
Facebook Use of Sensitive Data for Advertising in Europe [pdf] - HugoDaniel
https://arxiv.org/abs/1802.05030
======
HenryBemis
I am soooooooo looking forward to GDPR kicking in.

I have already bookmarked this "nightmare letter" [1], that was posted on HN a
few days ago.

[1]: [https://www.linkedin.com/pulse/nightmare-letter-subject-
acce...](https://www.linkedin.com/pulse/nightmare-letter-subject-access-
request-under-gdpr-karbaliotis/)

~~~
ucaetano
Yep, it will cost money, but the big companies will have compliance automated,
and will continue business as usual.

Now about the small companies, the ones that can will shut down European
operations and continue elsewhere; the ones that can't, in particular European
startups and small tech companies, will have to close shop or face severe
penalties every year.

In the end, most of the damage will be done to small and medium European tech
companies.

~~~
sandstrom
I run a small European tech company and disagree.

We have a product that deal with quite a lot of personal information (top
quintile).

Sure, it’s a headache right now but certainly not insurmountable. The law
itself is easy to read, sensible and not needlessly long. You definitely don’t
need a lawyer to understand it.

Also, I know that a younger/smaller company with a more modern tech-stack will
have a munch easier time implementing data minimization, profile erasure tools
and proper encryption/security. For many large companies data is spread out
over so many products and systems that just mapping it all up is a painful
task.

Also, as a consumer I think 95% of the law makes a lot of sense! Citizens
deserve it!

~~~
ucaetano
And how will your costs increase when you have to provide data to dozens,
hundreds, or thousands of letters like the one the OP posted, each one asking
for different things?

Managing the data is easy, managing the compliance and reporting will be the
hard and costly part.

~~~
chundi
maybe show what you got under profile settings somewhere or button which will
email you report with all or frequently requested information.

~~~
tmuir
Its probably safe to assume that the person you're recommending this to has
absolutely no idea about the general concepts of software development, or the
rough orders of magnitude of information that is reasonable to store and serve
with modern infrastructure available to nearly any small business.

Its reminiscent of the willful ignorance displayed by the Cuyahoga County
Recorders Office, in Ohio. The office responded to FOIA requests by demanding
$2 per photocopy, even though the documents were already stored on CDs. They
hoped they could simply make freedom of information too expensive. Their legal
argument was that the files could be semantically thought of as photocopies of
the documents.

Here's a verbatim reenactment of a deposition in the case where a county
employee puts on a charade of not knowing that a photocopier is.

[https://www.youtube.com/watch?v=PZbqAMEwtOE](https://www.youtube.com/watch?v=PZbqAMEwtOE)

------
gtufano
The study links to this tool (from the same authors) that seems interesting:
[https://fdvt.org](https://fdvt.org)

------
tpush
Really interesting table on page 10. Selfishly I have to say I'm glad to see
my country (Germany) being the least affected.

