Rendered at 05:56:15 GMT+0000 (Coordinated Universal Time) with Cloudflare Workers.
engeljohnb 8 hours ago [-]
I'm glad it all worked out for this individual. I hope more people live their lives like this as the dystopia progresses.
Unfortunately, especially in the US, exercising your rights, or even just reading every paper you're expected to put your name to, not only constantly pisses people off for some reason, but also puts you at a significant disadvantage compared to the people that never push back in the interest of not making waves, or even because "whatever it's fine."
cheese_van 4 hours ago [-]
Went to a new doctor. As part of the check-in process, I was asked to "sign" a little digital pad, so, as I was told, they could properly use my insurance. I asked to see the hard copy of what I was signing and they couldn't find one. Then, for some reason, they were unable to print one. I gave up and scribbled my sig with my finger and then was seen by a doctor. It's maddening.
socalgal2 3 hours ago [-]
I'm sure someone smarter than me has a solution. Those papers you're required to sign are generally the result of regulation. Some law got passed that say "you can't share info unless you get signed permission". The person dreaming up the law thought that would be enough to stop getting them to share info. But, even if they cared about privacy, they don't want to increase all their expenses and run their own IT department so they contract out for 3rd party billing, 3rd party document infra, etc etc. Like if they wanted to store your appointment in MS Word 365 or Google Docs, suddenly the regulation kicks in. They're not going build a document sharing platform to get their job done just so they can meet the regs. They're just going to get you to sign that they can do what they need.
As one example, I went to a doctor, he ordered an x-ray. I went over to the x-ray company then back to my doctor. He pulled up the x-ray immediately. He's only able to do that because I signed that he can share my info with the x-ray company and visa-versa.
Again, I don't have a solution. No regulation = he'd probably share my data. But regulation = he gets me to sign so he can legit provide the service, and still shared my data (Because I signed). So all the regs did is make visiting the doctor more annoying, and add $$$$ to push all the paperwork around.
ihodes 2 hours ago [-]
Regarding information sharing, not quite. Covered entities (term of art in HIPAA), which include providers (and also payers!) including both the lab and your doctor, do not need your permission to share information between them for the purposes of treatment, payment, or operations (commonly, "TPO"). A BAA between a covered entity and a vendor (like an EHR or PACS [viewer for your imaging]) also does not require any patient consent.
There are sometimes things you might not like hidden in the releases you're signing, beyond the run of the mill acceptance of financial responsibility / assignment of benefits, notice of privacy policy acknowledgment, consent to treat.
jonhohle 35 minutes ago [-]
Many people now have devices with secure storage with them at all times. Maybe it’s time we owned our data and decided who gets it and when.
Obviously this doesn’t work in all situations and for all people, but it’s a start.
ghssds 2 hours ago [-]
> They're not going build a document sharing platform to get their job done just so they can meet the regs.
What is so hard in respecting the spirit of the law?
throw1234567891 2 hours ago [-]
There are many dollars in between.
cwmoore 2 hours ago [-]
Like with criminal fraud?
sandworm101 2 hours ago [-]
Becauae "spirit of the law" doesnt exist. It is a saying used by people when they want to do something that isnt in the law. You dont see lawyers, judges or law makers use the phrase.
dgellow 1 hours ago [-]
Yes they obviously do use it?
cwmoore 15 minutes ago [-]
I agree but please, provide citations instead of a question mark, to make what you believe is obvious actually in fact obvious.
deepsun 8 hours ago [-]
Once I rented an apartment in US, and the documents said that they can make videos, pictures and audio recordings of me and my family, and use it for their own purposes including commercial. I objected, but their position was that no one is going to involve legal department for me, and I am free to go away.
engeljohnb 3 hours ago [-]
Rentals are exactly what I was talking about. Supposedly you can always go to someone else, but we all know in practice we can't just go without housing and if everyone decides you're "difficult," you're SOL.
Earlier this week a potential landlord offered me a lease saying I had already inspected the property and found no issues with it.
I asked for a chance to actually inspect before signing, and even said I would settle for a good quality video walkthrough. They told me the unit was "not available for viewing" because it wasn't finished yet, and by the time it was finished it would likely be taken.
So why did you ask me to sign a contract saying I inspected a property that it's conceptually impossible to inspect??
I asked if they could change that part of the lease. They said they were "unable" due to "demand and interest in the property."
Of course, still not as insane as your story.
kmoser 57 minutes ago [-]
> I asked if they could change that part of the lease. They said they were "unable" due to "demand and interest in the property."
Was it a paper lease? Because you could always cross out that section before signing, not to mention write in your own addendum. They would probably still balk, but you'd be within your rights to do so.
fluoridation 1 hours ago [-]
Sounds like typical high pressure salesmanship.
smcleod 8 hours ago [-]
Pretty sure that's a violation of fundamental human rights as it's your place of living. Surely that can't be legal, even in the US can it?
monkpit 8 hours ago [-]
It doesn’t mean _inside_ the apartment. It means if they decide to film a commercial and you’re walking your dog in the background, they don’t have to ask you.
bigiain 7 hours ago [-]
That sounds a lot like a rationalization desperately grasping at "surely it's not as insane as it sounds, what it _must_ mean is ... "
I would want to read and perhaps get legal advice before relying on that interpretation - and before finding I signed over rights to my landlord to make candid porn of me and all his other tenants.
computerdork 5 hours ago [-]
Am pretty sure he's right. I rent out my house, and it is very illegal for the landlord to record video inside the house (or even of the driveway). You are infringing the privacy of your tenants and is a huge no-no.
Yeah, if you accidentally recorded families walking through their homes unclothed, this could land a landlord in jail.
wtallis 4 hours ago [-]
The contract terms could very well have actually had a meaning that included filming inside the apartment. The existence of other laws overriding the contract isn't actually the same thing as the contract not having that invasive meaning.
somenameforme 2 hours ago [-]
Contracts don't and can't override laws.
nkrisc 7 hours ago [-]
If it didn’t say it, it doesn’t mean it.
6 hours ago [-]
aesh2Xa1 2 hours ago [-]
It does mean on the property and including inside facilities.
Maybe that's at the gym or by the pool, and maybe you're actually not comfortable becoming a swimsuit model.
gerdesj 6 hours ago [-]
Thank goodness you read the contract they signed and provided competent legal expertise throughout the process.
thayne 4 hours ago [-]
That is probably why it is in there, and probably how it would be used in practice. But these types of documents are almost written to be as broad and ask you to give up as many rights as possible.
smcleod 7 hours ago [-]
Oh right, that's not so bad. Isn't that just being part of modern society? It would be nice to opt to never be recorded but also, it's outside.
abawany 5 hours ago [-]
I've also read reviews of Greystar properties where the reviewers expressed shock at being forced to consent to such abuse.
bsder 8 hours ago [-]
> and I am free to go away.
This is the crux of the problem when landlords are allowed to form or join an "association" that gets too pervasive.
This was at the heart of the RealPage lawsuits.
plagiarist 6 hours ago [-]
I found some shit like that in a gym contract, which I then declined.
m0llusk 7 hours ago [-]
This is basic security. Cameras around entrances, exits, and common areas have become critical for safety and preventing mail theft.
collingreen 7 hours ago [-]
There is no version of basic security that extends to commercial use of your likeness in their marketing.
Be reasonable.
deepsun 2 hours ago [-]
If it said so in the contract I would not have any issues, something like "recordings of you are available only to authorized security personnel, can be provided to you upon request for a reasonable price covering filtering and other paperwork, and can be shared solely for security and legal purposes".
uproarchat 7 hours ago [-]
I am that person that reads every line of the contracts I sign, including ToS and PP. I appreciate that I can tell who it rubs the wrong way, because it tells me who will shake my hand without intending to honor their word. It changed the way I write these documents as well, the last ToS and PP I wrote can each be read in a single breath.
anitil 5 hours ago [-]
How do you manage the situation socially? I had a very important document with a very expensive professional booked for about 10 minutes. No way I could actually read it in that time - what would you do?
uproarchat 5 hours ago [-]
"I appreciate the opportunity to work on this with you, I need to give this the time that it deserves to make sure I can honor the commitments in the contract."
Always maintain your integrity, a big part of that is honoring your word. Integrity is the only thing you're born with in this life, and if you're lucky you take it with you on the way out. Any person worth getting into contracts with will appreciate the value in that.
ambicapter 5 hours ago [-]
Not GP, but probably ask them to send me the contract ahead of time, and explain that you need time to read it.
solid_fuel 8 hours ago [-]
> Unfortunately, especially in the US, exercising your rights, or even just reading every paper you're expected to put your name to, not only constantly pisses people off for some reason
Yup. It's particularly sad seeing other people in this very thread talking about how they would "ban this customer for life" just for knowing their rights.
I think it's pathetic that this has become the culture amongst large swathes of Americans - especially ones who consider themselves patriotic. This country was founded in rebellion and the assertion of our rights, and somehow the exact opposite is now the ideal of many citizens now.
trhway 7 hours ago [-]
>I think it's pathetic that this has become the culture amongst large swathes of Americans - especially ones who consider themselves patriotic. This country was founded in rebellion and the assertion of our rights, and somehow the exact opposite is now the ideal of many citizens now.
DHS is putting on the domestic terrorists watch list those people who took parts in the protests. Or at minimum threatens to put. And if you google a bit more you'd see that it isn't limited to ICE. Any dissent is perceived by the current government in a similar "terrorism" way. For majority of population that would completely chill any desire to assert rights.
"U.S. Immigrations and Customs Enforcement (ICE) officers and senior Trump
administration officials have repeatedly suggested that the Department of Homeland Security (DHS) is building a “domestic terrorists” database comprising information on U.S. citizens protesting ICE’s actions in recent weeks.
...
In recent weeks, DHS personnel and senior officials have repeatedly stated that the agency is engaged in efforts to monitor, catalog, and intimidate individuals engaged in peaceful protests"
somenameforme 2 hours ago [-]
The current government? Don't let partisanship blind one to how dumb things are. The Occupy Wallstreet protests were extensively surveilled and harassed [1], and it was a vastly more peaceful protest movement. Had it gained more traction there's a 100% chance Obama would've happily greenlit COINTELPRO [2] 2011. Such actions were already being effectively carried out in any case.
It’s reprehensible and I am demanding accountability from my elected politicians. The only way we’ll see someone answer for these crimes, though, is if enough Americans give a shit to get off their fucking asses and actually put people into office who will bring change.
treis 6 hours ago [-]
I don't know that signing up for a rewards club and then complaining that you're being marketed to is quite the platonic ideal of rebellion you make it out to be.
> The reply I received a few days later did me the favour of putting the violation on the record. Their position, in their own words, was that "in order to receive marketing / offers, it is a condition to be a member of the customer club." That one sentence is the whole case. They had taken a right I am entitled to exercise for free and turned it into the price of admission.
I don’t understand… it would be one thing if it said “receiving marketing/offers is a condition of being a member of the customer club” but that’s not what is being stated above… rather that being a member of the club is required to receive marketing — perhaps something has been misworded or lost in translation?
cm2012 23 minutes ago [-]
He was an Elkjøp/Elgiganten customer club member. He wanted to keep the club membership and discounts/offers, but stop the marketing emails. Elkjøp’s setup told him the only way to stop the marketing was to cancel the club membership altogether.
To me, Elkjop seems perfectly reasonable here. But EU policy disagrees.
thaumasiotes 15 minutes ago [-]
According to the article, that is not what Elkjøp told him. You're making the assumption that what the article says must make sense, which is unfounded.
ajb 7 hours ago [-]
Yeah sounds like it's backwards , and should be "in order to be a member of the customer club, it is a condition to receive marketing / offers ."
drnick1 7 hours ago [-]
Yes this is the logical sentence order, at least in English.
thaumasiotes 12 minutes ago [-]
No, the sentence order has nothing to do with it. "It is a condition to be a member of the club (in order) to receive marketing offers" and "In order to receive marketing offers, it is a condition to be a member of the club" mean the same thing. The problem is that the explicit markers of purpose ("in order to...") and requirement ("condition") appear to have been applied to the wrong things. If you rearrange them, they'll still be applied to the wrong things.
contubernio 20 minutes ago [-]
Alternative approximate translation: while I urinate on you tell me it's raining.
mixdup 7 hours ago [-]
I think the "marketing/offers" means discounts? To be eligible for the discounts or special offers, you have to be a member of the club, and if you are a member of the club you have to be willing to receive the email messages, and somehow under EU law you're entitled to all discounts I guess?
drdaeman 8 hours ago [-]
Yea, I don't get it either. Receiving being a condition on membership means (in my understanding) only that non-members can't (shouldn't) receive anything, not that members will or must receive something. Which sounds perfectly normal and sane to me.
LearnYouALisp 8 hours ago [-]
sounded exactly like translation error from a German-related lang.
e.g. "to receive offers...is a condition to be in..."
Insimwytim 6 hours ago [-]
There's also issue with EU companies forcing candidates to agree to their anti-privacy policies (confusingly named "privacy policies") as a requirement before the job interview.
Those anti-privacy policies will state, that you grant the company and third-parties (so, anyone) permissions to use your data (including voice and image) for any purpose. (Of course, it is stated in a slightly obscure fashion, so a layman may not comprehend it.)
I wonder if there has been any similar action taken against those.
I haven't personally encountered that, but you are free to lodge complaint with your local DPA about it.
That exact language is unlikely to be compliant. If you want to maximize your effect you could make Article 15 request to the company in question, get the list of actual recipients of data (make sure to be ask for this specifically) and then make another request to all of those companies. That will then allow you to possibly make further complaints (e.g. why exactly they didn't send Article 14 information to you, are the legal basis they use actually proper in your case especially if the original one was consent and it was not freely given).
Insimwytim 4 hours ago [-]
Wouldn't you have to "consent" first?
What if you didn't and did not proceed with the process? Can you complain still?
As in - if you didn't give your consent there's no violation has occurred and they don't have your data, so nothing to ask for?
buzer 3 hours ago [-]
That's a bit more complex.
Everyone is free to make a tip to DPA. However DPA is free to decide if they want to start their own investigation based on that unlike when you make Article 77 complaint.
There isn't a lot of case law around the threshold of Article 77. The text says "if the data subject considers that the processing of personal data relating to him or her infringes this Regulation". If read completely alone one could make argument that since you didn't consent no processing occurred -> you do not have right to make an Article 77 complaint.
However when taking the in account the goals and purpose of GDPR as well as recital 141 I would argue otherwise. To be specific recital 141 says "if the data subject considers that his or her rights under this Regulation". CJEU also often refers to GDPR's objective of ensuring high level of protection of fundamental rights and freedoms of natural persons. I feel that ex post requirement would be quite contrary to that.
Due to this my personal stance would be that just offering invalid consent choice where refusal has negative consequences is something that violates data subject's rights even if processing didn't occur and would be eligible for actual Article 77 complaint rather than just tip to DPA.
[EDIT] Also, there is Article 82 path via damages. In your case you could potentially argue that you suffered damages (like lost wages) due to company's invalid consent requirement. This, however, is generally a lot harder and more expensive path. Depending on how legal costs are allocated in your jurisdiction you could also end up with judgement where you need to pay your opponent's legal costs if you lose.
For Article 82 claim you almost definitely will need a lawyer.
ambicapter 5 hours ago [-]
I understand where he's coming from, but it is still hilarious that he sued the legal entity that won the case for him, after they found the case in his favor.
buzer 4 hours ago [-]
What do you mean? It sounds like he is planning to sue company in question and possibly lodging complaint against Swedish DPA. Norwegian DPA is the one who found case in his favor.
LtdJorge 4 hours ago [-]
Yes, he doesn't have a problem with the Norwegian DPA but with the Swedish DPA which are the ones that should be in contact with him.
intended 19 minutes ago [-]
Seeing that he influenced the creation of the GDPR, the general sense of hopelessness in the rest of the populace, and the failure of the governing body to do it’s jobs - I suppose he is the only person who would be taking people to account.
pavel_lishin 9 hours ago [-]
The image isn't loading for me, all I see is the prompt used to generate it - which is genuinely preferable.
QuantumNomad_ 8 hours ago [-]
For me it was showing the image and the prompt, but the whole page was unstyled. But when I reloaded the page now, the css loaded also and the prompt is not shown.
I guess the web server was temporarily overwhelmed by traffic resulting in images (like for you) and css files (like for me) not being consistently served to all visitors.
kuboble 3 hours ago [-]
Is it a prompt or accessibility description for screen readers?
cmeacham98 3 hours ago [-]
The website labels it as a prompt, so probably a prompt
petterroea 1 hours ago [-]
I personally know other people who have filed similar complaints, and the Norwegian Datatilsynet explicitly stated they acted based on many complaints. I don't think they care about a single person's voice in this, even if they "helped create the law".
It's a shame, but it probably says more about Datatilsynet's capacity. Frankly it would be great if you could simply say "this company did something dodgy", provide proof, and immediately get results. But that's not the world we live in.
vinni2 1 hours ago [-]
I am glad this was resolved. It’s annoying when companies take things for granted. It’s not just Elkjøp doing it. There are other e commerce companies and some online pharmacies doing it too.
Telaneo 8 hours ago [-]
Datatilsynet, the Norwegian DPA, from my experience, consistently has the user in mind. It (sadly) takes a long time for things to pass through the system, but they consistently come to good decisions.
tomtom1337 9 hours ago [-]
This is extremely cool reading! I'm impressed that they actually fined Elkjøp (as they should!) but very surprised that they didn't keep you informed!
Thank you for sharing!
spl757 1 hours ago [-]
The term "forced consent" is an oxymoron. It shouldn't take much more critical thinking than reading that term to know it makes no sense.
patates 54 minutes ago [-]
It's one of those situations that the words lose their meanings but the expression makes you understand a situation better. This is like a manufactured consent that comes with a threat. A similar example would be "coerced confession" or maybe even "forced smile".
ozozozd 1 hours ago [-]
Agreed. It’s an idiotic euphemism.
peaseagee 9 hours ago [-]
And how much did it make them over those 5 years?
Retric 8 hours ago [-]
The fine is only part of the story. They likely spent more money than the fine fighting it over 5 years as fines increase next time if you don’t stop.
coldtea 8 hours ago [-]
And how much did it make them over those 5 years?
aucisson_masque 8 hours ago [-]
You don't know how much it did cost them. Why would you care about how much they gained ? You can't compare something when you have neither value.
anakaine 8 hours ago [-]
Because if, as the regulator, you fail to benchmark what they gained then your laws can be ignored and your fines paid as simply a cost of doing business.
Its why you find the Australian regulator for consumer affairs handing out $200m+ fines to telecommunications companies, for example.
Retric 8 hours ago [-]
By that logic regulators should lower fines if the action wasn’t profitable. Which creates an expensive legal fight around the net profits of some action were after guilt is determined.
Instead, it’s much better to scale fines based on the scale of the entity involved, which also results in huge fines, but it’s easier to measure revenue. Thus the fines are more broadly effective, and you can still escalate if they don’t stop.
tux1968 8 hours ago [-]
Like in Finland where speeding ticket fines are based on your income. For instance, in one well known case a businessman was fined €121,000 for going 82 km/h in a 50 km/h zone.
dataflow 8 hours ago [-]
And before anyone calls this crazy, note that jail time costs you your time, whatever that's worth. This is the same idea without the physical incarceration.
TurdF3rguson 6 hours ago [-]
Most rich people still make money when they're in jail. Only people who work for a living stop making money.
Retric 4 hours ago [-]
Rich and retired are very different thing. A CEO can be out hundreds of millions due to a long prison sentence, but most fines don’t scale nearly that far.
aidenn0 7 hours ago [-]
That's considerably more than someone near me who was doing 245km/h in a 90 zone (Well 55mph which is 89km/h). I still don't know why that person didn't lose their license (other than the obvious fact that they were rich enough to afford the Lamborghini that they were driving in); it wasn't just any 55 zone, it was one with a reputation for being dangerous.
karlgkk 2 hours ago [-]
> By that logic regulators should lower fines if the action wasn’t profitable
No? You don’t need to adjust the floor, only the ceiling.
The goal is to prevent businesses from pricing fines into their margins.
jmholla 5 hours ago [-]
I don't think that logic works. In your vein, if I say " If it gets hotter, I'll want it to be colder" that would imply that if it gets colder I'll want it to be hotter. That doesn't necessarily have to be the case thought.
If they made a profit and I want them to pay more than the base fine doesn't mean if they made a loss I want them to pay less than the base fine.
I think the rest of your come t stands though. There is difficulty I proving profit and Hollywood accounting can probably change those numbers.
Retric 4 hours ago [-]
> If they made a profit and I want them to pay more than the base fine doesn't mean if they made a loss I want them to pay less than the base fine.
I’m not saying they would get a rebate just that for this to be meaningful for a mid sized or larger company requires a large portion of a given fine to be based on profits. So a company receiving a fine based on their profits would argue they made less money from the behavior, it’s a legal argument without any risk.
Consider a fine for a mid sized company that’s base 100k + 10m based on profits it ‘goes away’ if they win but it also ‘goes away’ if they drop it by 99%. Thus just as much effort would be spent on how much money they made as is put forth to defend the fine in the first place.
Now obviously you could set the base large enough to offset that, but doing so defeats the point of profit based fines in the first place. Which means inherent to the idea of profit based fines is the concept they largely go away if a major company can argue their profits where non existent.
fc417fc802 5 hours ago [-]
It's not about what you want nor is it about exacting revenge. The end goal is simply a marketplace where a given behavior isn't happening. Appropriately structured fines should accomplish that.
kmoser 45 minutes ago [-]
It's a nice theory, but only works if the company gets caught and fined enough times to make a difference. Even a zillion dollar fine is useless if the law isn't applied. Also, when the fine comes out of corporate coffers, not individuals' pockets, there is less incentive to comply with the law. If you really want results, fines should come out of management's personal bank accounts, not to mention some jail time.
fc417fc802 29 minutes ago [-]
Sure, if the regulator doesn't move to enforce then the law won't have any effect but at least to me that sounds like a problem with the government as opposed to a justification for draconian penalties.
Targeting management seems like a tactic that should only be employed where great urgency exists such as life threatening danger. I don't think marketing material is anywhere close to qualifying.
I hate my inbox being inundated with spam as much as the next guy but that doesn't mean drawing and quartering the perpetrators is justified.
8 hours ago [-]
fc417fc802 5 hours ago [-]
This entire issue is sidestepped by having graduated fines (which GDPR has). If they keep doing it the amount keeps going up until eventually they go out of business. It really limits the ability to take advantage of the system which hopefully makes it not worthwhile to bother doing.
moi2388 10 minutes ago [-]
Up to 4% of turnover. So if they make more than that it is still profitable to keep going.
Not that it is likely that they make that much in profit, but still. There probably shouldn’t be a limit, and there probably should be personal legal consequences such as jail time for repeat offenders.
ryandrake 9 hours ago [-]
Excellent outcome. I wish we had these rights in the USA! Too bad justice took 5 years though.
This fills my heart with joy. If only ICO in the UK would do the same.
echoangle 8 hours ago [-]
Good to know that this is illegal. One of my email providers also does this, maybe I’ll also have to try reporting them and see what happens.
VorpalWay 7 hours ago [-]
Go for it! If nobody reports things they don't get fixed.
I have found this to be true not just when it comes to companies breaking laws, but also to much more benign things. Such as reporting potholes in town or broken microwaves at work. Those can be in need of fixing for an extended period of time, yet when I report them, they usually get fixed within days. I suspect most people can't be bothered or think that surely someone else will report the issue. But that doesn't work if everyone thinks that way.
TurdF3rguson 5 hours ago [-]
EU only though. You can get away with pretty much anything outside of EU.
pixelpoet 9 hours ago [-]
Love to see this, and love our privacy and data handling laws!
matheusmoreira 4 hours ago [-]
Badass. Hope this keeps happening to all of those abusive "take it or leave it" corporations.
HeartStrings 18 minutes ago [-]
"Integritetsskyddsmyndighetensffsf"
Bro, you alright?
N_Lens 4 hours ago [-]
This article reads like “jurisprudence fetishist gets off on technicality!”
How refreshingly European.
Terr_ 2 hours ago [-]
How is "you must let customers opt-out of marketing spam" a technicality?
alexhans 7 hours ago [-]
It's always satisfying when customer rights stories have a known positive outcome. The timeline is unfortunately quite slow and bureocractic but I'm glad OP managed to find out about it.
d--b 1 hours ago [-]
Idk about that particular company but the benefit of cheating may be much higher than the 1.8m fine they got.
I personally never specifically consent to anything, yet get a ton of marketing emails. To most companies that send me those emails 1.8m would be a slap on the wrist.
RobRivera 8 hours ago [-]
Lol. Brookfield Place wifi had an OPT IN for their wifi to receive marketing.
If you unclicked it, the 'connect to wifi' button greyed out and a notification appears saying that Opt In is required for wifi.
iliveinberlin 7 hours ago [-]
Type the email address of somebody you dislike
josephg 6 hours ago [-]
Yep this. They never make you verify your email address on a captive portals. (Since you can’t check your email without an internet connection in the first place).
what 4 hours ago [-]
Then you could put in anything that looks like a valid email rather than the email of someone you dislike.
Telaneo 6 hours ago [-]
There's always a@a.com
plagiarist 6 hours ago [-]
My go-to is always their domain, if it works.
RobRivera 5 hours ago [-]
THATS EXACTLY WHAT I DID mwahahaha
setgree 4 hours ago [-]
The part about this that's amazing to me is that they still are doing nothing after he noted another GDPR violation [0]. He's obviously both competent and litigious. What does the company expect to happen next??
[0] "Under Article 77(2) of the GDPR a supervisory authority is under a binding legal obligation to keep a complainant informed of the progress and the outcome of their complaint. It is not a courtesy and it is not discretionary - it is written into the law. I filed my complaint with IMY, IMY passed it on, the case ended in a multi-million euro enforcement action, and not one of the authorities involved thought to tell the person who started it."
XelNika 3 hours ago [-]
As I understand it, this second complaint is not against the original company, but against the government authority that handled his case.
gpm 2 hours ago [-]
There's two government authorities here, the one he reported it to (Swedish), and the one that the first one forwarded it to (Norwegian).
The former is the one he seems to be currently taking to task for failing to follow the law, the latter is the one that meaningfully handled the case.
buzer 42 minutes ago [-]
It's also worth noting that it's not the first time Swedish DPA has been criticized regarding GDPR complaint handling:
https://noyb.eu/en/gdpr-rights-sweden "GDPR Rights in Sweden: Court confirms that authority must investigate complaints. So far, the Swedish IMY has taken the view that users don’t have party rights in GDPR procedures."
https://noyb.eu/en/noyb-takes-swedish-dpa-court-refusing-pro... "IMY frequently just forwards a complaint to the company that illegally processes personal data - and then immediately closes the case without investigating." (no decision on this as far as I know. A bit surprising since it has been almost 2 years)
NooneAtAll3 4 hours ago [-]
how was 1.8M calculated?
has any calculations been made on how much actual profit was made by these unlawful actions?
u1hcw9nx 4 hours ago [-]
Page 33. Fine is calculated from annual worldwide revenue from previous year for the company.
"guidelines say we should apply fine of 0.4% yearly revenue (400M NOK) at the least, but for whatever reason we decided punishment to be 20x less than that"
okay then...
angry_octet 7 hours ago [-]
I don’t know who you are. I don’t know what you want. If you are looking for ransom I can tell you I don’t have money, but what I do have are a very particular set of skills. Skills I have acquired over a very long career. Skills that make me a nightmare for people like you.
josefritzishere 6 hours ago [-]
I wish America had real privacy laws like Norway.
QuantumNomad_ 8 hours ago [-]
> the only way to stop the marketing was to cancel my membership of the club altogether
I have experienced this same thing with at least one other big company in Norway.
I could opt out of either SMS or e-mail, but not both, or I would not be able to keep the membership.
Unfortunately, I never made a note of which one that was exactly so I can’t name them and shame them on the spot.
Despite half-hearted attempts at stopping marketing emails now and then by individually logging in and opting out, or clicking unsubscribe links embedded in the email, my email continues to be flooded with marketing both from domestic and foreign companies that I’ve done business with. There is so many companies that even going through a handful of them at a time and unsubscribing there is a seemingly endless amount of companies that remain to unsubscribe from.
It is great to see that someone fights back, and that it is resulting in fines.
kristianrs 7 hours ago [-]
komplett.no
gib444 1 hours ago [-]
Eveyone getting very excited but on what date did the company actually pay the fine to the EU?
> This decision can nevertheless be challenged before Norwegian
courts in accordance with Article 78(1) of the GDPR. [0]
Hahaha, the sticker looks really funny, but I like it.
kklisura 7 hours ago [-]
GDPR is a godsend.
yieldcrv 7 hours ago [-]
I’m imagining an agentic solution in everyone’s inbox that automates GDPR fines and updates
aaron695 7 hours ago [-]
[dead]
jazz9k 7 hours ago [-]
I'm so glad the GDPR never took hold in the US. Little Karens getting companies fined millions of dollars over what amounts to nothing.
You can always not use their service. Plenty of alternatives out there.
wafflemaker 2 hours ago [-]
I for one was signed up for Elkjøp kundeklubb membership unbeknownst to me. It happened when I was picking up a water cooker. Seller asked if I would like an electronic receipt and asked me for my email. That was in Elkjøp at Solsiden in Trondheim.
The more annoying is that I gave him my regular email address and not a generated alias that I always give to companies.
Was super pissed when spam started landing on my main address.
So no, not plenty alternatives here.
wredcoll 6 hours ago [-]
How depressingly unamerican.
solid_fuel 4 hours ago [-]
It's really pathetic, isn't it? These guys hate their fellow Americans so much that they think it's better to allow companies to abuse people instead of stepping in to protect them.
throw9394494 8 hours ago [-]
I wonder if anyone who are cheering this fine, actually read and tried to implement GDPR. It is a nightmare to be fully compliant for small companies.
It is mostly just a theater (like endless cookie consent dialogs in anonymous browsing), to employ more experts and bureaucrats.
EU is now pushing privacy laws that severely undermine privacy.
Telaneo 6 hours ago [-]
I have read it. It's really easy to be compliant if don't start from a position of extracting the maximum amount of data from every user out there. If you start from the opposite end of the scale, only getting the data you need for the goals you need to achieve in the interest of the user, you barely have to do anything beyond what you would have done anyway.
iliveinberlin 7 hours ago [-]
I did, it is easy, you just don't spy on people and have a point of contact and you're good. It becomes hard when you want to spy on people and also remain compliant with the no spying law.
dgellow 49 minutes ago [-]
You can even spy if you want to, just ask for consent
CalRobert 30 minutes ago [-]
Getting consent in a truly compliant way is basically impossible (it should be opt IN, not opt OUT). Though we've trained people to just accept literally everything now.
DarkUranium 4 hours ago [-]
The cookie consent dialogs were never required in this form.
That was literally just malicious compliance in order to get people mad at the law instead of the companies (at least at first, there's also a huge amount of cargo-culting nowadays). Congrats, you've been psy-opped.
kentm 6 hours ago [-]
Yes. It’s very easy actually. People think it’s hard only because they’ve built revenue streams on unethical behavior.
tverbeure 7 hours ago [-]
> EU is now pushing privacy laws that severely undermine privacy.
Even if it’s most just theater, you don’t make the case at all how it undermines privacy.
matheusmoreira 4 hours ago [-]
Stop spying on people.
arjie 7 hours ago [-]
It's an interesting story, but I could not help but have my mind skip over it because of the LLMisms. Acts like one of those taboola reels to me. If even just there was a tutorial to get people to write in such a way that it's not obviously LLM text it would be nice because the story is interesting.
I know, it's like complaining about JS etc. but it's like walking into an elevator and smelling very strong perfume. It's hard not to go "whew!"
cwillu 3 hours ago [-]
> LLMisms
The word is “cliches”, and they existed long before LLMs.
arjie 3 hours ago [-]
Haha they are cliches, yes. But a specific type of cliche that is unique to current language models.
> That one sentence is the whole case
This example, for instance, is more uniquely LLM than mere common cliche.
Terr_ 2 hours ago [-]
> cliche that is unique to current language models
If it's something humans don't do and unique to certain programs, then "cliche" is probably not the correct term.
"I read the article, but it was full of improperly-escaped HTML entity references, how cliche."
londons_explore 8 hours ago [-]
If I did business in the EU, I would be banning this chap from my services on the basis that the risk he poses to the business is too great...
onli 8 hours ago [-]
You would do no such thing, because if you tried, you wouldn't have a business in the EU anymore.
Broken_Hippo 8 hours ago [-]
In other words, you'd ban someone because they might notice that you are doing illegal stuff and you might get caught.
Follow the laws and it isn't an issue. I'm pretty sure banning someone for that stuff is probably illegal, too.
Telaneo 6 hours ago [-]
We don't want your business in the EU if this is your attitude to things like this.
solid_fuel 8 hours ago [-]
Frankly, this attitude is pathetic. Absolute loser behaviour.
I don't think you should be doing business anywhere if customers being familiar with the law and knowing their rights scares you. Frankly if you are running a business, you should be familiar with the laws and regulations, doing otherwise - especially when someone points out that your behaviour is illegal - is negligence and punishment with a fine is completely appropriate. Welcome to living in a society.
dataflow 7 hours ago [-]
The risk of getting caught doing business illegally? You really don't give a damn about the illegal part, just getting caught?
throw9394494 8 hours ago [-]
Just awoid some jurisdictions. Bulgaria is in EU, has all the same access, and has no time for this BS.
Symbiote 8 hours ago [-]
You can see the fines the Bulgarian regulator has handed out here:
Unfortunately, especially in the US, exercising your rights, or even just reading every paper you're expected to put your name to, not only constantly pisses people off for some reason, but also puts you at a significant disadvantage compared to the people that never push back in the interest of not making waves, or even because "whatever it's fine."
As one example, I went to a doctor, he ordered an x-ray. I went over to the x-ray company then back to my doctor. He pulled up the x-ray immediately. He's only able to do that because I signed that he can share my info with the x-ray company and visa-versa.
Again, I don't have a solution. No regulation = he'd probably share my data. But regulation = he gets me to sign so he can legit provide the service, and still shared my data (Because I signed). So all the regs did is make visiting the doctor more annoying, and add $$$$ to push all the paperwork around.
There are sometimes things you might not like hidden in the releases you're signing, beyond the run of the mill acceptance of financial responsibility / assignment of benefits, notice of privacy policy acknowledgment, consent to treat.
Obviously this doesn’t work in all situations and for all people, but it’s a start.
What is so hard in respecting the spirit of the law?
Earlier this week a potential landlord offered me a lease saying I had already inspected the property and found no issues with it.
I asked for a chance to actually inspect before signing, and even said I would settle for a good quality video walkthrough. They told me the unit was "not available for viewing" because it wasn't finished yet, and by the time it was finished it would likely be taken.
So why did you ask me to sign a contract saying I inspected a property that it's conceptually impossible to inspect??
I asked if they could change that part of the lease. They said they were "unable" due to "demand and interest in the property."
Of course, still not as insane as your story.
Was it a paper lease? Because you could always cross out that section before signing, not to mention write in your own addendum. They would probably still balk, but you'd be within your rights to do so.
I would want to read and perhaps get legal advice before relying on that interpretation - and before finding I signed over rights to my landlord to make candid porn of me and all his other tenants.
Yeah, if you accidentally recorded families walking through their homes unclothed, this could land a landlord in jail.
Maybe that's at the gym or by the pool, and maybe you're actually not comfortable becoming a swimsuit model.
This is the crux of the problem when landlords are allowed to form or join an "association" that gets too pervasive.
This was at the heart of the RealPage lawsuits.
Be reasonable.
Always maintain your integrity, a big part of that is honoring your word. Integrity is the only thing you're born with in this life, and if you're lucky you take it with you on the way out. Any person worth getting into contracts with will appreciate the value in that.
Yup. It's particularly sad seeing other people in this very thread talking about how they would "ban this customer for life" just for knowing their rights.
I think it's pathetic that this has become the culture amongst large swathes of Americans - especially ones who consider themselves patriotic. This country was founded in rebellion and the assertion of our rights, and somehow the exact opposite is now the ideal of many citizens now.
DHS is putting on the domestic terrorists watch list those people who took parts in the protests. Or at minimum threatens to put. And if you google a bit more you'd see that it isn't limited to ICE. Any dissent is perceived by the current government in a similar "terrorism" way. For majority of population that would completely chill any desire to assert rights.
https://www.markey.senate.gov/imo/media/doc/letter_to_dhs_on...
"U.S. Immigrations and Customs Enforcement (ICE) officers and senior Trump administration officials have repeatedly suggested that the Department of Homeland Security (DHS) is building a “domestic terrorists” database comprising information on U.S. citizens protesting ICE’s actions in recent weeks.
...
In recent weeks, DHS personnel and senior officials have repeatedly stated that the agency is engaged in efforts to monitor, catalog, and intimidate individuals engaged in peaceful protests"
[1] - https://en.wikipedia.org/wiki/Occupy_Wall_Street#Government_...
[2] - https://en.wikipedia.org/wiki/COINTELPRO
It’s reprehensible and I am demanding accountability from my elected politicians. The only way we’ll see someone answer for these crimes, though, is if enough Americans give a shit to get off their fucking asses and actually put people into office who will bring change.
Machine translation of overview & 5.1 which is what the blog post is about (covers some other things as well): https://chatgpt.com/share/6a34732c-0fa4-83e8-aae1-95c25dd117...
[EDIT] Oh, there was actually official English decision available as well: https://www.datatilsynet.no/contentassets/59addbef9c1b48a28f...
I don’t understand… it would be one thing if it said “receiving marketing/offers is a condition of being a member of the customer club” but that’s not what is being stated above… rather that being a member of the club is required to receive marketing — perhaps something has been misworded or lost in translation?
To me, Elkjop seems perfectly reasonable here. But EU policy disagrees.
e.g. "to receive offers...is a condition to be in..."
Those anti-privacy policies will state, that you grant the company and third-parties (so, anyone) permissions to use your data (including voice and image) for any purpose. (Of course, it is stated in a slightly obscure fashion, so a layman may not comprehend it.)
I wonder if there has been any similar action taken against those.
That exact language is unlikely to be compliant. If you want to maximize your effect you could make Article 15 request to the company in question, get the list of actual recipients of data (make sure to be ask for this specifically) and then make another request to all of those companies. That will then allow you to possibly make further complaints (e.g. why exactly they didn't send Article 14 information to you, are the legal basis they use actually proper in your case especially if the original one was consent and it was not freely given).
What if you didn't and did not proceed with the process? Can you complain still?
As in - if you didn't give your consent there's no violation has occurred and they don't have your data, so nothing to ask for?
Everyone is free to make a tip to DPA. However DPA is free to decide if they want to start their own investigation based on that unlike when you make Article 77 complaint.
There isn't a lot of case law around the threshold of Article 77. The text says "if the data subject considers that the processing of personal data relating to him or her infringes this Regulation". If read completely alone one could make argument that since you didn't consent no processing occurred -> you do not have right to make an Article 77 complaint.
However when taking the in account the goals and purpose of GDPR as well as recital 141 I would argue otherwise. To be specific recital 141 says "if the data subject considers that his or her rights under this Regulation". CJEU also often refers to GDPR's objective of ensuring high level of protection of fundamental rights and freedoms of natural persons. I feel that ex post requirement would be quite contrary to that.
Due to this my personal stance would be that just offering invalid consent choice where refusal has negative consequences is something that violates data subject's rights even if processing didn't occur and would be eligible for actual Article 77 complaint rather than just tip to DPA.
[EDIT] Also, there is Article 82 path via damages. In your case you could potentially argue that you suffered damages (like lost wages) due to company's invalid consent requirement. This, however, is generally a lot harder and more expensive path. Depending on how legal costs are allocated in your jurisdiction you could also end up with judgement where you need to pay your opponent's legal costs if you lose.
For Article 82 claim you almost definitely will need a lawyer.
I guess the web server was temporarily overwhelmed by traffic resulting in images (like for you) and css files (like for me) not being consistently served to all visitors.
It's a shame, but it probably says more about Datatilsynet's capacity. Frankly it would be great if you could simply say "this company did something dodgy", provide proof, and immediately get results. But that's not the world we live in.
Thank you for sharing!
Its why you find the Australian regulator for consumer affairs handing out $200m+ fines to telecommunications companies, for example.
Instead, it’s much better to scale fines based on the scale of the entity involved, which also results in huge fines, but it’s easier to measure revenue. Thus the fines are more broadly effective, and you can still escalate if they don’t stop.
No? You don’t need to adjust the floor, only the ceiling.
The goal is to prevent businesses from pricing fines into their margins.
If they made a profit and I want them to pay more than the base fine doesn't mean if they made a loss I want them to pay less than the base fine.
I think the rest of your come t stands though. There is difficulty I proving profit and Hollywood accounting can probably change those numbers.
I’m not saying they would get a rebate just that for this to be meaningful for a mid sized or larger company requires a large portion of a given fine to be based on profits. So a company receiving a fine based on their profits would argue they made less money from the behavior, it’s a legal argument without any risk.
Consider a fine for a mid sized company that’s base 100k + 10m based on profits it ‘goes away’ if they win but it also ‘goes away’ if they drop it by 99%. Thus just as much effort would be spent on how much money they made as is put forth to defend the fine in the first place.
Now obviously you could set the base large enough to offset that, but doing so defeats the point of profit based fines in the first place. Which means inherent to the idea of profit based fines is the concept they largely go away if a major company can argue their profits where non existent.
Targeting management seems like a tactic that should only be employed where great urgency exists such as life threatening danger. I don't think marketing material is anywhere close to qualifying.
I hate my inbox being inundated with spam as much as the next guy but that doesn't mean drawing and quartering the perpetrators is justified.
Not that it is likely that they make that much in profit, but still. There probably shouldn’t be a limit, and there probably should be personal legal consequences such as jail time for repeat offenders.
I have found this to be true not just when it comes to companies breaking laws, but also to much more benign things. Such as reporting potholes in town or broken microwaves at work. Those can be in need of fixing for an extended period of time, yet when I report them, they usually get fixed within days. I suspect most people can't be bothered or think that surely someone else will report the issue. But that doesn't work if everyone thinks that way.
Bro, you alright?
How refreshingly European.
I personally never specifically consent to anything, yet get a ton of marketing emails. To most companies that send me those emails 1.8m would be a slap on the wrist.
If you unclicked it, the 'connect to wifi' button greyed out and a notification appears saying that Opt In is required for wifi.
[0] "Under Article 77(2) of the GDPR a supervisory authority is under a binding legal obligation to keep a complainant informed of the progress and the outcome of their complaint. It is not a courtesy and it is not discretionary - it is written into the law. I filed my complaint with IMY, IMY passed it on, the case ended in a multi-million euro enforcement action, and not one of the authorities involved thought to tell the person who started it."
The former is the one he seems to be currently taking to task for failing to follow the law, the latter is the one that meaningfully handled the case.
https://noyb.eu/en/gdpr-rights-sweden "GDPR Rights in Sweden: Court confirms that authority must investigate complaints. So far, the Swedish IMY has taken the view that users don’t have party rights in GDPR procedures."
https://noyb.eu/en/noyb-takes-swedish-dpa-court-refusing-pro... "IMY frequently just forwards a complaint to the company that illegally processes personal data - and then immediately closes the case without investigating." (no decision on this as far as I know. A bit surprising since it has been almost 2 years)
has any calculations been made on how much actual profit was made by these unlawful actions?
https://www.datatilsynet.no/contentassets/59addbef9c1b48a28f...
okay then...
I have experienced this same thing with at least one other big company in Norway.
I could opt out of either SMS or e-mail, but not both, or I would not be able to keep the membership.
Unfortunately, I never made a note of which one that was exactly so I can’t name them and shame them on the spot.
Despite half-hearted attempts at stopping marketing emails now and then by individually logging in and opting out, or clicking unsubscribe links embedded in the email, my email continues to be flooded with marketing both from domestic and foreign companies that I’ve done business with. There is so many companies that even going through a handful of them at a time and unsubscribing there is a seemingly endless amount of companies that remain to unsubscribe from.
It is great to see that someone fights back, and that it is resulting in fines.
> This decision can nevertheless be challenged before Norwegian courts in accordance with Article 78(1) of the GDPR. [0]
Time will tell I guess?
[0] https://www.datatilsynet.no/contentassets/59addbef9c1b48a28f...
You can always not use their service. Plenty of alternatives out there.
The more annoying is that I gave him my regular email address and not a generated alias that I always give to companies.
Was super pissed when spam started landing on my main address.
So no, not plenty alternatives here.
It is mostly just a theater (like endless cookie consent dialogs in anonymous browsing), to employ more experts and bureaucrats.
EU is now pushing privacy laws that severely undermine privacy.
That was literally just malicious compliance in order to get people mad at the law instead of the companies (at least at first, there's also a huge amount of cargo-culting nowadays). Congrats, you've been psy-opped.
Even if it’s most just theater, you don’t make the case at all how it undermines privacy.
I know, it's like complaining about JS etc. but it's like walking into an elevator and smelling very strong perfume. It's hard not to go "whew!"
The word is “cliches”, and they existed long before LLMs.
> That one sentence is the whole case
This example, for instance, is more uniquely LLM than mere common cliche.
If it's something humans don't do and unique to certain programs, then "cliche" is probably not the correct term.
"I read the article, but it was full of improperly-escaped HTML entity references, how cliche."
Follow the laws and it isn't an issue. I'm pretty sure banning someone for that stuff is probably illegal, too.
I don't think you should be doing business anywhere if customers being familiar with the law and knowing their rights scares you. Frankly if you are running a business, you should be familiar with the laws and regulations, doing otherwise - especially when someone points out that your behaviour is illegal - is negligence and punishment with a fine is completely appropriate. Welcome to living in a society.
https://www.enforcementtracker.com/