How The GDPR Nearly Ruined Christmas

from the this-is-getting-silly dept

While the thinking behind the GDPR may seem sensible, time and time again we hear stories about how, in practice, it's a complete disaster. Some of that may be because of people misinterpreting the law. Some of it may be because the law is being abused. And some of it may be because the law is too vague. But some of it is just because the law tries to do way too much. So, today, we have a little story of how the GDPR nearly ruined Christmas for a small town in Germany.

The town of Roth has a long-standing tradition where children would write down their Christmas wishes, which would then be placed on a tree in the market. The city council would read the wishes and try to get the children what they wanted. Nice, wholesome, holiday good deeds and all. But... it became tricky under various privacy regulations, starting with Germany's own data privacy law and, later, the GDPR, because in order to get your wishes fulfilled, children had to provide their names and identifying information... and that's a big no-no under the law:

That legislation states that parents of minors have to provide consent to the use of their kids' data. Organizations that fail to comply face big financial penalties.

Providing proof of this was deemed too onerous by the council and the city decided against festive wish lists for 2018.

"The yearly trips to the fire brigade unit and the mayor were especially popular with children" Melanie Hanker, who works on events and public relations in the town's administration, told Die Welt last week. "Without the wishing lists, both these events will not take place this year," she added. Hanker refused CNN's request for an interview.

After initially cancelling this traditional wish-making and wish-granting, thankfully, a local radio station worked out a solution:

It created a wish list, which included a parental consent disclaimer, which can be printed from their website and put in the wishing box at the Christmas market, which opens on Thursday.

"This way, the wishes can be submitted and collected from Father Christmas also this year," the city said in a statement on Tuesday.

So... at least Christmas wasn't totally ruined, but now the simple process of making a wish involves a silly unnecessary extra tradition: having parents sign legal consent disclaimers to allow their children to make wishes that they hope the city council will fulfill. It's a Christmas miracle bureaucracy!

Filed Under: bureaucracy, christmas, data protection, eu, gdpr, germany, parental consent, privacy, regulations, roth, wishes


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Anonymous Coward, 26 Dec 2018 @ 12:15pm

    'It's a Christmas miracle bureaucracy!'

    more like a bureaucracy fuck up! typical of the EU, especially the EU Commission, trying to do whatever possible to protect the rich, the famous and the powerful (starting with the 'Right to be Forgotten disaster!) instigated by an 'encouraged' ordinary person but had to include, when needed, every other 'ordinary person'!!

    reply to this | link to this | view in chronology ]

    • identicon
      ryuugami, 26 Dec 2018 @ 12:58pm

      Re:

      At least the EU occasionally tries to protect the plebes along with the rich and powerful, unlike some other countries I could name :)

      reply to this | link to this | view in chronology ]

  • This comment has been flagged by the community. Click here to show it
    identicon
    Russell Grub, 26 Dec 2018 @ 12:45pm

    "time and time again we hear stories" -- ANECDOTAL AND ANAMOLY.

    A classic Techdirt two-fer.

    Sheesh. Just because ONE city has not been protecting children, you condemn the very idea of privacy for the whole EU!

    Masnick: try to read your text way like someone even a tiny bit critical will. Actually, you require suspension of disbelief here. You start off with silly "seasonal" allusion, meander through pejoratives of where want to end up, and make entirely no sense overall.

    reply to this | link to this | view in chronology ]

  • This comment has been flagged by the community. Click here to show it
    identicon
    Max, 26 Dec 2018 @ 1:03pm

    Dear Mike,

    keep doing this and you'll end up like YouTube's Thunderfoot who used to have a point, but is apparently just going for a good rant on one of his pet peeves instead of bothering with actually making sense more often than not these days. Also, there's that crying wolf too many times without the world actually ending thing.

    In some sort of idyllic Whoville there would be no need for GDPR - but this is the real world 2018 edition, and what that city was doing was (and still is) a privacy disaster waiting to happen. The very least those willingly sticking their necks through the noose can do is acknowledge doing it on their own accord.

    Also: Merry Christmas...!

    reply to this | link to this | view in chronology ]

    • icon
      Mike Masnick (profile), 26 Dec 2018 @ 1:19pm

      Re: Dear Mike,

      In some sort of idyllic Whoville there would be no need for GDPR - but this is the real world 2018 edition, and what that city was doing was (and still is) a privacy disaster waiting to happen.

      What...?

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 26 Dec 2018 @ 1:23pm

      Re: Dear Mike,

      Yep, covering the many failures and unintended consequences of a massive regulatory scheme that legally binds the entire European Union is exactly the same as Thunderfoot's creepy hate-boner for a single media critic. Mmm-hmm.

      reply to this | link to this | view in chronology ]

    • icon
      Anonymous Anonymous Coward (profile), 26 Dec 2018 @ 1:25pm

      Re: Dear Mike,

      You're suggesting that the city doesn't already have records of all the children within their confines? Birth records, school records, names, addresses, ages, parents names, etc.? Or are you suggesting that the wishing notes would become public further than needed to fulfill the wishes?

      If you think there is a problem, then state the problem, rather than just casting aspersions without any kind of evidence.

      reply to this | link to this | view in chronology ]

    • icon
      Anonymous Anonymous Coward (profile), 26 Dec 2018 @ 1:25pm

      Re: Dear Mike,

      You're suggesting that the city doesn't already have records of all the children within their confines? Birth records, school records, names, addresses, ages, parents names, etc.? Or are you suggesting that the wishing notes would become public further than needed to fulfill the wishes?

      If you think there is a problem, then state the problem, rather than just casting aspersions without any kind of evidence.

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 26 Dec 2018 @ 1:42pm

      Re: Dear Mike,

      there's that crying wolf too many times without the world actually ending thing

      Hmm.... how did that story go again? Lemme try to remember.

      The Boy Who Cried Wolf By "Max"

      Once there was a young shepherd boy, and the village was - to their credit - very concerned about him being attacked by wolves. So they got together and created a new law: no one may allow any animal to come within 500 feet of the boy under any circumstances. The villager who owned the flock of sheep and employed the boy to tend them read through the law, and realized that nothing in it limited it to wolves or other harmful animals. Facing steep penalties if he continued to allow his sheep near the boy, he decided he had to fire him. Some people pointed out that this seemed like a bad outcome, and hardly the intent of the law. The other villagers cried "what? it's not like the world has ended! stop crying wolf." The objectors weren't really sure how this response made any sense whatsoever, because it didn't, and they all lived happily (?) ever after. The boy starved.

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 26 Dec 2018 @ 7:15pm

        Re: Re: Dear Mike,

        Y'know, that's one well-fed troll there.

        I keep tellin' folks, never feed them after midnight, but do they listen? Nooooo.....

        What, you mean mogwai are the same way?

        reply to this | link to this | view in chronology ]

  • This comment has been flagged by the community. Click here to show it
    identicon
    Anonymous Coward, 26 Dec 2018 @ 1:12pm

    So what you're saying is that we must allow your corporate sponsors to continue exploiting children in order to... protect the children from not getting the toy they wanted for christmas?

    reply to this | link to this | view in chronology ]

    • icon
      Stephen T. Stone (profile), 26 Dec 2018 @ 1:20pm

      So what you're saying is

      otherwording (or in-other-wordsing) — noun — The practice of summarizing an argument in a way that intentionally distorts it into saying something it does not and slanders the person who made it; this is often done to make winning an argument easier.

      Example: You can typically find the phrases “in other words” or “so you’re saying” at the beginning of an instance of otherwording.

      See also: strawman; your post

      reply to this | link to this | view in chronology ]

      • icon
        Mike Masnick (profile), 26 Dec 2018 @ 2:58pm

        Re:

        This is a good/fun definition, other than the misuse of "slanders" in it... :)

        But, yeah, the above "so what you're saying" comment is so beyond misleading that it does not deserve an actual response. But the person who posted it knows that and doesn't care. He spends a lot of time around here arguing against the strawman mike in his head -- and whenever we point out that the real me is different, he takes it as proof that I'm lying, because the strawman mike could never be wrong. It's delusional.

        reply to this | link to this | view in chronology ]

  • icon
    That One Guy (profile), 26 Dec 2018 @ 2:39pm

    The GDPR...

    'Protecting' your privacy... whether you want it to or not.

    reply to this | link to this | view in chronology ]

    • icon
      Hugo S Cunningham (profile), 27 Dec 2018 @ 10:47am

      Re: The GDPR...

      In the spirit of the GDR (look it up in Wikipedia), which built a wall to protect its people from CIA assassins and other fascists, whether the people wanted such zealous protection or not.

      reply to this | link to this | view in chronology ]

  • icon
    Gary (profile), 26 Dec 2018 @ 3:39pm

    Santa and the Elves...

    In related news, Santa has had to close shop after it was disclosed he complied his naughty & nice lists without parental consent.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 26 Dec 2018 @ 5:43pm

    Festivus for the rest of us

    reply to this | link to this | view in chronology ]

  • identicon
    Smartassicus the Roman, 26 Dec 2018 @ 9:37pm

    Warning:
    Reading this comment inside any country or region governed by the GDPR will be punished by a fine of $250,000.00 USD and ten years confinement in a sewage processing facility.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 26 Dec 2018 @ 9:42pm

    If you are planning a tripe to any EU country, just set your own VPN on your home computer before you go. That way, if you find your favourite US newspaper blocked, due to GPDR, you can simply log in to your home network, and then access the site.

    This does not break the CFAA in any way, because it is not a CFAA violation to log in own home computer network. You will appear to be coming from home computer, and nobody will ever be the wiser.

    Using your home network has one advantage over using a commercial VPN provider. Websites can use a service like BlockScript to detect access from known commercial VPN sites. Your home computer's VPN will not be in any of these lists, so websites will never know what happened.

    This is how, when I travel to Mexico or Canada, I can bypass geoblocking to get Netflix, iHeart, or any US only website. Using the VPN on my home computer makes my use of a VPN to bypass geoblocking undetectable to these sites, so it appears I am on my home computer, and they will never the wiser.

    To do this, while you are away, Comcast Business is the best for this. For $100 a month, you can get service, with static IP, with enough outbound bandwidth that will let you watch Netlix or YouTube through your home connection.

    And this is also where you can avoid problems with the CFAA and DMCA. To log on to your OWN network does NOT violate the CFAA, even if it is for bypassing geoblocking. For it to be unauthroized access, you have to be using an illegally obtained passed, and the password on your home network cannnot be considered illegally obtained.

    And it is not violating the DMCA to bypass geoblocking to access something you are already paying for, so it cannot be considered any kind of financial gain, since you are already paying for the service. Since I am alerady paying for Netflix and SiriusXM, it is not any kind of service theft.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 31 Dec 2018 @ 2:31am

      Re:

      Also, for it to be a CFAA violation, it has to to be done with the intend to defraud someone, or to damage a network. And bypassing geoblocking using a VPN or proxy is not fraud and is not any attempt to damage their network, so CFAA does not apply.

      reply to this | link to this | view in chronology ]

  • identicon
    Emilio, 27 Dec 2018 @ 5:01am

    Someone keeps getting it wrong

    Hi there,
    so some guy from a radio station does the job (in 5 minutes probably) of a bunch of incompetent administrators, but we blame GDPR just because?

    reply to this | link to this | view in chronology ]

    • identicon
      Michael, 27 Dec 2018 @ 6:24am

      Re: Someone keeps getting it wrong

      Sure, but the media conglomerate that owns the radio station is drafting it's legal challenge right now.

      You see, the radio host was working when he created the form. That makes it a "work for hire" that the media conglomerate owns the copyright to. Then, an entire town or pirates went out and copied the work and used it without purchasing a proper license. If the town does not crack down on this clear infringement and start forcing it's citizens to pay the licensing fees that were "stolen", we will be seeing a lawsuit very soon.

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 27 Dec 2018 @ 10:21am

    "Some people pointed out that this seemed like a bad outcome, and hardly the intent of the law."

    "Intent" of the law. If people can't clearly determine the purpose of the law as to form an intent, the law should be revised so its purpose is clear.

    It's true most of us would think the town took it too far, but you can bet there was an overzealous "prosecutor" or lawyer (not sure how German law enforcement works) would jump at the chance to sue.

    Oh, wait. Do Germans sue foolishly like American idiots?

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Close

Add A Reply

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Special Affiliate Offer

Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.