this post was submitted on 08 Nov 2023
571 points (98.6% liked)
Technology
59197 readers
2933 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Wouldn't Netflix's password sharing fall under the same law then?
They use user information like connected wifi and position data to determine if a device is used away from the defined "home".
GDPR doesn’t say you can never use any form of user data. It says a lot about what data is considered personal, what kind of disclosure and consent you need to setup first (mostly terms of service stuff), how you can store that data, how you can use it, and what responsibilities you have to remove or produce a copy of that data on demand. Until you’ve implemented GDPR it can be hard to understand what it is. But it’s not a super bonus +1 magic shield for all information.
No.
Netflix logging your IP is the equivalent of taking a photo of someone in public. Not ideal if you're into privacy, but it's a public place, so it's your problem. YouTube's Adblock detection is equivalent to patting them down to see if they have a weapon and requiring their ID. The software actively looks for changes, using technology that could detect what extensions you have installed, gather data to profile you better for ads, and monitor what you're doing in your browser while the tab is open.
Both are ultimately for the same purpose, to prevent people from avoiding to pay them, but methods matter.
Incorrect. https://gdpr.eu/eu-gdpr-personal-data/ states IP addresses are personal data.
What's the email of the privacy committee again?
Wow, so basically blacklisting email sender's on ip address isn't allowed either? When is an IP address, an individual and when is it just a machine in the cloud?
You can. After all the GDPR does not forbid you to not accept to talk to someone.
I'm not sure that helps much. Blacklisting senders based on their IP is much more commonly (and effectively) done on intermediary servers rather than on the client.
What matters is the association of the IP to a person or account. If you receive spam and block the source IP it's not personal data. If you create an account on a website and they store your IP to it then it is.
Handling IPs for necessary technical service protection can also be acceptable without explicit consent as long as it's limited/temporary (you may be able to handle that without account association in the first place anyway).
GDPR does NOT prohibit storing any information indefinitely if it is required for proper functioning of the service. If the service bans you by IP, they need your IP indefinitely to function properly and GDPR doesn't apply. Just like you can't remove yourself from a creditor black list, and it will have a lot more personal information than just an IP address.