Difference between revisions of "GDPR is a scam"

Revision as of 10:58, 19 August 2020

Full Title or Meme

The General Data Protection Regulations (GDPR) of the European Union is a scam

Author: Tom Jones on 2018-05-25

update 2019-04-29

Introduction

This is not a paper about enabling privacy for the citizens of any location on earth. It is rather a paper about the process that enables the representatives of the people to take the legitimate concerns of the people and draft legislation which does precisely what any set of rules always does, it benefits the interests of the organization that makes the rules. It often happens that the rule makers benefit when the people that select them believe that they rules are in the interest of the people, but that is only a side effect of the rule making process and never the primary goal of the rule makers. So it would be good to understand who will benefit from the GDPR. That will at least enable us to understand why the rules were written. We will then examine a different set of rules that were written with close attention paid to the people affected by the rules so that we can see how an alternate method can result in a better set of rules.

1. A good source of material on the EU GDPR is available at this site.

Some Context for this Paper

This paper was first posted on the date scheduled for the regulation to go into effect. Since the regulation depends on each nation in the EU creating supporting legislation, there is an expected delay coordinating all of those efforts. What is less well-known is that members of the electronics services continue their fight to weaken the GDPR. Council negotiations have been slowed by internal disagreements about how to respond to industry pressure to derail the regulation. The specific item that is under attack appears to be the need to acquire user's explicit consent before placing tracking codes on users' devices or collecting data about their communications. Given the fact that the most common (HTTP rest-full) protocols of the internet are now structured to require cookies to establish a consistent user experience over multiple information interchanges, the effect on the user experience could be unacceptable if some relaxation is not achieved.

The Creation and Likely Impact of the GDPR

The primary function of any bureaucracy is preservation. That takes money. The primary goal of any rule maker is to acquire and maintain power to make rules. The maintenance of that power takes money. The most dangerous rule maker is one that discovers the power to make rules that make money without taxing the people that give the rule maker power. The Brussels bureaucracy has discovered that ability. The GDPR is at its core a means for the bureaucracy of Brussels, in cahoots with the national privacy offices to mint money at the expense of corporations all running out of silicon valley. This is the scam. The means and motive are clear, the full impact will certainly be unexpected.

The first impact is easy to understand, the advertising and content producing industries are working ferociously to maintain their existing cash flows. This is happening mostly our of the lime-light that envelopes the social networking companies of silicon valley, who are mounting their own defenses, which are designed to sound like acquiescence without undue expense. It is to be expected that the great effort of the standards bodies to build compliant software will have little effect on the results as compared with the well-funded lobbyists. Still some good should come from the effort at compliance, but only if the standards that are created have the Resilience to work even in an environment where compromise is on-going. What is most concerning is that the standards MUST NOT cater to the regulators, as they are too fickle in the face of pressure. The standards must give the user the experience that helps them achieve their goals without Cognitive Overload. Evolution is the only way for survival of any organism or ecosystem in the long run. Stasis never survives for long.

The Privacy Regulation passed in California

California Consumer Privacy Act of 2018 was signed into law on 2018-06-25 to forestall the effort described below. The authors of that initiative agreed to withdraw their initiative as a result of the legislation meeting most of their objectives.

A citizen initiative had been filed with the secretary of state in California to limit the sale of user data.

This seems like a much better solution than the GPDR. It will effectively shut down the bottom feeders around data sales, like Spokeo and the like, and the apps that sell them data to support themselves, the big 6 won't be affected by this so far as it can be foreseen. Because ultimately if the big 6 get sued, the court will ask for proof that the 6 sell data to entities outside each of their companies, and it seems either they don't now or wont in the future to avoid liability. They are still opposed to the adoption of this measure and some are fighting it, but others have decided this might be the best option they will get. In any case it will give citizen the right to ask a site where they got that data they have on you and ask for it to be removed. It does not seem that the GDPR provides even that much support for individuals.

There will likely be lots of case law generated as a result of the expected passage of this initiative. Here are two possible cases that might arise.

1. Case one: An assistant prof a Pepperdine University, I. M. Clueless, creates some research app that manages (almost by accident) to collect a lot of user information. A partisan committee in Irvine hires a lawyer, from Dewy Cheatem and Howe to help fund professor Clueless provided that they can "examine" the detailed results of the app, which wind up influencing the election results in a swing district. Did either the professor or the lawyer break the law? (Some of you will relate this to the Cambridge Analytica case removed to California jurisdiction.)
2. Case two: A supplement company in Oakland, Nature's Detritus, sells Mary a bottle of Folic Acid. Mary was savvy enough to modify her name so that when ads for Pampers start to flood Mary Detritus' mail box from some unrelated company, can Mary take action against Nature's Detritus if she does not have direct evidence that they received cash from the mailer? (Some of you will see the connection to a real world case at Target a few years back.)

Some legal advice already received indicate that the first case would depend on details not knowable now. My guess is that the problem is relating the quid to the pro quo. In other words can the money payment be directly related to the release of information. The second could be winable if Mary could definitively link the release to the seller.

Is Advertising Nessessary?

Monopolization of information flows has worked to the advantage of oligarchs as long as history has recorded any thought about the value of information, or intelligence as it is sometimes known to the oligarchs. The information revolutions: printed books, radio broadcasting, and now narrow-casting on the internet, have all been faced with paying for the medium of exchange. Books were originally modestly expensive and hard for the general population to afford until free lending libraries were established. Newspapers have relied on money from advertising more than cost of the paper for as long as they have been popular. A similar problem faced radio until the advertising potential was realized and then exploited. From the beginning of the World Wide Web (which is now synonymous with the internet) the prevailing mantra is that "Information want to be free". This idea flies in the face of all history but sounds like a good thing. The trouble was that someone must pay for the internet, a fact that seems to have been conveniently overlooked by the freedom lovers of this current age. Noam Chomsky is a good spokesman for this view in this book "Manufacturing Consent: The Political Economy of the Mass Media" which shows that, "contrary to the usual image of the news media as cantankerous, obstinate, and ubiquitous in their search for truth and defense of justice, in their actual practice they defend the economic, social, and political agendas of the privileged groups that dominate domestic society, the state, and the global order." While this may be true, it is also true that the United States founders, especially Hamilton, believed that the voice of the people is inimical to free government as the people always can be swayed by demagogues. Recent history has proven that even if Chomsky was correct, the alternate, a free exchange of ideas by ideologues, is certainly not better than the privileged groups seeking to maintain global order. Empirically it seems true that some moderating medium is required for the maintenance of freedom.

Getting back to the desire for freedom from advertising or any impediment to the free and unfettered flow of information, how can a balance be constructed that gives people what they need, rather than what they ask for. Certainly neither Plato's ideal Philosopher Kings, nor the John Stuart Mill's utility function have worked to find the best course for government. The need to govern the flow of content on the internet should now be manifestly obvious given the desire of sovereign governments, as well as the would-be king makers, to mold the voting patterns to suit their own goals. As Facebook is now discovering, such a governing bureaucracy is expensive. It is the general form of some government for the internet that needs to be created while recognizing the desire of most users to make no overt payment for their entertainment and also recognizing the need for paying service providers for their quality content. This will be a major challenge for the next dozen years. It is earnestly to be hoped that the world can create such a government that has at least as good an effect on liberty as the philosophers of 200 years ago imagined for us today. It is expected that no proposal will be able to replace advertising as a convenient payment mechanism.

The GDPR was never meant to apply to EU Governments or Businesses

If the huge fines against Google were not enough, the recent attempts to exempt every entity operating inside the EU ought to provide plenty of evidence that the GDPR is nothing more than an effort to extract money from successful Silicon Valley companies. See the following stories:

1. The EU Parliament voted to collect all residents biometrics data into a single data base.^[1]
2. The German banks want to right to send all of your credential information from driver's licenses and passport to their customers. ^[2]
3. For more details see the wiki page on GDPR Avoidance.

Is the GDPR a Net Benefit?

Clearly the privacy of citizens of the European Union have been improved by this regulation. It is likely that the privacy of most citizens of the world have been improved by the spill over effect of multi-national corporations. But the following reports serve to show the downside of the regulation. Only time will tell if there will be a net positive benefit to the citizens of the EU as a result of this regulation.

The New York Times has reported a series of problems so far, and other reports are certain and will be posted here as time and interest permits:

• NYT 2018-05-28 "In Europe, New Battle on Privacy" states that "the legislation is so stringent that it could kill off data-driven online service and chill innovations."
• NYT 2018-05-25 "New Privacy Law Make Europe World's Leading Tech Watchdog" relates that European regulators are fanning throughout the world to spread the gospel of GDPR, not necessarily the way to improve the lot of their citizens.
• NYT 2018-05-24 "Getting a Flood of G.D.P.R.-Related Privacy Policy Updates? Read Them" relates how all the web sites in the western world seem to be sending us all privacy update messages not to say they they have improved our privacy, but rather to warn us that it is our fault that they are expropriating our private information.
• NYT 2018-05-06 "What the G.D.P.R., Europe’s Tough New Data Law, Means for You" quote "Will the internet look different? Not really. Supporters of the law say it will bring sweeping changes to how companies operate online, but in reality, the effect on your internet experience will be minimal."
• BBC 2019-08-13 Black Hat: GDPR privacy law exploited to reveal personal data

References

1. ↑ Catalin Cimpanu. EU votes to create gigantic biometrics database. Zero Day (2019-04-22) https://www.zdnet.com/article/eu-votes-to-create-gigantic-biometrics-database/
2. ↑ The OpenID Foundation, OpenID Connect for Identity Assurance 1.0 https://openid.net/specs/openid-connect-4-identity-assurance-1_0.html