• Thomas Klein@social.vivaldi.net
    link
    fedilink
    arrow-up
    0
    ·
    28 days ago

    @taschenorakel @kuketzblog

    My gut feeling is that anything, which is collected from my side, whether PII or not, protected or not, should only take place after I get a message on first run, asking me if it’s okay to collect usage data. Including a brief list of what data is collected, whether it’s anonimized, pseudomized, etc and allow me to say “no”.

    Anything collected before I have any chance of opt-in or opt-out to me sounds like “we proactively have already started collecting data. If you don’t want this to go on, you can switch it off in settings” and leaves a smell of privacy pooh on my desktop.

    In other words: It’s a dishonest behaviour to me if I am NOT aware of things going on before things start to happen.

    • Mathias Hasselmann@mastodon.green
      link
      fedilink
      arrow-up
      0
      ·
      28 days ago

      @schroedingershund @kuketzblog I absolutely dislike the concept of blaming entities by gut feeling even if they behave entirely legal.

      They key for reliable privacy laws is general acceptance. It’s of absolutely no value to have strict laws if nobody obeys them.

      The GDPR and the ammending TDDDG do pretty well in balancing interests, and we don’t do privacy activism or IT security a favor if we deny operators legitimate interest out of gut feeling.

      • Mike Kuketz 🛡@social.tchncs.deOP
        link
        fedilink
        arrow-up
        0
        ·
        28 days ago

        @taschenorakel @schroedingershund Whether a usage measurement/marketing campaign takes place anonymously, pseudonymously or with personal data is irrelevant from the perspective of the TDDDG. The decisive factor is whether information is stored on the end device (e.g. cookies) or whether information is read from the end device. Both are subject to consent in accordance with Section 25 (1) TDDDG, unless ‘technically necessary’.

        • Mathias Hasselmann@mastodon.green
          link
          fedilink
          arrow-up
          1
          ·
          28 days ago

          @kuketzblog@social.tchncs.de @schroedingershund@vivaldi.net Laws have a scope and the scope of TDDDG is defined in its first section. You don’t do anyone a favour if you randomly extend the scope of laws just to support your point of view.

          You don’t help these you want to protect by making false promises.

          You won’t get the Thunderbird people to change what’s in there legitimate interested and perfectly legal.

          You simply don’t make the world a better place by inventing false accussions. It’s just another step down.

            • Mathias Hasselmann@mastodon.green
              link
              fedilink
              arrow-up
              1
              ·
              28 days ago

              @kuketzblog@social.tchncs.de @schroedingershund@vivaldi.net

              Actually I did. Did you?

              “Dieses Gesetz regelt […] besondere Vorschriften zum Schutz personenbezogener Daten bei der Nutzung von Telekommunikationsdiensten und digitalen Diensten […] den Schutz der Privatsphäre […] den Schutz der Privatsphäre”

              Privacy and personal data. That’s the scope.

              Data that’s not personal data is out of scope.

              Even more if other laws like GDPR explicitly allow processing of such data.

            • Mathias Hasselmann@mastodon.green
              link
              fedilink
              arrow-up
              1
              ·
              28 days ago

              @kuketzblog@social.tchncs.de @schroedingershund@vivaldi.net

              Actually I did. Did you?

              “Dieses Gesetz regelt […] besondere Vorschriften zum Schutz personenbezogener Daten bei der Nutzung von Telekommunikationsdiensten und digitalen Diensten […] den Schutz der Privatsphäre […] den Schutz der Privatsphäre”

              Privacy and personal data. That’s the scope. Data that’s not personal data is out of scope. Evenmore if other laws like GDPR explicitly allows processing such data.