Re: [Sks-devel] Exploiting GDPR (Re: The pool is shrinking)

[stuff]

That title is actually click bait!

He didnt exploit anything about the GDPR, he just found someone stupid that 
didnt know how the law worked.

The problem was the company miss handling his request!

Yakamo

On Thu, 15 Aug 2019 20:56:59 +0200
Hendrik Visage <address@hidden> wrote:

> And then reading Cryptogram this month:
> https://www.schneier.com/blog/archives/2019/08/exploiting_gdpr.html 
> <https://www.schneier.com/blog/archives/2019/08/exploiting_gdpr.html>
> 
> Exploiting GDPR to Get Private Information
> 
> [2019.08.13] A researcher abused the GDPR to get information on his fiancee:
> 
> It is one of the first tests of its kind to exploit the EU's General Data 
> Protection Regulation (GDPR), which came into force in May 2018. The law 
> shortened the time organisations had to respond to data requests, added new 
> types of information they have to provide, and increased the potential 
> penalty for non-compliance.
> 
> "Generally if it was an extremely large company -- especially tech ones -- 
> they tended to do really well," he told the BBC.
> 
> "Small companies tended to ignore me.
> 
> "But the kind of mid-sized businesses that knew about GDPR, but maybe didn't 
> have much of a specialised process [to handle requests], failed."
> 
> He declined to identify the organisations that had mishandled the requests, 
> but said they had included:
> 
> a UK hotel chain that shared a complete record of his partner's overnight 
> stays
> two UK rail companies that provided records of all the journeys she had taken 
> with them over several years
> a US-based educational company that handed over her high school grades, 
> mother's maiden name and the results of a criminal background check survey.
> 
> 
> > On 15 Aug 2019, at 15:57 , Stefan Claas <address@hidden> wrote:
> > 
> > Robert J. Hansen wrote:
> > 
> >> I'm going to believe the privacy lawyer I pay $450 an hour to more than
> >> I'm going to trust a sketchy website that's not even officially
> >> affiliated with the EU.
> > 
> > Well, it was just one of many example sites, when one is googling
> > for "has the US comply to the GDPR". If one does the same he will
> > also find US sites giving US citizens advice.
> > 
> >> Quoting from it:
> >> 
> >> "You may be wondering how the European Union will enforce a law in
> >> territory it does not control."
> >> 
> >> Yep.
> >> 
> >> "The fact is, foreign governments help other countries enforce their
> >> laws through mutual assistance treaties and other mechanisms all the time."
> >> 
> >> Yep.  Except that in America, the government *can't* help enforce many
> >> parts of the GDPR.  The courts prohibit them from doing it.  You walk
> >> into an American court waving a GDPR writ and it doesn't matter how many
> >> EU bureaucrats sign it: if it intrudes on an American citizen's freedom
> >> of speech the government is prohibited from participating.  This is
> >> bog-standard American Constitutional law.
> > 
> > So as an example, US SKS key server operators do not have to honor
> > removal request (in this case shut-down the server) from EU citizens,
> > when they receive a letter from a lawyer?
> > 
> > I remember also that plenty of US sites (small and large), where I
> > did business with, asked for my consent as EU citizen, when they
> > changed their privacy policy once the GDPR took place.
> > 
> >> It does not apply to US companies, except those that have business units
> >> in the EU or have extensive business ties with the EU.
> > 
> > Has an US SKS key server operator then not 'business' ties with EU
> > citizens, when storing their personal data like name and email address?
> > 
> > And has Mr. Rude then the right to freely distribute this data, without
> > protecting it, to the whole world? If that is the case then EU citizens
> > having 'business' with the US can do the same with US citizens data.
> > 
> > Well, just my thoughts.
> > 
> > Regards
> > Stefan
> > 
> > --
> > box: 4a64758de9e8ceded2c481ee526440687fe2f3a828e3a813f87753ad30847b56
> > GPG: C93E252DFB3B4DB7EAEB846AD8D464B35E12AB77 (avail. on Hagrid, WKD)
> > 
> > _______________________________________________
> > Sks-devel mailing list
> > address@hidden
> > https://lists.nongnu.org/mailman/listinfo/sks-devel
> 
> ---
> Hendrik Visage
> HeViS.Co Systems Pty Ltd
> T/A Envisage Systems / Envisage Cloud Solutions
> +27-84-612-5345 or +27-21-945-1192
> address@hidden
> 
> 
> 


--