
German butcher's GDPR notice - egb
https://twitter.com/cszabla/status/1001619286090280960
======
MatthewWilkes
See also, this italian version that did the rounds a couple of weeks ago:
[https://twitter.com/koenfucius/status/997783004155187200](https://twitter.com/koenfucius/status/997783004155187200)

------
sirwitti
Rough translation: GDPR - General Data Protection Regulation

Attention! In our butcher shop we might ask you for your name and memorize
which kind of meat you like. If you don't want us to do that please shout "I
do not approve!" when entering.

We will pretend to not know you in that case.

Btw, it's an Austrian butcher shop :)

~~~
tscs37
But that's opt out and not opt in!!!

------
zerostar07
best i ve read so far: [https://writershq.co.uk/privacy-
policy/](https://writershq.co.uk/privacy-policy/)

~~~
bo1024
I think it's pretty awful and, as someone who cares about privacy, feels kind
of disrespectful. (Layering disrespect under humor doesn't change it.) The
basic attitude is: yes, we use all the tracking technology available and give
your data to all the scary third parties, and no, you shouldn't be surprised
because that's internet standard these days, and you don't know how this tech
works anyway, so haha and good luck.

------
amelius
Just make sure to wear a burqa when entering the shop, then everything should
be ok.

------
JeanMarcS
Despite the fun part, if they keep notes of their client names, it has to be
GDPR compliant.

That’s the example I give to my client, but with a hairdresser. If they give
you fidelity card and they got a copy of your name in a cardboard box, then
yes they have to comply to GDPR.

Here in France, even the media says that GDPR is for internet companies, not
explaining that it’s for every companies. So most of them are surprised when
you tell them they have to be compliant.

~~~
tzs
> If they give you fidelity card and they got a copy of your name in a
> cardboard box, then yes they have to comply to GDPR.

Maybe, maybe not. Article 2 (material scope) says:

"This Regulation applies to the processing of personal data wholly or partly
by automated means and to the processing other than by automated means of
personal data which form part of a filing system or are intended to form part
of a filing system."

Note that for GDPR to apply, the data has to be part of or intended to be part
of a "filing system". (It is possible to read the above as saying that the
filing system requirement is only for data processed other than by automatic
means, but Recital 15 suggests it is not limited that way: "The protection of
natural persons should apply to the processing of personal data by automated
means, as well as to manual processing, if the personal data are contained or
are intended to be contained in a filing system").

What is a filing system? Article 4 tells us:

"‘filing system’ means any structured set of personal data which are
accessible according to specific criteria, whether centralised, decentralised
or dispersed on a functional or geographical basis"

Recital 15: "Files or sets of files, as well as their cover pages, which are
not structured according to specific criteria should not fall within the scope
of this Regulation"

One could probably make a good case that if you are just randomly tossing
cards into a cardboard box, that's not a structured set of data, and so not a
filing system, and so GDPR does not apply.

~~~
JeanMarcS
Thanks for clarifying. But if the card are, for example, ordered
alphabetically ?

If they are ordered by, let say, revenue generated by the clients, does it
applies ?

Those are open questions. I know I’m looking for hair on an egg, but, as
IANAL, the gray zone is a little bit too wide for my full understanding.

------
ryanwaggoner
Only until we have the capability to forcefully carve those memories right out
of your head.

------
amelius
They could have posted that when the cookie law was introduced.

~~~
swebs
The cookie law didn't ensure that you could opt-out and still receive service.
Most sites just said "Accept cookies or go somewhere else" and since all
competing services also used tracking cookies, you weren't given much of a
choice.

------
rdlecler1
“Error encountered” — the regulators move fast.

------
moccachino
What does it say? I haven't been able to access twitter since GDPR.

~~~
stephengillie
An Imgur link, if you can view that:
[https://i.imgur.com/IuZ8UBm.png](https://i.imgur.com/IuZ8UBm.png)

Why are you unable to access Twitter? Did they block a portion of the
Internet?

~~~
moccachino
I'm not entirely sure but I always get redirected to
[https://twitter.com/i/flow/consent_violation_flow](https://twitter.com/i/flow/consent_violation_flow)

I assumed it was something to do with GDPR, but curiously I'm not prompted for
anything, just instant redirect to this page.

I just treat it as another happy instance of GDPR productivity boosting so I'm
not motivated to figure out how to fix it.

------
wooter
the idiocy of this law really grinds my gears.

------
madez
This completely misses the point, and it's telling that it gets votes. The
GDPR does not regulate what you personally know, it is about collections of
information outside of your brain.

~~~
JumpCrisscross
> _GDPR does not regulate what you personally know, it is about collections of
> information outside of your brain_

So if the same butcher took notes about his regulars’ preferences, they would
need to be GDPR compliant?

~~~
simion314
If I take notes about your movie or software do I break IP laws? Maybe US law
is weird.

~~~
threatofrain
If a European butcher takes notes on his customers using a paper notebook or
Excel, are these different modes of data-management subject to GDPR? That's a
pretty relevant question esp. since the article is on a butcher. The entire
discussion is on the scope of GDPR.

What does US IP law have to do with this?

~~~
simion314
The IP law is related, it protects some people or companies IP, publishers
have to follow it, have to respond to DMCA, people in other countries can go
to jail. But people that want the IP laws think that my private data should
not be mine and not be protected, because it should not be or because it is
not easy. Responding to DMCA claims, making sure to use the right licenses for
software and assets is not easy either so why is one liked or at least
respected by startups and companies and other disliked?

~~~
threatofrain
If a European butcher takes notes on his customers using a paper notebook or
Excel, are these different modes of data-management subject to GDPR?

How are you about to answer that with US IP law?

~~~
detaro
Article 2:

> _This Regulation applies to the processing of personal data wholly or partly
> by automated means and to the processing other than by automated means of
> personal data which form part of a filing system or are intended to form
> part of a filing system._

Which makes sense, just keeping customer data on paper instead of in digital
storage shouldn't mean you don't have to protect it.

~~~
threatofrain
Ah, it says automated. I wonder if that mean manual human input changes
things, even manual human input in Excel.

~~~
detaro
Don't think it does. Basically everything involving a computer probably
qualifies as "automated", and an Excel document is probably structured enough
to be a "filing system".

