Google has a reputation for sometimes randomly banning people, from all Google-controlled properties at once, for opaque reasons that are suspected to be malfunctioning automated systems. They have no appeals process, and if these stories do ever get resolved later, we don't hear about it.
This means every time I look at a new Google product, I ask: If every Google product I use shut off at once, how bad would it be to add this one to the list? So Google Pay, for example, is a total nonstarter; in a situation where most of my communication methods suddenly break, simultaneously losing access to credit cards would be literally life threatening. Similarly, I could never recommend Google Cloud Platform to an employer; losing the ability to do system-administration work at the same time as losing access to gmail would just be too much to manage.
> My photos since I was a baby till nowadays (23 years of images), my niece's photos since she was in her mom's womb, my essential files, ALL passwords, reminders, and google login accounts. Everything is gone!
> my google play account with my apps, my google extension developer with my extensions, my google AdMob with all of my unpaid revenue, firebase, google analytics, and google search console...
I’d like to apply this algorithmic ban to Google employees’ private Google accounts so they too can experience the joy of getting punched in the face without recourse.
I “only” have my emails left at Google. Starting July they want to take my money for what they promised to be a free service forever. I actually look forward to migrating away from them so I find inner peace again.
I lost my email password which i haven't logged in for 10+ years (but had forwarding setup so i was receiving emails still). As a googler, i thought, surely, i would be able to get support to recover my account
While I was a googler I got very frustrated while trying to help a friend regain their old YouTube account that they knew the password, email, and phone number associated but because they did not still have access to that phone number the automated system didn't let them log in with the password the system confirmed was correct. Absolutely no traction gained despite trying multiple different avenues to get help.
Yeah, I was able to briefly get access to an account that was stuck in the infamous "thanks for proving you own the recovery email but we still can't determine you are the owner of this account" loop by contacting a friend at Google. However, shortly afterward the account went straight back into the state it was before so it is basically a lost cause.
Scary to think that algorithms override even Google insiders when things break.
The biggest problem is being treated like a criminal rather than a customer. I’ve dealt in the small business space for a long time and we never deprive a user of their data even if we end up hating each other.
Western governments need to start acting on behalf of the people. Break up big tech and bring the hammer down on companies that usurp a persons lifelong data archive and refuse to give them a copy.
I have Google Workspace Legacy accounts, so my family has stayed with Google for far to long. That’s ending this month. Even if it sucks and we lose some data, purchases, etc. right now, the long term benefit of abandoning Google is better for everyone IMO.
Criminals are at least told what the charges are, and theoretically given a venue to contest them.
It's easy to imagine police using the same excuse as Google: "we can't reveal exactly what you did wrong, since that would compromise our methods to catch criminals". If it wasn't for the fact that we aren't used to that "just being the way it is" in that case, we would probably shrug and accept it, too.
I've said this before and I'll say it again. It should be illegal to fully ban accounts. Figure out how to make them readonly. That's the only ban type that should happen. Yes, even if there is illegal content. If you really have to, quarantine the illegal content, but keep the rest of the account available.
Unless the failure rate is literally 0%, there should never be a permanent full ban.
This is absurd. Don't entrust an online service with the only copies of important data if you don't want to lose it. Even in the most statist society imaginable, making it a criminal act to 'fully ban' a user from a 'service' is barely even definable, let alone feasible or desirable.
Infuriating. If you are based in Europe you can invoke Article 22 of the GDPR and get support of your local data protection inspectorate:
"The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her."
There is perhaps the same in other juridictions (like California).
I think it was never clear if residents of EU included people with citizenships but are currently located outside. So it would be safest to honour all requests rather than risk it.
even if you live outside of your country, you typically still are considered a resident of the country of citizenship, because to declare you a non-resident someone would have to prove that you aren't still registed as resident or don't don't have a home there any more and are not going to go back any time soon, which you could do any day.
There are complex laws governing residency which vary country-by-country. It's not atypical that, for example, if you spend 183 days in a year somewhere else, you're no longer a resident.
You're generally only a resident in one country. This governs taxation -- taxes are primarily based on residency, with some caveats. As a US citizen living in the EU, you will not pay the same US taxes as you would if you were living in the US, and in many cases, zero taxes.
to change your status of residency, proof would be required.
and it depends who is asking. maybe i don't pay taxes as a resident, but for visa purposes i may still count as resident in my home country.
this is relevant now as china allows people only to enter by direct flight from their home country or country of residence. this is really messing with people who have their family in a third country. they have to make a detour to their home country if they don't have a residency visa for their family's country.
also if i go travelling for a year, i don't loose my residency status unless i stay somewhere long enough to establish residency there. that is, if i have a visa that allows that.
Proof is not required. In the US, for example, you file taxes on an honor system.
If you've lied, there are periodic audits, and you might get thrown in prison.
I assume you can lie going to China. If you do and get caught, you'll probably never be welcome to visit China again (or fines, or prison, or some other consequence; but most countries would just keep you out).
it always depends on who is asking. this whole subthread is about who the GDPR applies to. in your other comment you lay that out very clearly: https://news.ycombinator.com/item?id=31397369
the relevant question is: when do i loose my status as a resident of the EU if i am an EU citizen. i'd like to make the claim that the intent of the GDPR is to protect the people who are inside the EU at the moment the data is collected.
even if i just leave for a week as a tourist, and then use some non-EU service, the GDPR no longer protects me. it is unclear if the GDPR still applies if i registered with that service from inside the EU and they know that i am the same person that's now accessing the service from outside the EU, but as you said, the easy thing to do is to just assume that the GDPR does apply until there is a clear benefit from being able to not apply it, and in that case the company needs to show evidence that i am not an EU resident. on the other hand if i sign up for a service outside and continue using that service after i return to the EU, protection should start from the moment i come back.
my point is that this is meant to be not the legal residence status, but simply your location at the time, unless you happen to be in the EU only for a short visit, in which case the GDPR is not going to be of much use (it might still apply though. can i visit the EU as a tourist and then issue a GDPR data request or deletion or whatever other benefit the GDPR offers, and then go back home after issuing the request?).
which is different from getting an EU domain. there it matters that you have the legal residence status regardless of your location. if you have a multi year residence visa, you won't loose your EU domain just because you spent most of that time traveling outside of the EU. you'll need to return your EU domain only after you permanently leave the EU. (which every british resident had to do)
I assume you can lie going to China
you can't lie, they want to see evidence that you are a resident or they won't let you board the plane. consider that the point is to control infection vectors and they want to avoid people transiting through high risk areas. so this is not to punish people but to prevent the virus from spreading and if in doubt, they won't let you in.
The intent is very much territorial. I don't think your interpretation is 100% correct, but I think it's 95% correct. Jurisdiction is clearly defined as territorial:
However, the framing as a human rights law, protecting "fundamental rights and freedoms of natural persons," means that the intent is somewhat more broad:
It defines principles which are believed to apply everywhere.
That's reinforced by language like "This Regulation applies to the processing of personal data by a controller not established in the Union, but in a place where Member State law applies by virtue of public international law." This extends jurisdiction as far as practical, in ways which are legally ambiguous.
"Legally ambiguous" generally means that you might be right, but the cost of finding that out will be astronomical.
Human rights laws have an inherent friction to them. On one hand, if random dictator's private business violates human rights laws, that's outside of jurisdiction, so not much can be done about it. Sovereignty is an important principal. On the other hand, it's clearly viewed as not okay, and often has some ramifications at some point. If you're applying for a contract, and have a track record of human rights violations....
GDPR is very clear -- EU citizens living outside the EU are NOT covered. US citizens living in EU are covered. That's not uncommon for laws; I don't get a ticket for breaking US traffic laws in the EU, or vice-versa. Very few laws reach across borders like that (taxes, some forms of child abuse, some forms of bribery, child support, arms trafficking, some types of military service, espionage, etc.).
However, as the other poster pointed out, from the perspective of a tech vendor, understanding the difference between:
- EU resident
- EU resident using a VPN in the US
- EU resident traveling in the US
- EU non-resident living in the US
For each request which comes in is practically intractable.
GDPR is also framed as a basic, universal human rights law. That also can have unintended tentacles. If you don't want a liability hole, it makes sense to honor GDPR for everyone, in practice (even if not under your ToS).
Practically, that's what everyone does. I've never had a GDPR request declined on the basis of residency (the last qualification being important).
I don't use any other service by Google except Gmail and Maps (anonymously), and all my message base is already backed up online at Fastmail plus locally. The day they don't accept anymore POP mail clients or do anything nasty, is the day I send all my contacts my new mail address and forget about Google. They pushed and killed a lot of services, and the way they deal with user support makes them highly unreliable for pretty much everything except tracking users and advertising.
Google unprofessionalism aside, the most reliable cloud storage in the world can't beat a solid local backup. Never ever keep your files in single copy, no matter who is the cloud storage provider; always keep a local backup, or to be more precise, the cloud storage should be one of the two backups, not the original.
I'm a complete hypocrite in saying this because I've also been too lazy to set up an alternate email so far, but doesn't it make more sense to do it before that day?
Yes, being prepared is a lot better since apparently Google has a thing for terminating accounts and services without notice. It shouldn't happen with Gmail because so many people depend on it for other services, also for confirmation of email change with the bank for example, which would be impossible if the account has already been terminated, but I'd be on the safe side anyway. That's the reason I set up my Fastmail account so that it mirrors my Gmail one: every single mail I receive on Gmail is mirrored on Fastmail, so if something happens I can send a notice of the new address to my contacts, show Google the middle finger and move on without losing anything. The only annoyance is that until I keep the two accounts active, I'll receive two copies of the same message on my client (Claws Mail) but all it needs is firing up the function to delete duplicate messages every now and then.
Mirroring external mailboxes such as Gmail from Fastmail can be activated when creating a new account; so far it works really well.
Person in question doesn't actually know that they were banned for uploading Python code.
While the lack of due process absolutely does suck and I hate to defend google, but reason for this ban is speculation.
It could be something else, something much more banworthy.
This means every time I look at a new Google product, I ask: If every Google product I use shut off at once, how bad would it be to add this one to the list? So Google Pay, for example, is a total nonstarter; in a situation where most of my communication methods suddenly break, simultaneously losing access to credit cards would be literally life threatening. Similarly, I could never recommend Google Cloud Platform to an employer; losing the ability to do system-administration work at the same time as losing access to gmail would just be too much to manage.