How The GDPR Nearly Ruined Christmas

from the this-is-getting-silly dept

While the thinking behind the GDPR may seem sensible, time and time again we hear stories about how, in practice, it’s a complete disaster. Some of that may be because of people misinterpreting the law. Some of it may be because the law is being abused. And some of it may be because the law is too vague. But some of it is just because the law tries to do way too much. So, today, we have a little story of how the GDPR nearly ruined Christmas for a small town in Germany.

The town of Roth has a long-standing tradition where children would write down their Christmas wishes, which would then be placed on a tree in the market. The city council would read the wishes and try to get the children what they wanted. Nice, wholesome, holiday good deeds and all. But… it became tricky under various privacy regulations, starting with Germany’s own data privacy law and, later, the GDPR, because in order to get your wishes fulfilled, children had to provide their names and identifying information… and that’s a big no-no under the law:

That legislation states that parents of minors have to provide consent to the use of their kids’ data. Organizations that fail to comply face big financial penalties.

Providing proof of this was deemed too onerous by the council and the city decided against festive wish lists for 2018.

“The yearly trips to the fire brigade unit and the mayor were especially popular with children” Melanie Hanker, who works on events and public relations in the town’s administration, told Die Welt last week. “Without the wishing lists, both these events will not take place this year,” she added. Hanker refused CNN’s request for an interview.

After initially cancelling this traditional wish-making and wish-granting, thankfully, a local radio station worked out a solution:

It created a wish list, which included a parental consent disclaimer, which can be printed from their website and put in the wishing box at the Christmas market, which opens on Thursday.

“This way, the wishes can be submitted and collected from Father Christmas also this year,” the city said in a statement on Tuesday.

So… at least Christmas wasn’t totally ruined, but now the simple process of making a wish involves a silly unnecessary extra tradition: having parents sign legal consent disclaimers to allow their children to make wishes that they hope the city council will fulfill. It’s a Christmas miracle bureaucracy!

Filed Under: , , , , , , , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “How The GDPR Nearly Ruined Christmas”

Subscribe: RSS Leave a comment
27 Comments
Anonymous Coward says:

‘It’s a Christmas miracle bureaucracy!’

more like a bureaucracy fuck up! typical of the EU, especially the EU Commission, trying to do whatever possible to protect the rich, the famous and the powerful (starting with the ‘Right to be Forgotten disaster!) instigated by an ‘encouraged’ ordinary person but had to include, when needed, every other ‘ordinary person’!!

Russell Grub says:

"time and time again we hear stories" -- ANECDOTAL AND ANAMOLY.

A classic Techdirt two-fer.

Sheesh. Just because ONE city has not been protecting children, you condemn the very idea of privacy for the whole EU!

Masnick: try to read your text way like someone even a tiny bit critical will. Actually, you require suspension of disbelief here. You start off with silly "seasonal" allusion, meander through pejoratives of where want to end up, and make entirely no sense overall.

Max (profile) says:

Dear Mike,

keep doing this and you’ll end up like YouTube’s Thunderfoot who used to have a point, but is apparently just going for a good rant on one of his pet peeves instead of bothering with actually making sense more often than not these days. Also, there’s that crying wolf too many times without the world actually ending thing.

In some sort of idyllic Whoville there would be no need for GDPR – but this is the real world 2018 edition, and what that city was doing was (and still is) a privacy disaster waiting to happen. The very least those willingly sticking their necks through the noose can do is acknowledge doing it on their own accord.

Also: Merry Christmas…!

Anonymous Anonymous Coward (profile) says:

Re: Dear Mike,

You’re suggesting that the city doesn’t already have records of all the children within their confines? Birth records, school records, names, addresses, ages, parents names, etc.? Or are you suggesting that the wishing notes would become public further than needed to fulfill the wishes?

If you think there is a problem, then state the problem, rather than just casting aspersions without any kind of evidence.

Anonymous Anonymous Coward (profile) says:

Re: Dear Mike,

You’re suggesting that the city doesn’t already have records of all the children within their confines? Birth records, school records, names, addresses, ages, parents names, etc.? Or are you suggesting that the wishing notes would become public further than needed to fulfill the wishes?

If you think there is a problem, then state the problem, rather than just casting aspersions without any kind of evidence.

Anonymous Coward says:

Re: Dear Mike,

there’s that crying wolf too many times without the world actually ending thing

Hmm…. how did that story go again? Lemme try to remember.

The Boy Who Cried Wolf
By "Max"

Once there was a young shepherd boy, and the village was – to their credit – very concerned about him being attacked by wolves. So they got together and created a new law: no one may allow any animal to come within 500 feet of the boy under any circumstances.
The villager who owned the flock of sheep and employed the boy to tend them read through the law, and realized that nothing in it limited it to wolves or other harmful animals. Facing steep penalties if he continued to allow his sheep near the boy, he decided he had to fire him.
Some people pointed out that this seemed like a bad outcome, and hardly the intent of the law. The other villagers cried "what? it’s not like the world has ended! stop crying wolf." The objectors weren’t really sure how this response made any sense whatsoever, because it didn’t, and they all lived happily (?) ever after. The boy starved.

Stephen T. Stone (profile) says:

Re:

So what you’re saying is

otherwording (or in-other-wordsing) — noun — The practice of summarizing an argument in a way that intentionally distorts it into saying something it does not and slanders the person who made it; this is often done to make winning an argument easier.

Example: You can typically find the phrases “in other words” or “so you’re saying” at the beginning of an instance of otherwording.

See also: strawman; your post

Mike Masnick (profile) says:

Re: Re: Re:

This is a good/fun definition, other than the misuse of “slanders” in it… 🙂

But, yeah, the above “so what you’re saying” comment is so beyond misleading that it does not deserve an actual response. But the person who posted it knows that and doesn’t care. He spends a lot of time around here arguing against the strawman mike in his head — and whenever we point out that the real me is different, he takes it as proof that I’m lying, because the strawman mike could never be wrong. It’s delusional.

Anonymous Coward says:

If you are planning a tripe to any EU country, just set your own VPN on your home computer before you go. That way, if you find your favourite US newspaper blocked, due to GPDR, you can simply log in to your home network, and then access the site.

This does not break the CFAA in any way, because it is not a CFAA violation to log in own home computer network. You will appear to be coming from home computer, and nobody will ever be the wiser.

Using your home network has one advantage over using a commercial VPN provider. Websites can use a service like BlockScript to detect access from known commercial VPN sites. Your home computer’s VPN will not be in any of these lists, so websites will never know what happened.

This is how, when I travel to Mexico or Canada, I can bypass geoblocking to get Netflix, iHeart, or any US only website. Using the VPN on my home computer makes my use of a VPN to bypass geoblocking undetectable to these sites, so it appears I am on my home computer, and they will never the wiser.

To do this, while you are away, Comcast Business is the best for this. For $100 a month, you can get service, with static IP, with enough outbound bandwidth that will let you watch Netlix or YouTube through your home connection.

And this is also where you can avoid problems with the CFAA and DMCA. To log on to your OWN network does NOT violate the CFAA, even if it is for bypassing geoblocking. For it to be unauthroized access, you have to be using an illegally obtained passed, and the password on your home network cannnot be considered illegally obtained.

And it is not violating the DMCA to bypass geoblocking to access something you are already paying for, so it cannot be considered any kind of financial gain, since you are already paying for the service. Since I am alerady paying for Netflix and SiriusXM, it is not any kind of service theft.

Michael (profile) says:

Re: Someone keeps getting it wrong

Sure, but the media conglomerate that owns the radio station is drafting it’s legal challenge right now.

You see, the radio host was working when he created the form. That makes it a “work for hire” that the media conglomerate owns the copyright to. Then, an entire town or pirates went out and copied the work and used it without purchasing a proper license. If the town does not crack down on this clear infringement and start forcing it’s citizens to pay the licensing fees that were “stolen”, we will be seeing a lawsuit very soon.

Anonymous Coward says:

“Some people pointed out that this seemed like a bad outcome, and hardly the intent of the law.”

“Intent” of the law. If people can’t clearly determine the purpose of the law as to form an intent, the law should be revised so its purpose is clear.

It’s true most of us would think the town took it too far, but you can bet there was an overzealous “prosecutor” or lawyer (not sure how German law enforcement works) would jump at the chance to sue.

Oh, wait. Do Germans sue foolishly like American idiots?

Add Your Comment

Your email address will not be published.

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Loading...