How The GDPR Nearly Ruined Christmas
from the this-is-getting-silly dept
While the thinking behind the GDPR may seem sensible, time and time again we hear stories about how, in practice, it’s a complete disaster. Some of that may be because of people misinterpreting the law. Some of it may be because the law is being abused. And some of it may be because the law is too vague. But some of it is just because the law tries to do way too much. So, today, we have a little story of how the GDPR nearly ruined Christmas for a small town in Germany.
The town of Roth has a long-standing tradition where children would write down their Christmas wishes, which would then be placed on a tree in the market. The city council would read the wishes and try to get the children what they wanted. Nice, wholesome, holiday good deeds and all. But… it became tricky under various privacy regulations, starting with Germany’s own data privacy law and, later, the GDPR, because in order to get your wishes fulfilled, children had to provide their names and identifying information… and that’s a big no-no under the law:
That legislation states that parents of minors have to provide consent to the use of their kids’ data. Organizations that fail to comply face big financial penalties.
Providing proof of this was deemed too onerous by the council and the city decided against festive wish lists for 2018.
“The yearly trips to the fire brigade unit and the mayor were especially popular with children” Melanie Hanker, who works on events and public relations in the town’s administration, told Die Welt last week. “Without the wishing lists, both these events will not take place this year,” she added. Hanker refused CNN’s request for an interview.
After initially cancelling this traditional wish-making and wish-granting, thankfully, a local radio station worked out a solution:
It created a wish list, which included a parental consent disclaimer, which can be printed from their website and put in the wishing box at the Christmas market, which opens on Thursday.
“This way, the wishes can be submitted and collected from Father Christmas also this year,” the city said in a statement on Tuesday.
So… at least Christmas wasn’t totally ruined, but now the simple process of making a wish involves a silly unnecessary extra tradition: having parents sign legal consent disclaimers to allow their children to make wishes that they hope the city council will fulfill. It’s a Christmas miracle bureaucracy!
Filed Under: bureaucracy, christmas, data protection, eu, gdpr, germany, parental consent, privacy, regulations, roth, wishes
Comments on “How The GDPR Nearly Ruined Christmas”
‘It’s a Christmas miracle bureaucracy!’
more like a bureaucracy fuck up! typical of the EU, especially the EU Commission, trying to do whatever possible to protect the rich, the famous and the powerful (starting with the ‘Right to be Forgotten disaster!) instigated by an ‘encouraged’ ordinary person but had to include, when needed, every other ‘ordinary person’!!
Re: Re:
At least the EU occasionally tries to protect the plebes along with the rich and powerful, unlike some other countries I could name 🙂
"time and time again we hear stories" -- ANECDOTAL AND ANAMOLY.
A classic Techdirt two-fer.
Sheesh. Just because ONE city has not been protecting children, you condemn the very idea of privacy for the whole EU!
Masnick: try to read your text way like someone even a tiny bit critical will. Actually, you require suspension of disbelief here. You start off with silly "seasonal" allusion, meander through pejoratives of where want to end up, and make entirely no sense overall.
Re:
At what point do stories such as these stop representing “anomalies” and start representing patterns?
Re: Re: Re:
When said story/ies support whatever position they are holding, and not one second before, with everything else dismissed out of hand and not counting.
Dear Mike,
keep doing this and you’ll end up like YouTube’s Thunderfoot who used to have a point, but is apparently just going for a good rant on one of his pet peeves instead of bothering with actually making sense more often than not these days. Also, there’s that crying wolf too many times without the world actually ending thing.
In some sort of idyllic Whoville there would be no need for GDPR – but this is the real world 2018 edition, and what that city was doing was (and still is) a privacy disaster waiting to happen. The very least those willingly sticking their necks through the noose can do is acknowledge doing it on their own accord.
Also: Merry Christmas…!
Re: Dear Mike,
In some sort of idyllic Whoville there would be no need for GDPR – but this is the real world 2018 edition, and what that city was doing was (and still is) a privacy disaster waiting to happen.
What…?
Re: Re: Dear Mike,
Eh… depends on who gets to see the identifying information. If the answer is, “The general public,” I can see where Max is coming from.
Re: Dear Mike,
Yep, covering the many failures and unintended consequences of a massive regulatory scheme that legally binds the entire European Union is exactly the same as Thunderfoot’s creepy hate-boner for a single media critic. Mmm-hmm.
Re: Dear Mike,
You’re suggesting that the city doesn’t already have records of all the children within their confines? Birth records, school records, names, addresses, ages, parents names, etc.? Or are you suggesting that the wishing notes would become public further than needed to fulfill the wishes?
If you think there is a problem, then state the problem, rather than just casting aspersions without any kind of evidence.
Re: Dear Mike,
You’re suggesting that the city doesn’t already have records of all the children within their confines? Birth records, school records, names, addresses, ages, parents names, etc.? Or are you suggesting that the wishing notes would become public further than needed to fulfill the wishes?
If you think there is a problem, then state the problem, rather than just casting aspersions without any kind of evidence.
Re: Dear Mike,
there’s that crying wolf too many times without the world actually ending thing
Hmm…. how did that story go again? Lemme try to remember.
The Boy Who Cried Wolf
By "Max"
Re: Re: Dear Mike,
Y’know, that’s one well-fed troll there.
I keep tellin’ folks, never feed them after midnight, but do they listen? Nooooo…..
What, you mean mogwai are the same way?
So what you’re saying is that we must allow your corporate sponsors to continue exploiting children in order to… protect the children from not getting the toy they wanted for christmas?
Re:
otherwording (or in-other-wordsing) — noun — The practice of summarizing an argument in a way that intentionally distorts it into saying something it does not and slanders the person who made it; this is often done to make winning an argument easier.
Example: You can typically find the phrases “in other words” or “so you’re saying” at the beginning of an instance of otherwording.
See also: strawman; your post
Re: Re: Re:
This is a good/fun definition, other than the misuse of “slanders” in it… 🙂
But, yeah, the above “so what you’re saying” comment is so beyond misleading that it does not deserve an actual response. But the person who posted it knows that and doesn’t care. He spends a lot of time around here arguing against the strawman mike in his head — and whenever we point out that the real me is different, he takes it as proof that I’m lying, because the strawman mike could never be wrong. It’s delusional.
Re: Re: Re: Re:
So what you’re saying is…
The GDPR...
‘Protecting’ your privacy… whether you want it to or not.
Re: The GDPR...
In the spirit of the GDR (look it up in Wikipedia), which built a wall to protect its people from CIA assassins and other fascists, whether the people wanted such zealous protection or not.
Santa and the Elves...
In related news, Santa has had to close shop after it was disclosed he complied his naughty & nice lists without parental consent.
Festivus for the rest of us
Warning:
Reading this comment inside any country or region governed by the GDPR will be punished by a fine of $250,000.00 USD and ten years confinement in a sewage processing facility.
If you are planning a tripe to any EU country, just set your own VPN on your home computer before you go. That way, if you find your favourite US newspaper blocked, due to GPDR, you can simply log in to your home network, and then access the site.
This does not break the CFAA in any way, because it is not a CFAA violation to log in own home computer network. You will appear to be coming from home computer, and nobody will ever be the wiser.
Using your home network has one advantage over using a commercial VPN provider. Websites can use a service like BlockScript to detect access from known commercial VPN sites. Your home computer’s VPN will not be in any of these lists, so websites will never know what happened.
This is how, when I travel to Mexico or Canada, I can bypass geoblocking to get Netflix, iHeart, or any US only website. Using the VPN on my home computer makes my use of a VPN to bypass geoblocking undetectable to these sites, so it appears I am on my home computer, and they will never the wiser.
To do this, while you are away, Comcast Business is the best for this. For $100 a month, you can get service, with static IP, with enough outbound bandwidth that will let you watch Netlix or YouTube through your home connection.
And this is also where you can avoid problems with the CFAA and DMCA. To log on to your OWN network does NOT violate the CFAA, even if it is for bypassing geoblocking. For it to be unauthroized access, you have to be using an illegally obtained passed, and the password on your home network cannnot be considered illegally obtained.
And it is not violating the DMCA to bypass geoblocking to access something you are already paying for, so it cannot be considered any kind of financial gain, since you are already paying for the service. Since I am alerady paying for Netflix and SiriusXM, it is not any kind of service theft.
Re: Re:
Also, for it to be a CFAA violation, it has to to be done with the intend to defraud someone, or to damage a network. And bypassing geoblocking using a VPN or proxy is not fraud and is not any attempt to damage their network, so CFAA does not apply.
Someone keeps getting it wrong
Hi there,
so some guy from a radio station does the job (in 5 minutes probably) of a bunch of incompetent administrators, but we blame GDPR just because?
Re: Someone keeps getting it wrong
Sure, but the media conglomerate that owns the radio station is drafting it’s legal challenge right now.
You see, the radio host was working when he created the form. That makes it a “work for hire” that the media conglomerate owns the copyright to. Then, an entire town or pirates went out and copied the work and used it without purchasing a proper license. If the town does not crack down on this clear infringement and start forcing it’s citizens to pay the licensing fees that were “stolen”, we will be seeing a lawsuit very soon.
“Some people pointed out that this seemed like a bad outcome, and hardly the intent of the law.”
“Intent” of the law. If people can’t clearly determine the purpose of the law as to form an intent, the law should be revised so its purpose is clear.
It’s true most of us would think the town took it too far, but you can bet there was an overzealous “prosecutor” or lawyer (not sure how German law enforcement works) would jump at the chance to sue.
Oh, wait. Do Germans sue foolishly like American idiots?