Beep boop - this is a robot. A new show has been posted to TWiT…
What are your thoughts about today’s show? We’d love to hear from you!
With regard to GDPR and keeping Google analytics data on a proxy in the EU:
The benefit and difference here is that the data is held legally, but, additionally, the data has to be deleted once it is no longer relevant, as it is only used to pass the data in to Google in anonymised form, the data should be deleted within a couple of hours at the most, if it is ever stored at all.
Additionally, the proxy can’t sell the information to third parties without the explicit written permission of the identifiable persons.
Those rules apply to companies in America processing EU PII as well, including not handing it over to the US government without a valid EU warrant- which is why US companies have such a problem, they cannot hand over the information without the EU warrant being served, but they are also beholden to the CLOUD Act, Patriot Act etc. where they have to hand over the data regardless. That means fines and prison for executives in the EU if they have over the data and fines and prison in the US if they don’t hand over the data. That is what Privacy Shield was supposed to guarantee, but the Uh S never took it seriously, which is why we have the mess we do now.
Also, there is an implicit contact with the first party, E.g. TWiT and the user, first party cookies and tracking is allowed, without the cookie banner, if it is necessary for the functionality of the site (navigation, for example). Additional information for identifying the user and giving/ selling that information to third parties is illegal without getting written permission.
So the main TWiT site and the discussion forms, for example would be fine, as long as they don’t use Google analytics or other third party data grabbing information slurpers or you get the user to agree to each individually - with the option to opt in (very important, it is illegal to default to opt in, the default must always be opted out, with the option to opt in, or you can have a one button allow all, as long as you also have a one button reject all; it cannot be more difficult to reject than to accept all.
Google and tech companies will probably find a way to circumvent it, they are notorious in avoiding effective regulation. I find the internet/tech companies to be very creepy and invasive as well as annoying these days. If you install adguard or a firewall on your phone(connects through vpn) you will see google constantly sends data to its servers including when you make a phone call or text message.
Tech companies decided to make a business model by spying on people or “harvesting data” although you could say the trade off is you get “free” products but overall it makes technology and internet less interesting to me. I don’t mind advertisements but the excessive tracking is unsettling.