Email a copy of 'Does your grid need to prepare for GDPR?' to a friend
Loading ... Loading ...2018-01-10
Loading ...7 Comments
Comments are closed.
Loading ...
Hypergrid Business
Covering virtual reality, immersive worlds, and other emerging technologies
This website uses cookies to improve your experience and to help us and our advertisers understand our audience so that we can grow the OpenSim ecosystem. More specifically, we use Google Analytics to see general information such as what countries people are coming from. We do not see any information at all about individual users. We also have Google AdSense set up. Here, Google might collect information about users in order to customize ads. You can change what information Google collects. Either way, here at Hypergrid Business, we don't see any of it. We also have Disqus set up for our comments system. Disqus only shows us information that you voluntarily share, We do not have any marketing email lists and we used to have a newsletter, a few years ago, but that has since been shut down and all information deleted. Accept Reject Read More
Privacy & Cookies Policy
Privacy Overview
This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
Well, I’m actually more interested in seeing how Linden Lab will handle this, rather than the small OpenSim grids. At times this has been a major contention issue with the Lab where Europeans left in droves when the adult debacle started in 2009.
From the FAQ I particularly like
“The conditions for consent have been strengthened, as companies will no longer be able to utilise long illegible terms and conditions full of legalese, as the request for consent must be given in an intelligible and easily accessible form, with the purpose for data processing attached to that consent – meaning it must be unambiguous.”
– I can sense a lot of hand-wringing in the LL legal department!
Indeed and looking at LL’s ToS they already take the most liberties with users content.
Interesting. Still after a decade I feel ok with SL and uneasy with the here we are oops we are not OS grids. Then all my stuff is portable.
Well to be fair and to make the distinction, I don’t think data portability here means “content”, as in Opensim content that you have purchased from grids, or in SL. Same with content such as movies or music that are protected by DRM you have purchased from a entertainment provider. Data portability will be in relation to your personal information.
So organisations must provide your data upon request so you can provide that to an alternative provider for example.
Sorry but don’t think you will be getting your inventories free from LL any time soon 😛
I also want to point out that I did ask David to make clear in the
article – which so far he hasn’t – that I am in no way an expert on
GDPR, nor am I a lawyer and so grids and other interested parties need to
do their own due diligence to see how GDPR affects them and what steps they need to take.
This is just another money hungry regulation by government hacks in order to control more and more …Regulation is bad in any type, kind. I do not care where it is from. This is ridiculous, More and more these socialist countries are trying to put a hold in what we call progress. I find disgusting and revolting. That is my opinion.
The worry here is the phrase “The firs step is to get real consent.” This is a dangerous assumption and in many cases is simply incorrect. In a surprising number of cases you do not need consent, and in fact should not request it. This sounds odd so let me explain. The key lies in Article 6 of the GRPR: “Processing shall be lawful only if and to the extent that at least one of the following applies: ” – ONE of the basis for processing is that of consent. It is ONE option for a legal basis for processing. However in my view it should only be used when no other basis can be used. Why do I say this? Consent can be withdrawn. It also has to be optional. The kicker to this is that it has to be without penalties. You cannot say for example: “Do you consent to us processing your data?” if you are unable to offer them your service without that consent. Again if someone withdraws that request – can you still fulful your contract with them? Withdrawing consent to processing their data can not lead to you saying “you cannot be a customer then”. Those actions would case the consent to be considered “Freely given” as it is a form of coercion. Because of this consent should only be used as a basis for processing if no other basis for processing can be used. In many cases, where there are no other bases for processing, you simply do not need to process that data – you just want to.
The alternative is to use one of the other basis for processing and in many cases this would be (b) “processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract; “. If processing the data is required to fulfil your contract – then you do not need to ask consent. The data subject can then Object (Article 21) to the processing – but providing your processing has a legal bases that you can present and defend – their objection doesn’t put you in breach. In many cases contractual obligations with the Data Subject are sufficient for processing essential data (required to do what they ask of you) and consent is just not needed removing the dangers of them withdrawing consent.
If someone withdraws consent then you have to stop processing their data – but you cannot terminate your contract with them based on that. If you do not stop processing their data you are in breach of the GDPR, if you turn round and say “We need to process this to filfil your contract” you are in breach of the GDPR because the consent was not “freely given”. If you turn around and say “well we cant fulfil our contract with you without that data” then you are in breach of the GDPR because that consent was not “freely given”. It is not “freely given” because contractual obligations were conditional on the consent – therefore you really had no choice.
TLDR; Never rely on consent for a legal basis to process data under GDPR unless you have to because no other legal basis is applicable. Main uses for consent should be for things like advertising.
Note: I am not a lawyer but I am responsible for the management of an education system in the UK at a large college and have had to look into this a lot lately.