Depends on what "have a dedicated officer" entails?
If it requires employing someone you wouldn't be otherwise, then, yes, I do think it is unreasonable to require that I hire someone if I am letting people give me an email address for the purpose of sending them an email in the event that <x> (assuming that I am verifying at the time they give me the email address that they have control of the email address in question), no matter how many people request to be added to the list of people to send an email in the event that <x> .
It means designating a person that understands GDPR in the scope it applies to the particular data set and handles requests/security incidents. It can be secretary after a few hours of training.
And I think that if you manage a mailing list of million of people then having someone who understand security implications of it and how much they can lose (even to a simple phishing at this scale) if you get that list accessed by scammers is necessary.
Secretary? I’m not really talking about an organization, I’m talking about an individual.
A few hours of training is reasonable enough, I suppose?
Seems like it might be simpler to just have whoever is responsible be liable for any problems that could arise from not keeping the list secure? I guess maybe an issue issue with that is that it would be hard to track down all the harms that actually occurred as a result of letting the list fall into the wrong hands, and also hard to even get a good estimate.
Let's say you built your massive software business that relies on immutable records exchanged between services. Maybe your process involves cold storing some of the data. You have hundreds of microservices and thousands of lambdas, each one with a dedicated purpose. Your address microservice stores PII. Your session service knows about email. Your employee service has first and last names.
Now you have to coordinate ALL of it to support right to forget and data export.
You need an expert in each system to drop what they're doing for one to two quarters to figure out how not to break everything and support this new use case.
You need to synchronize the plan of action throughout all of the various orgs. Some party receives GDPR requests, and that now needs to trickle down to every service to handle and report back.
This is hugely expensive.
Millions of dollars.
You vastly underestimate the toll on existing legacy businesses.
If you rely on immutable data records for sensitive information such as PII, and you don't have the full view on where the data is stored and how to delete it, the law IS SUPPOSED TO make you realize that it was a bad mistake. It was a mistake when you started, now you just have to pay for it to get fixed.
You can't return it "no questions asked", but if the product doesn't work you can request them to make it work or refund if they're unable to.
If they don't want there is small claims court which is cheap and simple. I have used it in cases where some manufacturers would void warranty due to "water damage" after the product stopped working. In the end they paid: cost of purchase, cost to file, cost of my legal consultation, cost of expertise showing that there was no sign of water damage. Country - Poland.
They're preventing citizens from publishing that info, not looking around and measuring from what I found.
Imagine a country that prevents its citizens from recording a song they hear and sharing it with their friends. Oh, wait, US more or less does that and forces other countries to implement policies that prevent it or they will ban trade with those countries.
Well said. The level of blind jingoism on HN is chilling.
Not to mention that the US government gets any data it wants from banks, telcos, social media, google, etc., which is called metadata surveillance here in the US but it is used to formulate a variety of social "scores" such as one's likelihood to commit "terrorism", etc.
The US GPS system had the signals obfuscated for years so that precise geo coordinates were only available for non-civilian uses. Why bother altering the maps if you can alter the GPS signals. This was rolled back only because hacks were found to work around it.
Most of the things we care about on a map are man made too. Roads, tracks, bridges, shops, street addresses. I rarely care about where a mountaintop or a river are. I care for the track to get there or the bridge to cross to the other bank or the road to a restaurant.
C translates directly to ASM in many cases. It just makes managing offsets and other stuff easier.
C++ adds type-safety on top of that for no cost. It's great when your compiler tells you that there is no operator =|(PORTD, PINA). Did you mean |=(PORTD,PIND) or =|(PORTA,PINA).
But usually much worse ASM than what a human would write on such CPUs, because the C compiler is still restricted by artificial high-level concepts like calling conventions, and it needs to wrestle with instruction sets that are not very compiler-friendly and tiny non-orthogonal register sets. C++ just adds a whole level of code obfuscation on top, so it's harder to tweak what code the compiler actually generates.
If you really want that in C, you can either use functions and wrap everything in (incompatible but internally identical) structs, or use Sparse and annotate those integer types to be incompatible. Not that you must prefer that to C++ (even if I do), just to note that you can make do with C if you want to.
If it works like presented on those mockups it is useless.
And since we only see mockups I'm sure it doesn't work at all and is a scam.
I've tried to make a DIY hud for bicycle riding and it failed on two steps:
- you need enough brightness for it to be visible in full daylight, so the image was be tinny or the blue oled I've tried to use weren't bright enough
- my prototype worked well with a straight piece of glass and a plastic sheet Fresnel lens, but it wasn't good for actual use. For actual use you need to project out-of-focus image on a curved surface of bike glasses. I have no idea how to make it small, precise enough and cheap enough.
There are also miniature DLP projectors from TI, that I think would work but they were pretty expensive for a hobbyist to use.
Adding to sibling (with reference to the difficulty of producing good AR eyesets), the Epson Moverio do work very well. For the purpose of a HUD dashboard quick info - a few big characters (as opposed to, say, pages dense of text) - visibility against environmental light should almost always be given even without darkening "sunglasses" shades (you use the sequence "eyes, displays, shades" when you want to enhance the visibility of the display). So, confirmedly, in case of doubt, the technology is there already.
I don't know whether this particular product is a scam, but the Everysight Raptor is similar and it definitely works. Just because you couldn't figure it out doesn't mean it's impossible.
- ask for permission
- do not collect more than you have
- store securely
- allow users to change or remove their data
- have a dedicated officer if you collect a lot
Is that really THAT hard? (If yes, then really you shouldn't be collecting any data.)