First of all, GDPR does not apply to personal sites. ( https://law.stackexchange.com/a/28086 - see current "in force" version of the directive: https://eur-lex.europa.eu/eli/reg/2016/679/oj see recital 18)
> [...] GDPR sets a minimum amount of cost/effort to run a website [...]
This is simply false. If you want to post something on the 'net, nothing changes. You want to count page downloads? (You know those old school CGI counters.) Nothing changes. You want to know how many individual visits you got? Well, you need to try to distinguish between new and returning visitors, hence you might put a cookie on the visitor's browser/client/useragent, now you need to ask nicely, because it's eerily easy to use that cookie for a lot of other purposes. (Similarly if you would try to use something else, like IP address, and/or browser fingerprinting.)
And so on. Yes, I like pretty graphs about visitors (browser screen size distribution, fancy geoip charts, etc), but so do the people that live off the not so innocent usage of this kind of data.
And yes, if you collect personal data, then you should be able to protect it. This was always the case, GDPR simply states this and tries to create a mechanism that forces data holders to act accordingly (via the mandatory data breach reporting). Again, similarly, if you handle a lot of data you should be able to accurately take a stock of what kind of data you have about whom, hence the requirement to respond to these inquiries.
> I think it disproportionately impacts smaller sites.
Agreed. But small sites were always at the mercy of random script kiddies. They always lacked resources to properly handle updates/upgrades, security, data, end-of-life termination, etc.
GDPR at least makes WordPress, discourse, and random blog and forum engines able to deal with the reality of how much value their databases represent nowadays.
from Hacker News - New Comments: "WordPress" http://bit.ly/2P6AqbK
via IFTTT
No comments:
Post a Comment