 72hours).
Where is that emoji for a solar powered submarine when you need it ?
Sand space – admin theme for Textpattern
Offline
#345 2018-05-26 09:24:41
Re: Txp cookies, visitor logging, and GDPR stuff in general
phiw13 wrote #312097:
The blog post mentions their server log retention is 72hours.
Presumably that’s access logs only (error logs don’t have IP data, right?). But what is a suitable retention period? I’ve not been able to find any reliable values…
I’ve seen some reports of 90 or 180 days, some of 7 days (like CCTV), I think the varonis site Pete mentioned early on this thread suggested 30 days.
And does the retention period depend on whether or not the access logs are anonymised? When anonymised, they’re of little use for banning IPs or for law enforcement, hence retaining them is less contentious.
TXP Builders – finely-crafted code, design and txp
Offline
#346 2018-05-26 11:47:04
Re: Txp cookies, visitor logging, and GDPR stuff in general
michaelkpate wrote #312094:
I know the prevailing opinion around here is that Google and Facebook are about to see a reckoning. But they are also big companies with lots of lobbyists and lawyers who have spent a long time thinking about these things and building up relationships with their users/products. Newspapers haven’t.
I’m well aware of the hardships media companies have been struggling with. It’s why many print newspapers and magazines have been dropped in favor of websites only. And then that went through many business model experiments (paywalls, memberships, donations…), and so on and continuing.
But unregulated companies like FB and their ‘artificial stupidity’ algos, indirectly — then directly — forced media companies into partnerships that have continuously benefitted the socmed platforms more than the media companies. (The stupidity algos tend to make journos — and fake news purveyors — write dumb things for weak minds.)1 Media companies would probably be doing fine if FB didn’t exist.
Frankly, media companies deserve what’s happening to them. They made the bad decision to get in bed with FB, and most produce sensationalist garbage that’s not fit to read anyway. (There are exceptions, or exceptional pieces.) Media companies are shooting themselves, and good riddance.
Will they all die? No. Regardless of what happens, news will not go away. It’s impossible. There will always be rebel journalism and alliances getting the dirty word out. It’s the current system that’s crooked and needs abandoned. GDPR may not be the solution, but it’s certainly the first step. I don’t know how it will turn out, but unless our biosphere collapses soon — and it might ;) — news-making will go on and be better for it. We’re just in the culling period right now.
I wouldn’t be surprised to see more billionaires do what Bezos did, buy a media company and inject it full of money. Bezos has so much money he can’t even spend it. Something he admitted, and why he invests so heavily in space. His last frontier.
1 I’m often accused of ableist comments. I can’t figure out why.
Offline
#347 2018-05-26 12:16:27
Re: Txp cookies, visitor logging, and GDPR stuff in general
phiw13 wrote #312097:
Perhaps signing up for an account with them is an implicit DPA?
I don’t think so. My understanding is you have to have a DPA on file to show a data authority agent if ever asked to see it.
I’d send a support ticket and ask what they’re doing about that. They may not be interpreting the Reg properly. Or they may have one and failed to make it clear.
I doubt every company that says they’re GDPR compliant is, whether or not they realize it.
Offline
#348 2018-05-26 12:49:11
Re: Txp cookies, visitor logging, and GDPR stuff in general
jakob wrote #312100:
But what is a suitable retention period?
There’s no suggested limit. It’s for as long as it’s needed to do the necessary processing, and no longer. For most situations, this will be very short. I can’t even think of a situation where IPs need to be saved beyond whatever immediate use is necessary, but that’s not my area.
I’ve seen some reports of 90 or 180 days, some of 7 days (like CCTV), I think the varonis site Pete mentioned early on this thread suggested 30 days.
WebFaction is 7 days. I think that’s perfectly legit, even if the data is not anonymized. It’s hard for anyone to say they want their data yanked if it’s being flushed so soon anyway.
And does the retention period depend on whether or not the access logs are anonymised? When anonymised, they’re of little use for banning IPs or for law enforcement, hence retaining them is less contentious.
When anonymized, it’s no longer GDPR concern, I’m pretty sure, so retention makes no difference in that case. But then, why even collect IPs at all?
One of the main underlying principles falling out of the GDPR, as I see it, is ‘simply don’t collect any data you absolutely don’t need, and configure your technology for that end’.
Offline