GDPR Concerns Temporarily Result In The Removal Of Trash Cans From Ireland Post Office

from the that's-some-fine-regulation-you-got-there,-EU dept

The regulatory nightmare known as GDPR continues to wreak havoc. The data privacy law enacted by the European Union has possibly helped protect the data of Europeans, but the thick cloud of smoke rising from the collateral damage makes it impossible to say for sure.

Regulating the internet isn't as simple as the EU Parliament thought it would be. The first reaction many US sites had to the new law was to block every user appearing to originate from a covered country. The EU Parliament couldn't even comply with GDPR properly. Its own website didn't anonymize incoming users correctly, allowing the Parliament's site to hoover up IP addresses to send through to Google Analytics. The EU Commission responded to this gaffe by exempting itself from the law.

Meanwhile, European citizens were experiencing the downsides of mandated data export. The law requires all user data collected by tech companies to be available on demand to European internet users. In theory, a wonderful idea. In practice, it means if someone hacks one of your accounts, they can start requesting your data as well. Even without being hacked, your personal data can be sent to someone else because tech companies are just as prone to clerical errors as anyone else.

This latest incident is more of the same. Another debacle powered by GDPR. This time, the problem created wasn't composed of 1s and 0s. This time the side effects could be felt physically.

All public bins have been removed from the GPO [General Post Office] due to potential privacy breaches under the General Data Protection Regulation (GDPR).

Customers and visitors to the historic building will no longer be able to dispose their litter within the premises.

An Post says under the new privacy laws, even rubbish containing personal details is considered their responsibility.

For this reason, a decision was taken to remove every bin from the post office’s main hall.

The problem? Post office customers were tossing out unwanted mail and receipts -- all of which contained confidential personal data now regulated by GDPR. The post office's solution was to remove its inadvertent data collection facilities, which apparently led to people leaving their regulated data lying on the office's counters and floors.

Fortunately, this new normal for post office users was swiftly reverted back to the old normal. The Commissioner of the Office of Data Protection issued a clarifying statement on post offices, rubbish bins, and protecting the privacy of post office customers.

When contacted this evening, a spokesperson for the Office of the Data Protection Commissioner told that "under no circumstances" could public litter be in breach of GDPR.

Great. Glad that's cleared up. Business as usual then?

“An Post have confirmed a number of outstanding issues around the handling of waste material from public litter bins in the GPO,” a spokesperson said.

“The bins had been removed from the public office of the GPO on a trial basis and have now been re-instated,” he said.


This is the stupid world the EU Parliament has gifted us. A breathtakingly broad law that regulates every entity that might possess the personal information of others has, however briefly, resulted in the removal of trash cans to ensure compliance. This may be the dumbest collateral damage yet, but it certainly won't be the last.

Filed Under: data protection, gdpr, ireland, irish post office, trash cans

Reader Comments

Subscribe: RSS

View by: Time | Thread

  1. identicon
    Anonymous Coward, 14 May 2019 @ 4:26pm

    You will have to pardon me for this long and slightly off-topic post/rant, but I feel like I have something to say over here.

    I think that the GDPR is the dumbest kind of "spaghetti" legislation that one could ever conceive. It shows absolutely no regard for real life cases.

    Most small and everyday webmasters either ignored it by geoblocking the EU, or tried to comply with it by slapping a pre-populated privacy policy and privacy "solution" on their websites, using some external online service. This because paying for or hiring external privacy "expertise" was overkill for them, given not only its costs, but also its dubious efficacy.

    Now, never mind the risk and vulnerability of using a single point service for all the privacy matters of every website, but I still wonder: how do small businesses deal with the finer requirements of that law? For example, the GDPR says that, in order to honor the right to be forgotten, a business has to remove every instance of a single person's data everywhere, if they request so. How do you remove granular and individual user data in full backups, especially offline ones, and on request, I ask? Especially if you are a small everyday business and not some enterprise like Google or Facebook.

    Or, let's say a company manages an existing database with its clients' data. How do you anonymize or "pseudonymize" the contents of it, as this law requests, without totally changing how that same database works in the first place?

    Or, given the hefty penalties for data breaches, how do you make sure that your system is unhackable? We know that security is a compromise, and not an absolute, and that shit can happen sadly. Why should businesses be lambasted for failing to properly protect their properties, when this is almost impossible to do nowadays, while the actual hacker who committed the crime remains unscathed instead?

    In today's age, when most websites rely on CMS, Wordpress and the like to do their job, why to place such a huge liability on businesses that use a CMS, which may be not fully updated for many reasons and hence hacker-prone, instead of placing it on the CMS developers themselves?

    Everyday and small businesses have bigger fish to fry than making sure that their systems are totally hacker-proof, especially when the actual responsibility for vulnerabilities is not directly theirs, since they use some external CMS. Sure, businesses can update it to give it a bit more security, but as we all know there is a myriad of real life instances when this cannot be done, or done right away. Maybe one of your plugins is not updated to the newest version of the CMS you are planning to update to, and it won't work with it, or maybe you are afraid that the newest CMS update will fuck up your website, or you worry that it will introduce new security holes, etc.

    In my opinion, all of this shows an extreme bias of EU legislators in favor of corporations (which can afford to pay for and deploy such systems as required by the law) and against the little man (who just can't do so).

    Given these precedents, it is no wonder and absolutely not in the realm of pure speculation that the same thing (if not something exponentially worse) could happen with Article 13/17. Just that in this case, the ones affected will be independent, direct-selling platforms and gatekeeper-avoiding avenues, where creators and artists could finally be able to self-publish, to grow and to control every facet of their own creative business, and so ultimately the ones who will suffer the most will be the creators and artists themselves.

    And this pisses me off to no end. Because it is one thing if you go against business in this faux-capitalistic and corrupt world, but it is totally another thing if you go against the hopes and dreams of individual artists and creators, while pretending that you want to make their life better. Individuals who are sensitive enough and are not schooled usually in the dry, dirty, cutthroat and just plain ugly aspects of the gatekeeper businesses, including the music business.

    And you don't break the hopes, dreams, aspirations and inspirations of european and worldwide artists and creators (especially under the superficial and misguided guise that you want to help them) with impunity and without there being repercussions. As the general, widespread and severe backlash against Article 13/17 has shown, and continues to show, from experts and the general populace alike.

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here

Subscribe to the Techdirt Daily newsletter

Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Insider Shop - Show Your Support!

Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Report this ad  |  Hide Techdirt ads
Recent Stories
Report this ad  |  Hide Techdirt ads


Email This

This feature is only available to registered users. Register or sign in to use it.