The Basic Unfairness of the GDPR: a Regulation with No Teeth

A basic rule when designing a law is to create a precise link between the “order” part (thou shall not…) and the fine deriving from the non compliance (… otherwise shall go to jail.) But this is not enough, because to have a law working properly or being effective, it must be actually enforceable, otherwise this law would turn from a social regulation tool into an abuse of power from the State. Continue reading “The Basic Unfairness of the GDPR: a Regulation with No Teeth”

GDPR is for Filing System Processed Data Only

A fair quantity of data processing, though digitally performed, is outside of the GDPR’s reach.

I do not have figures comparing database-based processing to instantaneous, non-filing-system-handled data manning, nevertheless it is fair to say that the latter are a relevant part of the digital ecosystem (think of the instant messaging sector, where end-to-end communication is not necessarily meant to be stored.) As such, these kind of processing are not covered by the GDPR. Continue reading “GDPR is for Filing System Processed Data Only”

The GDPR and the problem of “simple” wording-based consent

An always present “advice” about GDPR’s consent gathering is “keep it simple and clear”.

This call for clarity, mainly advocated by the Data Protection Authorities themselves, is based on the assumption that legalese is actually a way to deceive the data subject into releasing a non well understood consent.

Clarity is a good thing but, in the law realm, must be practiced within the limit of the technical vocabulary. Continue reading “The GDPR and the problem of “simple” wording-based consent”