Author here. Yep, that's close to my thinking. I don't actually believe that Cursor (or similar tools) are completely shit. But I worry that the Cursor team perhaps doesn't care whether their product actually delivers…
Offering a service to European consumers? Probably not a big issue. GDPR compliance can be challenging without a suitable mindset, but it's not impossible. * Consider that the GDPR has an extremely broad concept of…
I can't agree, but maybe this is semantics :) For something to be personal data, it must be information that relates to an identifiable natural person. There are two criteria here: (1) it must relate to a natural…
Identifiability for IP addresses uses an even lower standard. The GDPR says that for something to be truly anonymous, there must not be any “reasonably likely” means for identification, even with the help of third…
> Do you, as the website operator, have the right to copy and serve these fonts to your visitors? All the fonts on Google Fonts are open source. When GDPR came into force in 2018 I downloaded all the fonts I needed,…
The court judgement addresses this exact point. There are previous judgements (Breyer v Bundesrepublik Deutschland) that establish that dynamic IP addresses are personal data. There are reasonable means to identify the…
I discussed that argument over here: https://news.ycombinator.com/item?id=30139489 Summary: A company did try the “it was the browser, not us” argument in the “Fashion ID” case. The court did not fall for it. Data…
> The fact is that CDNs and similar third party services play an important role. They no longer do, since browsers implemented cache isolation. > if I "host" my fonts in S3 do I have to get consent for sharing IP with…
This argument was tried in the Fashion ID case. A company had inserted Facebook Like buttons on the web page, and argued that it was not responsible for the ensuing disclosure of personal data (such as IP addresses or…
Careful. That is an 100% unofficial site. It is not chartered or funded by the EU. The linked article is from “Richie Koch”an editor working on human rights stories who wrote the article on behalf of Proton VPN, which…
JSON lets you write numbers. They can have a sign, decimal part, and an exponent. The standard euphemistically describes this as: > JSON is agnostic about the semantics of numbers. […] JSON instead offers only the…
If a study is observing how human reacts to a certain situation, that's research with human subjects. The Linux study observed how maintainers react to bugs, this CCPA/GDPR request spam observed how data protection…
There is like 15 years of official guidance and case law on ePrivacy, with relevant guidance from the Art 29 Working Party (precursor to the current EDPB) published around 2014. But I don't think regulators are in a…
TTDSG is finally a correct implementation of the 2005 ePrivacy directive. § 25 TTDSG literally just rephrases the exact ePrivacy requirements. The pendant to the above quote is § 25 Abs 2 Nr 1: > Die Einwilligung nach…
It's a legal term the EU came up with to cover things like websites and apps in a technology-agnostic manner.
You're quoting something about “5G Ultra Wideband”, which seems to be a brand name for mmWave. Yes, mmWave has very short range. But 5G isn't just mmWave. It's in many ways an evolution of LTE/4G, supporting the same…
Transport encryption is table stakes. It's really no longer something that can be mentioned as if it were something special. When I browse to a random website I don't think “wow HTTPS, so secure”. The channel client <->…
Would separate SSD metadata devices help if the pool, as in Heap.io's case, already consists entirely of SSDs? It's obviously a win for a use case like Rsync.net's where the data is less “hot”and therefore uses much…
The site does explain its methodology. By default, it shows the costs when using the cheapest post-paid plan with at least 500MB allowance for at least 30 days – cheapest in absolute terms, not per GB. You can toggle…
Probably a call-back to this post that made the rounds on HN a few months ago: https://www.brandons.me/blog/write-code-not-too-much-mostly-...
Every EU company has been having these compliance problems since the Privacy Shield invalidation in last year's Schrems II judgement. It is only Facebook that had the lawyers (and the gall) to sue the Irish DPC to…
It is primarily the authors view. The proposed regulation – like many EU regulations – can also apply to non-EU entities. In this sense, the EU does try to exert extraterritorial jurisdiction. However, this is…
The text in question does define more closely what it means to offer services in the EU. To lawyers (and to anyone who has experience with GDPR compliance) this is not a particularly vague statement. Admittedly, there's…
When using a legitimate interest (opt-out) as a legal basis, the interest must be both legitimate AND outweigh the data subject's rights and freedoms. This requires a balancing test between the various factors to be…
They were not asking for consent in the meaning used by the GDPR. They are merely "asking" you to agree to updated terms, i.e. their contract with you. GDPR allows processing of data under various legal bases. They use…
Author here. Yep, that's close to my thinking. I don't actually believe that Cursor (or similar tools) are completely shit. But I worry that the Cursor team perhaps doesn't care whether their product actually delivers…
Offering a service to European consumers? Probably not a big issue. GDPR compliance can be challenging without a suitable mindset, but it's not impossible. * Consider that the GDPR has an extremely broad concept of…
I can't agree, but maybe this is semantics :) For something to be personal data, it must be information that relates to an identifiable natural person. There are two criteria here: (1) it must relate to a natural…
Identifiability for IP addresses uses an even lower standard. The GDPR says that for something to be truly anonymous, there must not be any “reasonably likely” means for identification, even with the help of third…
> Do you, as the website operator, have the right to copy and serve these fonts to your visitors? All the fonts on Google Fonts are open source. When GDPR came into force in 2018 I downloaded all the fonts I needed,…
The court judgement addresses this exact point. There are previous judgements (Breyer v Bundesrepublik Deutschland) that establish that dynamic IP addresses are personal data. There are reasonable means to identify the…
I discussed that argument over here: https://news.ycombinator.com/item?id=30139489 Summary: A company did try the “it was the browser, not us” argument in the “Fashion ID” case. The court did not fall for it. Data…
> The fact is that CDNs and similar third party services play an important role. They no longer do, since browsers implemented cache isolation. > if I "host" my fonts in S3 do I have to get consent for sharing IP with…
This argument was tried in the Fashion ID case. A company had inserted Facebook Like buttons on the web page, and argued that it was not responsible for the ensuing disclosure of personal data (such as IP addresses or…
Careful. That is an 100% unofficial site. It is not chartered or funded by the EU. The linked article is from “Richie Koch”an editor working on human rights stories who wrote the article on behalf of Proton VPN, which…
JSON lets you write numbers. They can have a sign, decimal part, and an exponent. The standard euphemistically describes this as: > JSON is agnostic about the semantics of numbers. […] JSON instead offers only the…
If a study is observing how human reacts to a certain situation, that's research with human subjects. The Linux study observed how maintainers react to bugs, this CCPA/GDPR request spam observed how data protection…
There is like 15 years of official guidance and case law on ePrivacy, with relevant guidance from the Art 29 Working Party (precursor to the current EDPB) published around 2014. But I don't think regulators are in a…
TTDSG is finally a correct implementation of the 2005 ePrivacy directive. § 25 TTDSG literally just rephrases the exact ePrivacy requirements. The pendant to the above quote is § 25 Abs 2 Nr 1: > Die Einwilligung nach…
It's a legal term the EU came up with to cover things like websites and apps in a technology-agnostic manner.
You're quoting something about “5G Ultra Wideband”, which seems to be a brand name for mmWave. Yes, mmWave has very short range. But 5G isn't just mmWave. It's in many ways an evolution of LTE/4G, supporting the same…
Transport encryption is table stakes. It's really no longer something that can be mentioned as if it were something special. When I browse to a random website I don't think “wow HTTPS, so secure”. The channel client <->…
Would separate SSD metadata devices help if the pool, as in Heap.io's case, already consists entirely of SSDs? It's obviously a win for a use case like Rsync.net's where the data is less “hot”and therefore uses much…
The site does explain its methodology. By default, it shows the costs when using the cheapest post-paid plan with at least 500MB allowance for at least 30 days – cheapest in absolute terms, not per GB. You can toggle…
Probably a call-back to this post that made the rounds on HN a few months ago: https://www.brandons.me/blog/write-code-not-too-much-mostly-...
Every EU company has been having these compliance problems since the Privacy Shield invalidation in last year's Schrems II judgement. It is only Facebook that had the lawyers (and the gall) to sue the Irish DPC to…
It is primarily the authors view. The proposed regulation – like many EU regulations – can also apply to non-EU entities. In this sense, the EU does try to exert extraterritorial jurisdiction. However, this is…
The text in question does define more closely what it means to offer services in the EU. To lawyers (and to anyone who has experience with GDPR compliance) this is not a particularly vague statement. Admittedly, there's…
When using a legitimate interest (opt-out) as a legal basis, the interest must be both legitimate AND outweigh the data subject's rights and freedoms. This requires a balancing test between the various factors to be…
They were not asking for consent in the meaning used by the GDPR. They are merely "asking" you to agree to updated terms, i.e. their contract with you. GDPR allows processing of data under various legal bases. They use…