The Reuter’s article [0] this points to gives more info. Basically the judge felt the plaintiff was unrepresentative of the claimed class and any benefit would accrue to plaintiff and their lawyers while also finding Google’s action wrongful.
Mildly OT, as you’re a blind tennis fan, have you ever tried the adapted version of the sport for blind and partially sighted participants? If not, and you’re interested, I might be able to point you in the right direction depending on where you’re based.
Sure, I played for a short while in Leeds. Good exercise but not enough opportunities to practice, leading to nobody really developing their skill unless they had the time and money to travel around the country to different clubs. Realistically there's not a lot to be done about that but I found it frustrating. Happy to hear if anything has changed since.
No. This is a fundamental misunderstanding of the law. IP addresses are considered PII if and only if they can actually be legally used to identify an individual. And even where they can be, what on earth are you doing with them that you imagine is non compliance?
GDPR is for the most part making explicit things were implicit in the pre existing EU legislation, many of which have been subject to EU court rulings. There is a ton of precedent.
IP addresses are only PII if you are able to actually use them identify an individual.
> The CJEU decided that a dynamic IP address will be personal data in the hands of a website operator if:
there is another party (such as an ISP) that can link the dynamic IP address to the identity of an individual; and
the website operator has a "legal means" of obtaining access to the information held by the ISP in order to identify the individual. [1]
So once the account info is deleted, that link is broken. This another piece of DP legislation that has been subject to a great deal of FUD since most of the headlines just went with ‘court confirms IP address are PII’ and omitted ‘in some cases’. TBH, this was already pretty explicitly obvious from the legislation defining Personally Identifiable Information (hint: clue’s in the name).
> So once the account info is deleted, that link is broken. This another piece of DP legislation that has been subject to a great deal of FUD since most of the headlines just went with ‘court confirms IP address are PII’ and omitted ‘in some cases’. TBH, this was already pretty explicitly obvious from the legislation defining Personally Identifiable Information (hint: clue’s in the name).
Makes sense.
Given the above still seems like a potential issue to not delete the ip logs.
1) Bob signs up for a service and is logged
2) Bob than asks for his account to be deleted. Account details are deleted, but the ip logs are retained.
3) Bob signs back up for a new account allowing the data processor to make the link from his new account to his ip old logs with the first account.
Weather the data processor can relink the two records with reasonable probability in step 3 depends on the particulars of the circumstance.
I assume cases like the above will be judged, at least in part, based on the data processor following best practices, and operating in good faith(not actively trying to unmask individuals and actively try to prevent unmasking).
Currently I would not let the GDPR stop me from going forward with any web services plans, however my casual reading of GDPR articles on HN and beyond have not made it obvious how cases like the above will be handled.
You make this assertion elsewhere in the thread. It is incorrect. The entirety of the legislation is 88 pages long and it is really quite straightforward (full link preserved) [1].
Here is a set of (easily available) interactive tools, explainers and guidelines from ICO in the UK which explicitly outline what compliance looks like and what steps you can take to achieve and demonstrate it [2]. It’s available as a 162 page PDF, if you insist on counting pages, but much of it relates to the processing of sensitive data or data relating to children which the majority or orgs can skip.
Maybe. But where was he, and where were the rest of his party when this abomination was being shoved through parliament? Abstaining in the commons and cheerleading it in the lords. So pardon me if I don't buy him being a decent chap having any bearing whatsoever on this issue.
He is clearly not in control of his MPs in the commons, and even less so in the Lords (which are now stacked with Blair cronies). He has to pick his battles very carefully.
Mandatory reselection after boundary changes should see to that.
I think everyone can understand why it's been done. Because parliamentarians have looked at the legislation and come to the conclusion that it would infringe on what they believe to be their legitimate privileges.
It's just that they don't believe those same privileges should extend to everyone else.
Note the use of the word 'privileges' rather than rights, because once parliament starts making that distinction between groups that have them and groups that don't that's exactly what they become.
