Alexander Chalkidis

Category: LAW

  • Here is your first class action suite for GDPR (and why it is stupid)

    As an experiment, I decided to ask Google to remove all my contributions to the Google Maps Local Guides scheme.  For those of you not aware, Google Maps uses volunteers to improve maps.  And we do a lot.  They have gamified the process, which makes me a Level 9 guide (of 10 levels) thanks to thousands of reviews, ratings and photos seen by millions of users that I have uploaded.  So what happens if I want to leave?

    Joke No1.  Google itself, clearly says that you can delete your profile but your contributions will remain!  End of story, judge makes verdict, 4% of your global revenue please.

    Joke No2.  It is not easy to even find what to do if you are not OK with the above Joke No1.  Suppose you look hard, you will find somewhere under legal a procedure.  So you fill in a form.  Already we are way out of GDPR, this is not easy or intuitive.

    Joke No3.  Google doesn’t even have a human to respond.  Their first email is generic:

    Thanks for reaching out to us!

    We have received your legal request. We receive many such complaints each
    day; your message is in our queue, and we’ll get to it as quickly as our
    workload permits.

    Due to the large volume of requests that we experience, please note that we
    will only be able to provide you with a response if we determine your
    request may be a valid and actionable legal complaint, and we may respond
    with questions or requests for clarification.  For more information on
    Google‘s Terms of Service, please visit http://www.google.com/accounts/TOS

    Regards,
    The Google Team”

    Whoops!  Under GDPR, referring to fine print just doesn’t cut it.  Even if the judge hadn’t slammed the hammer and demanded gazillions before, now he can.
    Joke No4.   Luckily for them, I too think GDPR is crap, so I respond honestly and fully.  Oh no, bot response again:

    “Thanks for reaching out to us.

    To request the blocking of URLs from Google Search results under European law, please use this form: https://support.google.com/legal/contact/lr_eudpa?product=websearch

    If you need to send additional information in relation to your request, please respond to the email confirmation you receive after you send in the form. If you have already filled out the above form, your request will be processed shortly.

    To request blocking of your personal information from specific Google products other than Web Search, please use the following form: https://support.google.com/legal/contact/lr_pir

    If you need to send additional information in relation to your request, please respond to the email confirmation you receive after you send in the form.

    If you have already filled out the above form, your request will be processed shortly.

    Regards,
    The Google Team”

    This is pretty bad.  The bot didn’t even get it right.  So I send “This request does NOT concern blocking information.  The form you are sending me to is irrelevant.  Please get a homo sapiens to respond.” And the bot insists: “After reviewing your submission, we weren’t able to fully understand your request. If you send us more details to clarify your concerns, we will investigate further.”

    Joke No5.
    Luckily for Google, I am on their side, so I explain with plenty links.

    “I am a Google maps local guide. Level 9 in fact. This means I have made thousands of contributions. However if I want to remove these contributions, there is no automatic way of doing it.Under GDPR this should be possible more easily. Manually deleting tens of thousands of comments, reviews and photos is not practical or even feasible.

    I refer you to the discussion going on here
    https://www.localguidesconnect.com/t5/General-Discussion/How-to-Exit-Local-Guides-Program-and-Delete-ALL-my-Contributions/m-p/934274#M264101

    And here
    https://www.localguidesconnect.com/t5/General-Discussion/Local-Guides-and-GDPR/m-p/926431#M259635″

    Bot screws up even worse up the same rabbit hole:

    To request blocking of your personal information from specific Google products other than Web Search, please use the following form: https://support.google.com/legal/contact/lr_pir

    If you need to send additional information in relation to your request, please respond to the email confirmation you receive after you send in the form.

    If you have already filled out the above form, your request will be processed shortly.”

    Now, if you follow that last link, it is as unGDPR as humanly possible.  And it is off topic, it won’t even work if I request it like that.

    I really need no further proof than the above emails to sue Google under GDPR.  Will it work?  Hell yeah!  Class action?  Easily!  Google has been pushing users on to Local Guides for ages, millions of Android users are on it already.  Will I do it?  Of course not.  GDPR is ridiculous, useless and bureaucratic for no reason.  Google Maps is useful and Local Guides wonderful.

    This is a complicated world but useful trumps EuroBureaucracy every time.  Even well meaning European initiatives are counter productive when they are implemented like this.  A horse designed by a Euro Committee isn’t even a camel, it is a monster that can’t walk.  GDPR is not enforceable in any practical sense, it is simply the threat of a vindictive consumer.

  • This is a coup! How does Europe get the right to tell the internet what to do?

    As the world watches him flip flop over major topics like migrant families and trade war threats, I have to grant Donald Trump a point.  Take all the nasty stuff he said about China on the campaign trail (before he started sucking up to Asian dictators) and apply it to the European Union.  Obviously GDPR has not yet played on Fox news and he hasn’t figured out what the European Commission just pulled off.  It unilaterally forced a ridiculous and extremely vague legal requirement on the entire planet!

    “A Data protection officer (DPO)—a person with expert knowledge of data protection law and practices, must be appointed to assist the controller or processor to monitor internal compliance with this regulation.”  Wait a minute.  Just because a European citizen might click on my website, I have to hire some expert?  And worse still, I am not allowed to ban Europeans from visiting my website or to show them a different version?  Protectors of the internet should not be cheering GDPR, we should all be fighting it!  This is a coup, or #thisisacoup if you want to make it a trending hashtag.  You should want to if you care about the internet.

    We have done our best to keep the internet free.  We fight for net neutrality.  And we are going to let some Euro-bureaucrats force vague and already technologically irrelevant regulation on the entire planet?  GDPR is not about tech, your IT people can’t make you compatible.  Neither is it a marketing issue.  GDPR isn’t even a legal issue.  How many lawyers do you know that understand databases or UI?  GDPR is 100% political.  Our national governments weren’t even asked, it is regulation instead of a directive.   European citizens didn’t even get the chance to see it ratified in national assemblies.  And – sorry to see this in writing – I am rather hoping Donald Trump notices some report on Fox news and helps us out this time around.

    This is a coup.

  • GDPR is so stupid it is scary

    I can picture the scene.  Some EU bureaucrat, on his low tech EU email client, had to go through the EU complicated way of reporting yet another viagra spam email.  “This has to stop!” he righteously  complained loudly to other EU bureaucrats twiddling their thumbs.  “I cannot receive that email I need from Nigeria because the damn system keeps thinking it is a fake prince sending it!”  The rest of us don’t know why they didn’t just use Gmail instead.    We hardly remember what spam is here in the rest of the world, because Google’s AI deals with it so effectively before it ever gets near us.

    But the EU bureaucrat did what EU bureaucrats do.  He made a committee that started a process which made national committees which authorized funds to research a topic which needed researchers to hire more bureaucrats to end up with a massive nonsensical blurb which they eventually got other EU bureaucrats to vote for and announced to the world in what is easily the grandest proof of how far behind reality they all are.

    GDPR is so broad in its scope it is legally practically trash.  The more you read “experts” analyze it, the worse it gets.  Since when can a legal requirement from one group of countries force the entire planet to do something?  If I, a euroloving citizen, travel to a remote tropical island with 50 inhabitants and one computer and the hotel there asks for my data without doing all the GDPR it needs in IT infrastructure and communicating, can I then sue them?  It seems I can.

    For anyone with the slightest experience in IT and database infrastructure, the more you look at GDPR, the more you despair.    Because unlike the counter productive cookie banner which simply wastes a little time, GDPR was implemented using what looks like knowledge of current IT practices.  Some of those well paid committees and their well paid experts actually did some work this time and hashed together a semblance of what they think a modern IT infrastructure should look like.  Which is even more problematic.

    This is a big planet and a “legal entity” is an extremely fluid notion.  You are reading a personal blog where I publicly air all sorts of complaints about things I see and don’t like.  Do I have to prove I don’t make money out of this blog?  What if you are subconsciously impressed enough to hire me as a consultant as a result of all this wisdom?  Sure there are enormous companies with legal departments and big IT clans.  Even those however have very different approaches to how they are organized both in terms of the role of marketing departments and in terms of IT philosophies.  And of course probably 99% of “legal entities” on Earth have no IT department and no marketing department.  Or if they do it is one person struggling to get the basics done.

    I am really curious to see the first case of someone being charged under GDPR.  What sort of “experts” will be called upon and what sort of “standard” they will retrospectively demand.  “Sure, you used double opt in for the past ten years, but look, here on page 2536 of GDPR, clause 7d stipulates that….”  And then you will counter with by analyzing entries in your database from eight years ago.  And then some sort of IT wizard judge will be able to come to a conclusion?

    If GDPR was designed to curtail Google and Facebook it is the most ridiculous and destructive indirect way to do it.  The EU can slap penalties on these companies anytime it wants to anyway.  It doesn’t need to cripple everyone else in the meantime.  If anything, Googlem Facebook and other big U.S. platforms will come out stronger from all this as millions of small companies will prefer to use their cloud infrastructure rather than try and figure out how to be GDPR compatible.    If GDPR was made in order to promote specific types of marketing and penalise others it is high time Euro bureaucrats crawled out of their holes and visited the real world.  Marketing has moved a long way since those Viagra emails only you keep receiving. because your email infrastructure was built by a committee.

    The EU put up a nonsensical, needless roadblock to doing business in Europe.   Legitimate Nigerian princes with large inheritances will simply do their business somewhere else.

     

  • Censorship, Greek style

    With oligarchy, a few power took power and so all poets lived in fear.  It became impossible to openly make fun of anyone, they could take you to court.  Eupolis criticized Alcibiades in his work “Batpae” and decided to drown him in the sea.

    This created even more fear in poets as “Baptae” means “Bathers”.