Critters website unsubscribes EU Members

[awesomesauce]

Randall, I suspect most people agree with the sentiment, the problem is the cackhanded and seemingly confusing/overbearing execution of it. When the EU decided to try and get more tax from Amazon etc, they rejigged VAT in such a stupid way it cracked down on microbusinesses who, fearing fines/prosecution for not complying and unable/unwilling to deal with the red tape, either closed or shifted their business from their own sites to market websites. Like Amazon.

As I recall, the VAT revamp was to close loopholes Amazon was using to dodge taxes in the first place.

It's interesting how people seem to have such a problem with the laws, and are happy to criticize the EU, but no criticism for the companies whose behaviour prompted the need for these laws in the first place. If these companies, Amazon, Facebook, Google, et al. weren't doing the things they do in the first place, there wouldn't be any need to make complicated laws about it.

 

[Danny McG]

Terrorist McMurderscum

I'm fairly sure he was two years above me at school, proper lunchtime bully he was

 

[Onyx]

I guess this is going to sound harsh but...

1. I see no indication that the EU has any intention of persecuting American small business owners, or any small business owners. The GDPR is, if anything, a legislative response to the data harvesting practices and use by mostly huge foreign companies of our citizens.

2. Personal data is a commodity. As an EU citizen, my opinion is if you want to extract that data from EU citizens, then you comply with our rules for handling it. Just like if you wanted to mine minerals, you'd have to compIy with local laws governing the extraction and handling of the resource. If you don't want to do that, then don't harvest data from EU citizens. I have no issues with sites region blocking us; they've had two years to get compliant. If they chose not to, it's hardly the EU's fault. (So sorry your targeted ad program for offering sub-prime loans at extortionate rates to low-income demographics is going to suffer. What a shame. )

I don't think that's harsh. Is this harsh?

If an EU citizen wants to cross an ocean on a fiberoptic cable to use a web business in another country, maybe that EU citizen should expect to operate under the laws of the place the website they want to use is in?

I realize exactly why the EU did this, and I agree with the sentiment. But the Critters problem is unlikely to be isolated, and there are going to be the occasional overreachs of this law, regardless of the intent. If they wanted to draw a line between big businesses and small, they could have done that in a number of ways.

 

[Onyx]

It's interesting how people seem to have such a problem with the laws, and are happy to criticize the EU, but no criticism for the companies whose behaviour prompted the need for these laws in the first place. If these companies, Amazon, Facebook, Google, et al. weren't doing the things they do in the first place, there wouldn't be any need to make complicated laws about it.

Why say something like this? How are you aware of what anyone feels about Facebook and Google?

 

[Brian G Turner]

How are you aware of what anyone feels about Facebook and Google?

It's ironic, actually - most people don't seem to care that Google makes every effort to collect, store, and process their personal information. Yet if a government did the same thing, there would be outrage I tell you.

 

[Jo Zebedee]

Why say something like this? How are you aware of what anyone feels about Facebook and Google?

Well, Zuckerman appearing before several panels in several countries regarding incorrect use of data is something of a hint....
I’m in agreement that Critters are in no danger whatsoever from this legislation. They are not the target of it and, unless they’re passing on the contact info in a non prescribed manner, should not be in breach of it anyway. It appears an overreaction to a problem that would take a small time to remedy - by updating a privacy statement and, if they haven’t had an opt in for emails before, sending out a single email for re-opt in. That’s it.

 

[Stephen Palmer]

It's ironic, actually - most people don't seem to care that Google makes every effort to collect, store, and process their data. Yet if a government did the same thing, there would be outrage I tell you.

We still live in times where the true power of corporations - fictions, basically, invented by people - is ignored, concealed or not realised. Governments are the public face of power, but for how much longer? William Gibson saw all this 30+ years ago.

"[Corporations] have too much power and are a threat to our democracy and freedom. They control governments, they control the media, they control research." - Vandana Shiva, a speaker on the threat of corporations, especially on the damage they inflict upon the planet.

 

[Onyx]

Well, Zuckerman appearing before several panels in several countries regarding incorrect use of data is something of a hint....
I’m in agreement that Critters are in no danger whatsoever from this legislation. They are not the target of it and, unless they’re passing on the contact info in a non prescribed manner, should not be in breach of it anyway. It appears an overreaction to a problem that would take a small time to remedy - by updating a privacy statement and, if they haven’t had an opt in for emails before, sending out a single email for re-opt in. That’s it.

Awesomesauce implied that the people that are outraged by the EU are not similarly outraged by Google and Facebook. I don't see that as true.

I work for a small ecommerce company. We sell a small amount to people in EU countries. Until today, I had never heard of this law which probably affects us because people create profiles to log in and purchase, and we sometimes send marketing emails to people with profiles. So it is a little shocking to me that my business could run afoul of laws in another continent because people sought us out to buy something and the only reason I now know about it is because of a weird tangent on a SF writing forum.

Critters probably shouldn't be worried. Unless someone involved in Critters comes to the attention of EU law enforcement for something else, and that organization decides to burn everything they possibly can by applying unrelated internet laws.

So while I appreciate what the law is for and who it rightfully targets, you all will have to forgive me finding the lack of real boundaries and broad reach worrisome. I live in a country where someone can be charged with drug possession and a related weapon offense based on the drug possession, be found not guilty of the drug charge but go to jail on the drug weapon charge. That sort of thing concerns me.

 

[Jo Zebedee]

Awesomesauce implied that the people that are outraged by the EU are not similarly outraged by Google and Facebook. I don't see that as true.

I work for a small ecommerce company. We sell a small amount to people in EU countries. Until today, I had never heard of this law which probably affects us because people create profiles to log in and purchase, and we sometimes send marketing emails to people with profiles. So it is a little shocking to me that my business could run afoul of laws in another continent because people sought us out to buy something and the only reason I now know about it is because of a weird tangent on a SF writing forum.

Critters probably shouldn't be worried. Unless someone involved in Critters comes to the attention of EU law enforcement for something else, and that organization decides to burn everything they possibly can by applying unrelated internet laws.

So while I appreciate what the law is for and who it rightfully targets, you all will have to forgive me finding the lack of real boundaries and broad reach worrisome. I live in a country where someone can be charged with drug possession and a related weapon offense based on the drug possession, be found not guilty of the drug charge but go to jail on the drug weapon charge. That sort of thing concerns me.

Your company is almost certainly not at risk - people seek you out and presumably agree to receive mails. Provided that is clear - and there is an unsubscribe option - that’s compliant. GDPR is mostly tightening what is already in place - very few are having to do a lot in addition - if anything - to meet it. But there is a lot of crap going around about it - one author’s website I viewed this week had links to all 3rd party policies etc. That’s not needed and it must have taken hours

In my understanding (based on an online conversation this week) large organisations will fall under this internationally. But US individuals are not able to be prosecuted under it (it all made my head hurt but it mostly boiled down to the EU did not have the jurisdiction to prosecute individuals in non-EU countries).

But, again, - critters are making a mountain out of ... nothing, frankly. Get an opt in sign in, make it clear what they use addresses for, and keep them secure (and if they’re not using password protected accounts already I’d be stunned) and that’s it.

There are 2 different arguments here: whether it’s right that an internation sanction can be applied (which i suspect strays into areas we’re not allowed to discuss on the Chrons) and whether Critters have taken a blanket approach that is heavy handed against easily applied standards that they are either already applying, or lax about personal data, in which case I’m happy to be off the database

 

[RJM Corbet]

It's ironic, actually - most people don't seem to care that Google makes every effort to collect, store, and process their personal information. Yet if a government did the same thing, there would be outrage I tell you.

Well I have just received a Gmail notification informing me they have kindly decided to make controls available to me about how I want my data to be shared. If possible I am going to opt out of all data sharing. I'm going to make a mission of doing so, though it may take a day, lol

Problem is if everyone opts out, perhaps google will go bankrupt and the planet earth will revert back to the stone-age ...

 

[awesomesauce]

There are 2 different arguments here: whether it’s right that an internation sanction can be applied (which i suspect strays into areas we’re not allowed to discuss on the Chrons) and whether Critters have taken a blanket approach that is heavy handed against easily applied standards that they are either already applying, or lax about personal data, in which case I’m happy to be off the database

As to the first, that's something that will have to be sorted out between politicians and court cases. Like much of the GDPR. I do think there's a misunderstanding: the EU understands this is not comprehensive legislation. My impression is everyone is operating with the idea that it's a work in progress and we can expect revision and clarifications. I think making a good faith effort to be compliant is going to go a long way, should there ever be a complaint, and I would be very surprised if there wasn't more clarity for small business and non-commercial organizations down the line. (Much like the panic over the VAT changes, but now we have the VAT MOSS system which makes it pretty easy for small businesses selling digital products.)

With regard to Critters, I doubt they're careless with people's information. I haven't used it in a while, but I had the impression they took being responsible with people's data and privacy as a serious obligation. I think probably they just got caught up in the scaremongering. The internet loves a good panic.

 

[mosaix]

I don't think that's harsh. Is this harsh?

If an EU citizen wants to cross an ocean on a fiberoptic cable to use a web business in another country, maybe that EU citizen should expect to operate under the laws of the place the website they want to use is in?

I realize exactly why the EU did this, and I agree with the sentiment. But the Critters problem is unlikely to be isolated, and there are going to be the occasional overreachs of this law, regardless of the intent. If they wanted to draw a line between big businesses and small, they could have done that in a number of ways.

Conversely, Onyx, if a foreign company wants to cross an ocean on a fibre optic cable to trade in another country maybe that foreign company should expect to operate under the laws of the country they want to trade in.

 

[Brian G Turner]

Well, ultimately websites will make decisions according to what they see as their own interests. In this case, Critters has made a decision that - while some might not agree with, the owners are entitled to make.

In the meantime, although I have the opportunity to email all members to ask them to modify their privacy settings accordingly, it's not something I'm going to do - I've already had a flood of unwanted GDPR emails this week, and I'm not going to inflict that here.

 

[mosaix]

I fear that a thread that I started is now veering towards ‘World Affairs’.

Sorry about that. I should have realised what would happen.

 

[mosaix]

Problem is if everyone opts out, perhaps google will go bankrupt and the planet earth will revert back to the stone-age ...

Or maybe the information-age rather than the advertising-age?

 

[Brian G Turner]

I fear that a thread that I started is now veering towards ‘World Affairs’.

Indeed, I'd much prefer to present a potentially useful place for Critters members, than veer into a general discussion of the politics of the internet.

 

[Ursa major]

SFF author Charles Stross runs a blog, and, helpfully, posted his GDPR compliance notice in a blogpost.

 

[zmunkz]

Author media broke down the situation fairly well:
Why American Authors Don't Need to Worry About GDPR - Author Media

Basically, an EU law does not have enforcement in other countries at all. If they wanted to target a US company (not counting the big guys for whom the law was written, such as Google, since they have physical presences in the EU), they would have to ask the US, and the US would have to decide to comply. Which seems unlikely. They also point out how many non EU-business may already be in violation of various EU laws, and it has never really mattered before.

As to the technical side of it, speaking as a software engineer, the two parts that are potentially difficult are securing the data, and allowing users to opt out. An unencrypted database, in any other context, is not considered secure. I don’t know what this law sets as the basis for evaluation, but a small company could reasonably wonder if their Wordpress-default installation is “secure.” I would not consider it so. Then, allowing users to opt out may mean building custom tools to delete data, which was otherwise collected and stored by out-of-the-box plugins. It could be even more complicated if that data is used in more detailed ways, and the platform wasn’t built with this requirement in mind.

My own take... small EU companies are not wrong to worry, but it is unlikely the EU will bother them. I think this law was meant to address the big companies that collect massive amounts of data as a business model. Non EU small companies have nothing to worry about at all.

 

[Onyx]

Conversely, Onyx, if a foreign company wants to cross an ocean on a fibre optic cable to trade in another country maybe that foreign company should expect to operate under the laws of the country they want to trade in.

Does my company have the option of removing itself from the European internet?

 

[zmunkz]

Conversely, Onyx, if a foreign company wants to cross an ocean on a fibre optic cable to trade in another country maybe that foreign company should expect to operate under the laws of the country they want to trade in.

I think @Onyx has the right of it. Companies don't broadcast their websites across fiber to other countries, in the way you're insinuating, it is always user-initiated. If an EU-citizen types in a domain name, their request is routed TO the servers of that company, IN the geographical location of that company. Data is handled on that server, possibly retained, and then a response is issued back along the channel initiated by the user. If you are accessing a server that is physically located in another jurisdiction, those should be the laws that govern the exchange. If a local jurisdiction doesn't want that content available for whatever reason, in practice we see those local governments blocking the citizens from accessing the service entirely (through their local ISPs), rather than attempting to persecute the foreign companies themselves.