Jump to content
blandy

Should I stay or should I go now - U.K. in/out of the EU (contd.)

Recommended Posts

1 hour ago, tonyh29 said:

fail black and white GIF

Trademark that gif and call it my life ūüėĄ

Share this post


Link to post
Share on other sites

Just to give an example of how preconceptions about the Brexiteers make mountains out of molehills.

Story today about Number 10 requesting access to visitor data on gov.uk: https://www.theguardian.com/world/2019/sep/10/no-10-request-user-data-government-website-sparks-alarm

Quote

Data privacy campaign groups and Labour have expressed alarm after it emerged Downing Street has ordered departments to centralise the collection and analysis of user information from the government’s main public information website ahead of Brexit.

Now my understanding is that they simply want aggregated, anonymised data (rather like an opinion poll) to understand - in a centralised place (i.e. Number 10, rather than silo'd in departments) - what sorts of things the public look for on government websites.

No laws or regulations or even conventions will be broken by doing this, but because there's so much panic about a Putinist takeover of western democracy by hacking into our brains, it immediately generates this kind of histrionic reporting. There's no story here.

Share this post


Link to post
Share on other sites
7 minutes ago, KentVillan said:

Just to give an example of how preconceptions about the Brexiteers make mountains out of molehills.

Story today about Number 10 requesting access to visitor data on gov.uk: https://www.theguardian.com/world/2019/sep/10/no-10-request-user-data-government-website-sparks-alarm

Now my understanding is that they simply want aggregated, anonymised data (rather like an opinion poll) to understand - in a centralised place (i.e. Number 10, rather than silo'd in departments) - what sorts of things the public look for on government websites.

No laws or regulations or even conventions will be broken by doing this, but because there's so much panic about a Putinist takeover of western democracy by hacking into our brains, it immediately generates this kind of histrionic reporting. There's no story here.

The story explains why there are concerns, especially around the involvement of Cummings, with his interesting record regarding data collection and use, the urgent priority it has been given, and the personal involvement of Johnson instructing immediate action.  A routine exercise would not have these characteristics.

  • Like 1

Share this post


Link to post
Share on other sites

It's difficult for a foreigner to keep track of brexit, well it is to me anyway. But the thread titled has intrigued me. Has anyone on here actually gone? 

Share this post


Link to post
Share on other sites
7 minutes ago, KentVillan said:

Just to give an example of how preconceptions about the Brexiteers make mountains out of molehills.

Story today about Number 10 requesting access to visitor data on gov.uk: https://www.theguardian.com/world/2019/sep/10/no-10-request-user-data-government-website-sparks-alarm

Now my understanding is that they simply want aggregated, anonymised data (rather like an opinion poll) to understand - in a centralised place (i.e. Number 10, rather than silo'd in departments) - what sorts of things the public look for on government websites.

No laws or regulations or even conventions will be broken by doing this, but because there's so much panic about a Putinist takeover of western democracy by hacking into our brains, it immediately generates this kind of histrionic reporting. There's no story here.

I beg to differ, The spokesman claims no personal data is collected. If no personal data is collected they can't really do the analytics. An IP address counts as personal data. They are either lying or are ill-informed (or both)

So as personal data is collected, they must comply with the GDPR (and DPA 2018). It's very hard to justify a duplication of data as described in the article. I'm trying to imagine their legitimate interest, the explanation contained in the article doesn't cut it. There would be a LI to each dept running particular parts on the governments monolithic web portal but for it to be centralised following that collection is highly suspicious

Share this post


Link to post
Share on other sites

8 hours ago, tonyh29 said:

   .. yet someone whose actually voted Lib Dem as many times as they've voted Tory is somehow a card carrying dyed in the wool Tory

You are Jo Swinson and I claim my £5

  • Like 1

Share this post


Link to post
Share on other sites
1 hour ago, bickster said:

I beg to differ, The spokesman claims no personal data is collected. If no personal data is collected they can't really do the analytics. An IP address counts as personal data. They are either lying or are ill-informed (or both)

So as personal data is collected, they must comply with the GDPR (and DPA 2018). It's very hard to justify a duplication of data as described in the article. I'm trying to imagine their legitimate interest, the explanation contained in the article doesn't cut it. There would be a LI to each dept running particular parts on the governments monolithic web portal but for it to be centralised following that collection is highly suspicious

Knowing that User A has done x, y and z on your website on a particular visit may involve tracking the IP address over the course of that visit (legitimate data collection under GDPR). Once you have that information about page visits, clicks, etc., you can separate it from the IP address (the personal information) and just store it as a visit by an anonymous user.

Nothing in GDPR prevents you from sharing that anonymous visit data, and of course it's possible to "do the analytics" without the personal data. Once you start aggregating that data (e.g. by day or by site or by search term) you're way beyond the realm of identifiable personal information.

That's the nature of anonymised, aggregated analytics, and it's widely used across all kinds of organisations and businesses to track customer behaviour, without breaking any laws or doing anything unethical. You want to answer a question like: "when do voters start searching for information on self-assessment returns?" or "what's the regional breakdown of gov.uk visitors looking for information on stamp duty?" you need to run this kind of analysis.

All Number 10 are proposing is that instead of this being split across several different departments, it's accessible to the PM and his team.

I get all the other points about Boris and his team being questionable people, but you could make the same argument about literally anything they do. "Boris is an untrustworthy prick" might be true, but it's not a legitimate reason for criticising every single thing his govt does.

Share this post


Link to post
Share on other sites

So Boris is looking at building a bridge between NI and Scotland, because then the Brexit border issue will disappear.

But wait... Surely the border is then in Scotland? Or still in NI? Or halfway along the bridge? Or in fact between NI and the Republic like it will always have to be unless the UK casts NI adrift entirely.

I'm confused...

Share this post


Link to post
Share on other sites

You'd think Johnson's experience of bridges would scare him off. Once bitten and all that.

  • Like 2

Share this post


Link to post
Share on other sites
4 hours ago, KenjiOgiwara said:

It's difficult for a foreigner to keep track of brexit, well it is to me anyway. But the thread titled has intrigued me. Has anyone on here actually gone? 

I've been to Europe quite a few times. Even in France they don't do things properly. Spain is hot, the food is amazing but they sleep all day and don't do any work. Germany has a serious superiority complex, they pretend they don't hate immigrants, but I think they hate them as much as we do. And we won the war. Scandinavia is ridiculous, at £10 a pint of beer they're all obviously lying when they say they are really happy.

Portugal is hot and boring. Belgium claims to make the best beer but it's cack compared to ours (this is the only thing I've written a that isn't a joke). Ireland isn't really in Europe, apparently most of the Irish live in America anyway. 

What's the point in the Austria and the Swiss? Most of Poland live in the UK. 

 

Share this post


Link to post
Share on other sites
2 hours ago, KentVillan said:

Knowing that User A has done x, y and z on your website on a particular visit may involve tracking the IP address over the course of that visit (legitimate data collection under GDPR).

An IP addrsss counts as personal information under GDPR , the logic being that  your ISP knows to whom that IP address has been assigned and it could be matched up to  sites visited ... it’s quite a long shot but nether the less as it stands GDPR rules it as personal data

Edited by tonyh29

Share this post


Link to post
Share on other sites

3 hours ago, KentVillan said:

Knowing that User A has done x, y and z on your website on a particular visit may involve tracking the IP address over the course of that visit (legitimate data collection under GDPR). Once you have that information about page visits, clicks, etc., you can separate it from the IP address (the personal information) and just store it as a visit by an anonymous user.

Nothing in GDPR prevents you from sharing that anonymous visit data, and of course it's possible to "do the analytics" without the personal data. Once you start aggregating that data (e.g. by day or by site or by search term) you're way beyond the realm of identifiable personal information.

That's the nature of anonymised, aggregated analytics, and it's widely used across all kinds of organisations and businesses to track customer behaviour, without breaking any laws or doing anything unethical. You want to answer a question like: "when do voters start searching for information on self-assessment returns?" or "what's the regional breakdown of gov.uk visitors looking for information on stamp duty?" you need to run this kind of analysis.

All Number 10 are proposing is that instead of this being split across several different departments, it's accessible to the PM and his team.

I get all the other points about Boris and his team being questionable people, but you could make the same argument about literally anything they do. "Boris is an untrustworthy prick" might be true, but it's not a legitimate reason for criticising every single thing his govt does.

I beg to differ on the use of your IP address as legitimate data collection under the GDPR, it demonstrably isn't.

The .gov.uk website isn't fully GDPR compliant with regards to cookies and specifically Google Analytics. GA requires prior consent before being loaded to your device, GA is installed prior to consent (I just checked) therefore the whole thing fails GDPR as soon as you go onto the website. If you can't trust the government to get it right at that basic stage then why should you trust them later in the process?

Now the ICO aren't targeting this kind of failure right now, it's way down their list of priorities (quite rightly so) but we, the voters of the country, should expect the government at least to be compliant but they aren't. Then add in the history specifically of Cummings with Vote Leave and Cambridge Analytica, there is every right to question the motives behind this. It isn't the nothing story you suggest. Neither was the CA scandal but at the outset of that, opinions similar to yours we're expressed quite often.

  • Like 1

Share this post


Link to post
Share on other sites
1 hour ago, Lichfield Dean said:

So Boris is looking at building a bridge between NI and Scotland, because then the Brexit border issue will disappear.

But wait... Surely the border is then in Scotland? Or still in NI? Or halfway along the bridge? Or in fact between NI and the Republic like it will always have to be unless the UK casts NI adrift entirely.

I'm confused...

The bridge idea was a DUP initiative first mooted back in 2015 before Brexit was a thing so i’m  not sure if it’s proposed as a Brexit type solution or an economic one

i think it was something Boris then proposed when he was at the FCO back in 2018 

Share this post


Link to post
Share on other sites
13 minutes ago, bickster said:

I beg to differ on the use of your IP address as legitimate data collection under the GDPR, it demonstrably isn't.

The .gov.uk website isn't fully GDPR compliant with regards to cookies and specifically Google Analytics. GA requires prior consent before being loaded to your device, GA is installed prior to consent (I just checked) therefore the whole thing fails GDPR as soon as you go onto the website. If you can't trust the government to get it right at that basic stage then why should you trust them later in the process?

Now the ICO aren't targeting this kind of failure right now, it's way down their list of priorities (quite rightly so) but we, the voters of the country, should expect the government at least to be compliant but they aren't. Then add in the history specifically of Cummings with Vote Leave and Cambridge Analytica, there is every right to question the motives behind this. It isn't the nothing story you suggest. Neither was the CA scandal but at the outset of that, opinions similar to yours we're expressed quite often.

At the risk of this taking a very long technical tangent...

Literally all websites see your IP address (or whatever IP address you're hiding behind) in order to serve you webpages. That's how the internet works. The fact that you have asked a specific website, e.g. gov.uk, for a webpage, is tacit consent that you wish to share your IP address with that website.

The analysis I'm describing (e.g. page visits by hour of day, or by region of the country) do not require those IP addresses to be stored for any longer than the duration of a single site visit (or perhaps even not at all), so this doesn't breach GDPR, and is a separate issue from cookies and GA.

I have no idea whether gov.uk is breaking GDPR rules on cookies and GA (neither of which are necessary for the analysis I described), although your explanation doesn't make much sense to me (GA is installed server-side, but you seem to be describing something that is installed on the user's device).

Share this post


Link to post
Share on other sites
48 minutes ago, tonyh29 said:

An IP addrsss counts as personal information under GDPR , the logic being that  your ISP knows to whom that IP address has been assigned and it could be matched up to  sites visited ... it’s quite a long shot but nether the less as it stands GDPR rules it as personal data

I know that. The point is that collecting relevant personal information for a specific task with user consent (e.g. serving up a webpage) is totally separate from storing that same personal information and using it for other tasks without the user's consent. GDPR breaches typically relate to the latter.

Share this post


Link to post
Share on other sites
23 minutes ago, KentVillan said:

I know that. The point is that collecting relevant personal information for a specific task with user consent (e.g. serving up a webpage) is totally separate from storing that same personal information and using it for other tasks without the user's consent. GDPR breaches typically relate to the latter.

Using a webpage does not imply consent to the use of your data for analytical purposes. This is a flagrant breach of the GDPR.

Under the GDPR you should be able to opt out of all cookies except for those necessary to provide the service. GA is absolutely not necessary. This isn't up for debate. It's the law

  • Like 1

Share this post


Link to post
Share on other sites
16 minutes ago, KentVillan said:

Literally all websites see your IP address (or whatever IP address you're hiding behind) in order to serve you webpages. That's how the internet works. The fact that you have asked a specific website, e.g. gov.uk, for a webpage, is tacit consent that you wish to share your IP address with that website

Consent should never be implied under the GDPR. Implied consent went out of the window on 25th May 2018. If you are using consent as a legal basis for processing personal data, it MUST be explicit

One of the main alternatives to consent is Legitimate Interest but public bodies are extremely restricted in using this a lawful basis. Public bodies however can use ‚ÄĚPublic Task‚ÄĚ as a lawful basis but that really doesn't appear to apply in the case of just visiting a website, there is no public task

Sorry but I do this shit for a living. 

Share this post


Link to post
Share on other sites

11 minutes ago, bickster said:

Consent should never be implied under the GDPR. Implied consent went out of the window on 25th May 2018. If you are using consent as a legal basis for processing personal data, it MUST be explicit

One of the main alternatives to consent is Legitimate Interest but public bodies are extremely restricted in using this a lawful basis. Public bodies however can use ‚ÄĚPublic Task‚ÄĚ as a lawful basis but that really doesn't appear to apply in the case of just visiting a website, there is no public task

Sorry but I do this shit for a living. 

The whole notion of visiting a website is that you create a connection with that website that involves each side seeing the other side's IP address (or a proxy address). Given that you do this for a living, do you understand that? The very act of visiting a website is consenting for that website to see your IP address. Please tell me you understand that.

To give you an example, are you honestly telling me that answering the following question is not allowed under GDPR:

How many unique visitors visited my website in the last hour?

I have not seen or heard anything to suggest that website owners (private or govt) are not allowed to conduct this analysis using reasonable means. (I also do this for a living, but perhaps I am cruising towards a massive fine, so point me in the right direction if I'm wrong.)

Edited by KentVillan

Share this post


Link to post
Share on other sites
1 minute ago, KentVillan said:

The whole notion of visiting a website is that you create a connection with that website that involves each side seeing the other side's IP address (or a proxy address). Given that you do this for a living, do you understand that? The very act of visiting a website is consenting for that website to see your IP address. Please tell me you understand that.

Seeing to serve a webpage and storing to analyse are two entirely different concepts

Share this post


Link to post
Share on other sites

√ó
√ó
  • Create New...
√ā