General Data Protection Regulation (GDPR) - useful/practical tips for small developers

DSP, Plugin and Host development discussion.
Post Reply New Topic
RELATED
PRODUCTS

Post

aMUSEd wrote:What I don't get is how come all the small developers are having to email everyone asking them to opt into newsletters etc, but the larger companies seem able to just get away with am email telling you they 'respect your privacy, but 'If you agree with our Privacy Policy, there’s nothing you need to do'.
If you've already received consent from users due to earlier regulations or just generally good behaviour, you don't have to do anything else. Many companies will be asking because they use third-party mailing mechanisms (that won't have had the correct consent) or they didn't ask.

There could be other reasons as well (and may well be some bigger companies just ignoring things they shouldn't).
Top

Post

Do American or other non-EU companies have to adhere to the new law?
I did receive a mail from AIR's mother company in Rhode Island, but it said I don't need to do anything.
Top

Post

fluffy_little_something wrote:Do American or other non-EU companies have to adhere to the new law?
I did receive a mail from AIR's mother company in Rhode Island, but it said I don't need to do anything.
I believe it's anyone dealing with EU citizens' data.
Top

Post

Oh dear... "Several services have cropped up offering a way for website administrators to block EU-based visitors rather than check their pages meet the new requirements"...
https://www.bbc.co.uk/news/technology-44239126
Top

Post

That would be cool, actually. Pretty soon foreign sites and services would be replaced by European ones.
If the EU amended the law to forbid the transfer of EU data outside the EU, most foreign sites would block EU citizens. It could be a huge boost for the European online world.

Interesting that companies are overwhelmed now, the law has been in power for 2 years, only the transition period ends today.
Top

Post

Really? Then the front page message might as well be...
"Due to our incompetence in the global web economics you're not allowed to visit our site - forever. Good-bye y'all!!"
Top

Post

"Complaints have been filed against Facebook, Google, Instagram and WhatsApp within hours of the new GDPR data protection law taking effect."

https://www.bbc.com/news/technology-44252327
Fabien from Tokyo Dawn Records

Check out my audio processors over at the Tokyo Dawn Labs!
Top

Post

The disclaimers on some sites have gotten bigger, and with every visit one has to click them away again when not logged in.
Basically, I suppose most people will simply accept everything just like before.
Top

Post

The GDPR emails I've been getting just remind me to unsubscribe from loads of places. It's been quite useful. :D
Top

Post

#rob wrote:We talked about this problem to our data protection guys.
In short: don't worry about it too much.

If anything about your company or web site (regarding GDPR) is not in order, or appears not to be in order, or could potentially not be in order... then the first report ALWAYS has to go through the data protection authority. Courts will not handle cases like this.

The "vulture" lawyer has to report your company or web site to the appropriate data protection authority, they will then check the claims and contact you, give you a certain time period in which you can either prove that what you're doing is OK or fix anything that was wrong. Finally, they'll check your company or web site again to make sure everything is in order now.

If anything still isn't in order, despite the authority telling you to fix it and giving you an ultimatum to fix it by, only THEN would you get into trouble.

But you can safely refer any "vulture" lawyer who tries to extort you like that to your data protection authority. If they want to take your money for not obeying the law, make them obey the law first and make them go through the legally required instances.
Thanks a lot for sharing this info, that calming a lot :tu: and good to know in future if some vultures try... :wink:
fluffy_little_something wrote:Sounds like yet another crazy EU law, which costs a lot to implement and yields poor results.
As long as a company is online, privacy and safety are just an illusion. As soon as data leaves the EU, adiós data protection. In Germany even public organizations are selling citizen data to companies, and it's legal.

Do developers who outsource the whole shopping part to a third-party service provider also have to invest in all that security?

German Abmahn parasites will like that new law, though.

I remember a text on the EU-US data protection shield or whatever it is called. It is a joke.
The complicated thing about GDPR is also, there is GDPR in general - but every EU country have it changed to there own opinion/need. Some country have it not fully in action yet or just step by step, and some only in a "soft"version... for example in germany it is in a very intense version compared to some other countries - and along with that every country has own additional laws running besides it concerning spam, privacy, digital stuff etc...

for example here a list (in german) about the GDPR in each country, not fully up to date, but you can see big differences: https://www.isico-datenschutz.de/blog/2 ... u-laender/
Urs wrote:
.maki wrote:hm, this guy claims about some shady motivation inspired by authorities. Was an interesting read.

https://www.datenschutz-guru.de/aufsich ... netseiten/
Interesting read, indeed. If this is true, anyone with a Like-button might become subject to abuse through the cease-and-desist industry. The article says that German authorities interpret the law so that consent needs to be given *before* a cookie is set, e.g. when using Google Analytics.

As far as I understood, consent for tracking *before* a cookie is set was only ever necessary for such kind of profiling which links the user activity directly to the user's profile. In other words, if the tracking data ends up in a database without being anonymized, prior consent is necessary and a cookie notice or a paragraph in a privacy statement is not enough. Not sure.

However. Tracking can not only be done with cookies. Once a user on a website can be identified (a login, a purchase whatsoever), he can as well be tracked by log files. I'm curious to see if this ends up being a problem as well. It would make offering a website very difficult in general, because how can you ever get consent before the landing page?
It`s not just a facebook like button, also twitter tweet button or soundcloud player embedded. (and youtube embedded), in all of them, when used / or embedded there will be cookies running before the user can accept them. And thats the "not legal" part now since yesterday. As example, with standart facebook like&share, twitter tweet button + youtube and soundcloud embedded we had through this up to 10 cookies running directly through just these 4 things... now it`s only 1 - google analystics - which is ok when anoymized (via script or additional tool and privacy page tells everything about it and you providing a optout function). But the rest is mhm not ok anymore. On our websites, we removed soundcloud as embedded player everywhere, on youtube embedded we reworked all embedded videos via additional tools that there is not as usual the doubleclick cookie running (which is by default if you embedded a video from youtube), exchanged all share buttons with a tool (shariff wrapper) to have no facebook or twitter api +cookies running. And got rid of all other social plugins like sidebar sliders,feeds etc.

And with 3 websites, +400 content pages - much fun to rework them all! :roll:
The work time, trouble with many different reports or infos on that topic + cost for additional tools, privacy police etc will be also for smaller companies not helpful (in terms of being effectiv). Also if the GDPR is good for everyone (as user) for companies it`s really bad + you lose newsletter, social function and as sound content developer - no soundcloud e.g. embedded...well also bad and more...
Top

Post

We kicked out the Soundcloud plugin as well, and we'll switch to a different solution in the future.

But ihmo that's more of a Soundcloud problem. If enough websites do this, I'd expect Soundcloud to lose a significant amount of traffic/visitors. It is beyond me why this problem is not getting fixed (or is it?)

Richard
Synapse Audio Software - www.synapse-audio.com
Top

Post

Richard_Synapse wrote:We kicked out the Soundcloud plugin as well, and we'll switch to a different solution in the future.

But ihmo that's more of a Soundcloud problem. If enough websites do this, I'd expect Soundcloud to lose a significant amount of traffic/visitors. It is beyond me why this problem is not getting fixed (or is it?)

Richard
I've decided to remove my SC players as well. Youtube has an "enhanced privacy mode" for embeds that I've updated all embedded videos with. I wish Soundcloud would do something similar. I guess we'll just have to wait and see.
Top

Post

Remember how JUCE 5 may records information about your plug-ins users?

https://juce.com/juce-5-privacy-policy
if you are using our JUCE code with a free “JUCE Personal” or “JUCE Educational” license, we may additionally collect anonymised data from the end-users of your JUCE-built application solely for our internal operations in connection with providing and improving JUCE. You may opt-out of this tracking when you purchase a “JUCE Indie” or “JUCE Pro” license.
In strict application of GDPR it seems you should ask consent from within the plug-in for this. :ud:
Checkout our VST3/VST2/AU/AAX/LV2:
Inner Pitch | Lens | Couture | Panagement | Graillon
Top

Post

quikquak wrote:The GDPR emails I've been getting just remind me to unsubscribe from loads of places. It's been quite useful. :D

Very much the same here. At last my inbox is actually manageable for the first time in years.
Top

Post

They are !@#$ spammers on this site.I didn't sign anything and they keep sending me e-mails.Let's see if they will be fined after my indictment
Top
Post Reply

Return to “DSP and Plugin Development”