> as they set a ticking clock of 72 hours from the breach to notifying individuals who are in the breach
It doesn't, that 72 hours is for notifying the DPA (Article 33). There is no strict timeline for data subject notification (Article 34), just that it must be done "without undue delay".
And the time limits start running when controller becomes aware of the breach (be it minutes or years after the actual breach). If processor is breached the time limits only start running once they notify the controller. Time limit to notify controller is "without undue delay" (33(2)). I don't think there is a lot of case law around what that exactly means.
> We will anonymize all data before it's used for training
Anonymize by what definition? GDPR? Do note that this very high bar.
> All other users on our US cloud instance are opted in by default
Including end users in the EU? You should remember that you are obtained the personal data directly from data subject meaning Article 13 obligations apply. Article 13 omissions cannot be cured retroactively. Can you show all of your customers have provided sufficient Article 13 notice to cover this processing?
And do note that you are almost definitely within the scope of 3(2)(b).
To be clear they commonly use snus which is tobacco product, not just nicotine pouch. It shares many of the health issues associated with smoking tobacco and also has it's own ones (e.g. related to gum health).
Looks like my information is a bit outdated. Some published research do state that snus cause increased risk of certain cancers (e.g. esophageal, pancreatic, stomach cancer, colorectal, oral and pharyngeal cancer), but some newer research suggest that this inconclusive.
The other primary risks are things which tie more to nicotine in general (like stroke & various effects on pregnancy including increased risk of stillbirth).
Law enforcement refers to EU member states law enforcement and processing by them in their context. But even in the EU controller needs legal basis to disclose personal data to law enforcement inside the EU. Normally that is handled by local law, but it's not carte blanche, that law still needs to take e.g. rights granted by EU Charter in account.
Search by border officers may very well be GDPR breach for that controller if there was data of EU data subjects, but I don't think there is currently any case law around it.
IANAL. My understanding is that you can do consular processing even if you are in the US, it's just that you need to leave to do the interview (and things like biometrics) and get the actual visa.
Now I'm not sure if you are allowed to re-enter after your interview before your case is decided/you get the visa but I would imagine so (if have valid visa), you would just need to exit again to get the visa later.
I believe the issue with what you're describing is that if you're on a temporary visa, like a student visa, applying for a green card shows intent of immigration so you cannot return to the US on a student visa.
If you have an H-1B already you may be able to do what you're describing. If you're a recent grad in the US this basically locks you out of trying to get a green card until you've already secured an H-1B.
If that’s true, things may be slightly better, but I’m also reading this move will take away substantial funding from uscis since it is funded purely based on fees collected with immigration applications. Processing times are already pretty large in a lot of countries. So even with the flexibility, you carry a substantial risk.
Intent (are you planning to switch immigrant visa later) and status (immigrant/non-immigrant) are two different things. Visas like B1 are non-immigrant and require that you are not intending to abandon your foreign residence. In practice that means that when you enter US you cannot be planning to apply for immigrant visa. H1B is also non-immigrant visa, but it is dual intent visa meaning it doesn't have that requirement and thus it's fine to enter even if you intent to apply for GC. You can even exit and re-enter after submitting your application.
> In practice that means that when you enter US you cannot be planning to apply for immigrant visa.
You are correct about this.
> H1B is also non-immigrant visa, but it is dual intent visa meaning it doesn't have that requirement
You're incorrect about this. The concept of "dual intent" doesn't exist in the Immigration and Naturalization Act. It was created by executive fiat. H1Bs, like other non-immigrant visas, still requires non-immigrant intent. It's different only that it has two carve-outs:
Subsection (b) excludes H1Bs from the "presumption" of immigrant intent that applies to other categories of aliens. Subsection (h) provides that applying for permanent residency "shall not constitute evidence of an intention to abandon a foreign residence" for H1Bs.
So H1Bs must still have non-immigrant intent. It's just that they are carved out of certain presumptions that would automatically establish immigrant intent, which would lead to denial of their visa. It gives the executive flexibility to essentially look the other way when an H1B applies for a green card. But it doesn't confer any legal rights* onto the H1B. The administration can at any time decide that you actually have immigrant intent and yank your visa.
My understanding is no one actually pays Dell sticker price. They list that price on the website but if you talk to whatever they are calling their sales reps you get the real price.
I know, I'm just not sure how high discount you are going to get in this kind of system. My understanding is that the discounts normally tend to be something like 30-40% so it would still be within same magnitude (10M+).
One good option could be to make the distributor (like Steam or Play Store) liable as well. They would then have an interest on making sure that publisher/developer holds up on their side of the deal.
For example they could require that they provided with those EOL patches/sources when game is released, require liability insurance in case of bankruptcy etc.
That's an interesting point. Steam likes to pretend they are only facilitating the transaction and the developer/publisher is the real seller when it suits them but I bet that isn't how most players experience the deal.
If this only applies to new sales then there is nothing that must be broken. The developers would need to choose technologies where license allows this. Those that don't wouldn't get new sales from game developers.
It's the same as GPL and similar licenses. If you don't want to publish your source that contains trade secrets then don't incorporate GPL licensed code.
There are also already various laws which compel certain types of speech. Consider things like nutrient labels or ingredient lists.
> The game developer might not have the legal rights to release the source.
Then the game developer/publisher should choose to use another technology or be ready to replace that piece when game reaches EOL. If no game developer can use that technology, the vendor will end up loosing a lot of sales. They can then decide if more permissive license would make sense.
It's just going to push all multiplayer games to be sold as a service. The users will get used to this because they basically already are used to it for every other piece of software.
There is basically zero chance that when given the choice between "structure billing as a service" vs "rewrite everything and open source it" that they will choose open source.
It doesn't, that 72 hours is for notifying the DPA (Article 33). There is no strict timeline for data subject notification (Article 34), just that it must be done "without undue delay".
And the time limits start running when controller becomes aware of the breach (be it minutes or years after the actual breach). If processor is breached the time limits only start running once they notify the controller. Time limit to notify controller is "without undue delay" (33(2)). I don't think there is a lot of case law around what that exactly means.
reply