Interesting. Well, I guess that means I can’t visit Austria and drive. The dashcam is one of my coping mechanisms for OCD. I do get their concerns, though.
I suspect they’re going to roll that back if insurance fraud increases.
One of the manifestations of my OCD is that if I hit a bump on the road, something as simple as a manhole cover that’s a few millimeters different in height or less, or if I spy someone emerging into my rear view mirror that I didn’t expect, or if someone is hiding behind a pole and I suddenly see them in my peripheral after passing them, my immediate and inconsolable thought is that I’ve hit them.
To deal with it, I’ll do a lap around that spot to make sure I didn’t hit them. That lap can result in other bumps that I then have to make sure I didn’t hit anyone during.
This can repeat for a very, very long time.
To deal with it, I have a front and rear dashcam that I can go review the footage after I park.
Of course I haven’t hit anyone, but the fear and stress that I might have is debilitating and can be for an hour.
The dashcam allows me to review footage later; or, more often, calm myself long enough to think rationally and recognize what has happened as a moment of OCD and move on.
This appears anxiety related, with indeed the dashcam helping to cope with this specific occurrence. I don't know which other issues you have regarding anxiety, but you might want to look into a more global solution. If its only with regards to dashcams, then (depending on your demographics) avoiding driving in Austria is likely a better solution.
Full disclosure: My previous diagnosis was GAD. Now I have an autism diagnosis. I use medication to feel less agitated and nervous. These work, for me, though also force me to zoom in less. YMMV.
I'm diagnosed with OCD and have many of the symptoms for it. It tends to stay relatively low-grade and not life impacting, so long as I do the thing I said here. When it gets out of hand, I need to remember to follow through more with what this book told me to do: https://www.amazon.com/Brain-Lock-Twentieth-Anniversary-Obse...
That's the one my therapist had recommended.
I try to avoid medication, but that's a personal preference. I do hope you the best on your journey!
edit: removed a word that made my sentence mean what I didn't mean for it to mean.
Hey, though my comment was meant to be genuine I can, on reflection, understand that my comment got you angry. It did not occur to me that OCD could be a separate diagnosis even though I knew it is a specific ICD. Thanks for the book tip, I've added it to my list (I'm interested in related symptoms to [my] autism and some other PDs.)
The laws for this was recently refined in Denmark, you are allowed to run a buffer (so that you can record x minutes up to an accident) but you are not allowed to save it permanently without hitting a button.
Do self driving cars actually record things? As in, store the video? It seems to me they can just process the incoming videostream without storing it, right?
Or even just regular cameras. If I take a picture of something unrelated, and the background happens to contain a license plate on a car, or the face of a person walking by, am I at risk for recording a person's identifiable information?
No. The so called "Freedom of panorama" [1] will protect you from such things. As long as the license plate is not the main aspect of the image, you should be fine.
The case here is Austria where local privacy laws disallow any use of CCTV/Dashcams unless they only film private property. Exceptions to this require a permit. This in itself independent of GDPR but the same agency is tasked with enforcing it and some of the laws overlap now.
And because a man illegally used a dashcam, he was fined 300 euros. It was a camera recording the use of a car from the driver's point of view, which is illegal. Two people were reprimanded for using surveillance cameras for their own home without permission.
GDPR fines are not supposed to be distributed to individuals, but those who believe they are affected by the non-respect of GDPR rules can sue the company.
There's a German fine for a police officer where he used the license plate of a "random acquaintance" to get their landline and mobile phone numbers and then used that to call them. This was for personal reasons and not related to his duties.
I'm willing to make a $5 bet that he was attracted to a friend of a friend, and figured he'd user her car license plate in order to get her number so that he could call her. She got freaked out and reported it. I wonder how to find out more specific details on this case...
It was only a 1400 Eur fine, as it was a first offense a there was only one affected person.
But misuse of the available databases for fun and personal gain seems to be quite rampant in the police force, for example they looked up the personal data of a pop star during the night of a concert 83 times recently [1].
Will be interesting to see whether some guards will be put in place (and more officers fined) to combat this behavior.
This is a standard practice by police forces everywhere. I'd be surprised if there was a single police force in the world with strong audit controls on the usage of their DBs.
I saw that, don't see how that is related to GDPR? Police officers haven't been allowed to do that before GDPR (I remember a policemen friend being asked by another guy 10 years ago in Germany to help identify someone based on their license plate, he declined for legal reasons).
I'm interested to see who the first US-headquartered company will be. My understanding is that US companies aren't immune when dealing with EU customers, but it might be more difficult for EU governments to enforce the fine. Google France doesn't count.
Marriott International, Inc is incorporated in Bethesda, Maryland. I believe Country in the table just refers to the EU member country that brought the action (someone correct me if I'm mistaken).
Yeah, it looks like you're right. I thought the fine was for Google's French offices, but it was actually filed against the one-and-only Google. I'm not even sure there's a French office or data center.
Some American web sites simply stop EU citizens from accessing their pages from Europe (nevermind that not all European countries are EU countries) "for legal reasons regarding GDPR." So just because an EU citizen can access a web page that is hosted in the USA (or other place in the world), then EU law applies, apparently. I think that is dumb. When you visit the USA, American laws apply. Should be the same for web pages. Just my opinion. Yes, I might be a little salty for not getting to see that American web page because of GDPR legalities lol! Also, it would seem, that simply having a web page in the EU is now a liability. Well, that's one way to define progress I guess... Look, I get that there are some good things about the GDPR, and that computer privacy is important, but this is just getting too excessively authoritarian for me. I guess my biggest gripe with it, is that I never voted for it. Literally. I'm Norwegian. So it was just shoved into my face, and I had no say about it. In fact my country voted against the EU, but yet here we are. Sigh. I got two choices: Accept it or accept it. And bear the consequences if you don't. Double sigh.
Applying GDPR based on the country hosting the webpage would be a massive loophole, nullifying the law completely.
I think it works well as it is. If websites wants to access the EU market they have to comply to GDPR, but they are free not too... To bounce back on your point, as EU resident myself I haven't had any issue with accessing websites that would not want to implement GDPR.
Except they're not "accessing EU markets." I'm a Norwegian, so I'm not in the EU. As such I never voted for EU laws to apply, and I feel they're being forced on me. Also, I'm the one who's technically accessing American markets, offered from the USA. So American laws should apply. Just my opinion. World leaders and companies don't care about individual freedom, so...
It's authoritarian that American web sites can't do the bare minimum to comply with privacy laws in the EU? I worked on some GDPR integration, on a publishing site no less (considering most of the time I noticed publishing sites being unable to be visited when I was overseas), and it took us all of one sprint to do so correctly. It's laziness not difficulty.
It's also not the EU's fault that people in the United States (I say this as an American) are ignorant enough to associate Norway with the EU when it's not a member. The effort involved to actively block people from viewing websites could have been pointed towards GDPR integration.
Edit: You know the real reason some American sites aren't complying? Because they looked at their European analytics and decided that it wasn't worth their effort.
If they’re not able to pay hundreds of euros per year to access the european market, they’re not likely making much money off the euro market... so what’s the problem?
Article 27 doesn't apply if the processing satisfies all of these requirements:
• it's only occasional,
• it does not include, on a large scale, processing of special categories of data as referred to in Article 9(1) or processing of personal data relating to criminal convictions and offences referred to in Article 10, and
• it is unlikely to result in a risk to the rights and freedoms of natural persons.
Most businesses don't have to worry about the second of those.
How about a risk to the rights and freedoms of natural persons? Recital 75 talks about that:
> The risk to the rights and freedoms of natural persons, of varying likelihood and severity, may result from personal data processing which could lead to physical, material or non-material damage, in particular: where the processing may give rise to discrimination, identity theft or fraud, financial loss, damage to the reputation, loss of confidentiality of personal data protected by professional secrecy, unauthorised reversal of pseudonymisation, or any other significant economic or social disadvantage; where data subjects might be deprived of their rights and freedoms or prevented from exercising control over their personal data; where personal data are processed which reveal racial or ethnic origin, political opinions, religion or philosophical beliefs, trade union membership, and the processing of genetic data, data concerning health or data concerning sex life or criminal convictions and offences or related security measures; where personal aspects are evaluated, in particular analysing or predicting aspects concerning performance at work, economic situation, health, personal preferences or interests, reliability or behaviour, location or movements, in order to create or use personal profiles; where personal data of vulnerable natural persons, in particular of children, are processed; or where processing involves a large amount of personal data and affects a large number of data subjects.
That's pretty broad. Note that the overall structure is an "or" of six clauses, and most of those clauses are "or"s of several different kinds of data. Unless this is interpreted very narrowly, most businesses that sell to Europeans online, even if only occasionally, will fall under it, and so Article 27 will apply to them.
Dunno.
I am bootstrapping as single founder and the investment was basically
- 2 days to change the app code so only data necessary for the actual use case of the app is processed and stored
- 1 day to formulate a GDPR privacy policy in my own words (what data is captured, how is it used, how is it stored, etc)
Unless your business is somehow is fundamentally at odds with GDPR (flashlight app to grab IDFAs and sell those) it doesn't really seem terrible. Especially so as it is in my own interest even without GDPR to minimize my risk surface in case I get hacked and user data is leaked.
Companies offering services(including websites) in the EU have to follow laws in the EU. Just like you can't open a shop in New York based on Norwegian law. It makes perfect sense to me. And if a website can't work without spying on me then I'm glad they're avoiding it by themselves.
Well of course! The site is already in the USA. And as such, when I try to access it, I would expect American laws to apply. The problem here, is that the EU tries to regulate foreign web sites, hosted outside the EU -- even if they're not "marketing to the EU" -- for which my country isn't even a member! Of course, the company is in their full right to stop me from viewing their site, in fear of reprecussion from the EU and their draconian fines (though I think it's overly cautios to also stop non-EU-citizens from accessing the contents). That's bessides the point. The point is that it shouldn't be necessary to define opening a web site anywhere in the world as "marketing to EU citizens" (which I'm de jure not, though clearly de facto), when it's clearly hosted in another country. It's exactly like you mentioned; to employ Norwegian laws on a New York shop, which is of course ludicrous. But that's obviously the world we live in now, where innocent bystanders are robbed of their freedom for simply being associated with the wrong entity, for my own protection, I guess, even though I neither asked nor voted for it...
Is making a web site, hosted in the USA, "marketing to the EU"? I don't think so. I think it's akin to opening a shop in New York. If you choose to go there, out of your own free will, then American laws should apply, not third party laws to a kafkaesque organization I neither voted for, nor want to partake in.
> In fact my country voted against the EU, but yet here we are
And here you are, not in the EU.
Or did you mean Norway should have pursued a "winner takes all" course hinging on a tiny margin, disenfranchised about half the population, and probably caused internal political and economic turmoil for years to come?
If so, I have great news for you. There's an EU country who's about to do exactly that.
What's even better, you can up sticks and move there right now, thanks to the EU (even though you're not in the EU), to witness the glory of the aftermath of such a historic decision.
I'm already not in the EU, thank you! :) Quite happy with that, weren't it for being treated like I am by American companies making catch-all filters in fear of the oh so scary EU fines.
68 comments
[ 4.7 ms ] story [ 133 ms ] threadI think nowadays dash cams might be allowed if they don't store the video unless an accident has occurred, but someone from Austria has to confirm.
I suspect they’re going to roll that back if insurance fraud increases.
I don't understand. Care to explain?
To deal with it, I’ll do a lap around that spot to make sure I didn’t hit them. That lap can result in other bumps that I then have to make sure I didn’t hit anyone during.
This can repeat for a very, very long time.
To deal with it, I have a front and rear dashcam that I can go review the footage after I park.
Of course I haven’t hit anyone, but the fear and stress that I might have is debilitating and can be for an hour.
The dashcam allows me to review footage later; or, more often, calm myself long enough to think rationally and recognize what has happened as a moment of OCD and move on.
Full disclosure: My previous diagnosis was GAD. Now I have an autism diagnosis. I use medication to feel less agitated and nervous. These work, for me, though also force me to zoom in less. YMMV.
That's the one my therapist had recommended.
I try to avoid medication, but that's a personal preference. I do hope you the best on your journey!
edit: removed a word that made my sentence mean what I didn't mean for it to mean.
[1] https://en.wikipedia.org/wiki/Freedom_of_panorama
or do funds gets distributed to the affected individuals?
The fine is not for the damages.
I'm willing to make a $5 bet that he was attracted to a friend of a friend, and figured he'd user her car license plate in order to get her number so that he could call her. She got freaked out and reported it. I wonder how to find out more specific details on this case...
But misuse of the available databases for fun and personal gain seems to be quite rampant in the police force, for example they looked up the personal data of a pop star during the night of a concert 83 times recently [1].
Will be interesting to see whether some guards will be put in place (and more officers fined) to combat this behavior.
[1] https://www.baden-wuerttemberg.datenschutz.de/lfdi-baden-wue...
It was either an internal disciplinary action or a criminal case.
I want to see the first company fined without an EU presence. Eg, some random US website operator.
It's also not the EU's fault that people in the United States (I say this as an American) are ignorant enough to associate Norway with the EU when it's not a member. The effort involved to actively block people from viewing websites could have been pointed towards GDPR integration.
Edit: You know the real reason some American sites aren't complying? Because they looked at their European analytics and decided that it wasn't worth their effort.
If you're regularly processing personal data of EU citizens on a large scale then you damn better be doing so securely and in compliance with EU law.
• it's only occasional,
• it does not include, on a large scale, processing of special categories of data as referred to in Article 9(1) or processing of personal data relating to criminal convictions and offences referred to in Article 10, and
• it is unlikely to result in a risk to the rights and freedoms of natural persons.
Most businesses don't have to worry about the second of those.
How about a risk to the rights and freedoms of natural persons? Recital 75 talks about that:
> The risk to the rights and freedoms of natural persons, of varying likelihood and severity, may result from personal data processing which could lead to physical, material or non-material damage, in particular: where the processing may give rise to discrimination, identity theft or fraud, financial loss, damage to the reputation, loss of confidentiality of personal data protected by professional secrecy, unauthorised reversal of pseudonymisation, or any other significant economic or social disadvantage; where data subjects might be deprived of their rights and freedoms or prevented from exercising control over their personal data; where personal data are processed which reveal racial or ethnic origin, political opinions, religion or philosophical beliefs, trade union membership, and the processing of genetic data, data concerning health or data concerning sex life or criminal convictions and offences or related security measures; where personal aspects are evaluated, in particular analysing or predicting aspects concerning performance at work, economic situation, health, personal preferences or interests, reliability or behaviour, location or movements, in order to create or use personal profiles; where personal data of vulnerable natural persons, in particular of children, are processed; or where processing involves a large amount of personal data and affects a large number of data subjects.
That's pretty broad. Note that the overall structure is an "or" of six clauses, and most of those clauses are "or"s of several different kinds of data. Unless this is interpreted very narrowly, most businesses that sell to Europeans online, even if only occasionally, will fall under it, and so Article 27 will apply to them.
- 2 days to change the app code so only data necessary for the actual use case of the app is processed and stored - 1 day to formulate a GDPR privacy policy in my own words (what data is captured, how is it used, how is it stored, etc)
Unless your business is somehow is fundamentally at odds with GDPR (flashlight app to grab IDFAs and sell those) it doesn't really seem terrible. Especially so as it is in my own interest even without GDPR to minimize my risk surface in case I get hacked and user data is leaked.
It would be dumb if that was what the law says, but it doesn't say that at all.
It says a company needs to be compliant if they operate from the EU or they market to the EU.
And here you are, not in the EU.
Or did you mean Norway should have pursued a "winner takes all" course hinging on a tiny margin, disenfranchised about half the population, and probably caused internal political and economic turmoil for years to come?
If so, I have great news for you. There's an EU country who's about to do exactly that.
What's even better, you can up sticks and move there right now, thanks to the EU (even though you're not in the EU), to witness the glory of the aftermath of such a historic decision.
You might want to hurry though.
Trust us! say the deciders.