I’m not the biggest fan of Ben Evans, but he’s right on “privacy fanatism”:<p><i>> At a certain point EU privacy regulators will realise:
When an EU citizen requests a US internet resource, they provide a US server with their IP address;
An IP address is PII;
The CIA could record that;
Therefore it is illegal to provide any internet resource to anyone in the EU</i><p>Source: <a href="https://twitter.com/benedictevans/status/1492102034409066504" rel="nofollow">https://twitter.com/benedictevans/status/1492102034409066504</a><p>PS: saying this a German citizen…
What a tangled web of legal niceties and hypothetical interpretations
we've woven here. But the moral arithmetic, toward which European
thought is tending, is more brutal and something to which American
corporations had better pay serious attention to if they want to keep
playing this game.<p>In general; we hold that "ignorance of law is no excuse", yet in
contract law _capacity_ is a key construct, and ignorance very much
_does_ play a part. It's not just minors, the mentally-ill, or those
incapacitated by drugs or alcohol, discombobulated or bamboozled by
other means, who cannot give consent in a contractual relation. In an
age where most lawyers and judges, like everyone, mindlessly
click-through "agreements" and shrink-wrap EULAs, there's a strong and
growing argument to be made that non-expert adults lack genuine
capacity to understand technologically mediated relations.<p>In other words, it's the contract law that underlies this stuff that's
coming up for revision, not the surface interpretations. The important
matter now is not deliberating whether the letter of the law creates
"consent" on this or that occasion, but whether the spirit of the law
allows for consent even in principle, given societal standards of
digital literacy and the complexity of modern digital interactions.
This is going to be a hot topic in Germany once the German courts rule it out. Should it say it's illegal to load, we have got loads of work in front of us. One simpler solution that I have seen Zaraz by Cloudflare, which seems to solve this issue. Has anyone had experiences with this?<p><a href="https://blog.cloudflare.com/keep-analytics-tracking-data-in-the-eu-cloudflare-zaraz/" rel="nofollow">https://blog.cloudflare.com/keep-analytics-tracking-data-in-...</a>
Good article. We need more of these. GDPR and integrating with 3rd party services can be quite a legal minefield.<p>I would like to see an article regarding Google Recaptcha. I am currently considering Recaptcha during a login process as a means of protecting against credential stuffing and password brute forcing. But I do not know if this counts as "legitimate interest" as defined by GDPR. And if it doesn't, there really isn't any way to ask for consent in this case, because "denying" consent sidesteps the entire security measure...