Well, I understand your opinion. However, I kinda not understand the first part... It's her body. Why would the doctor say no to begin with?
infamousbelgian
joined 2 years ago
I'm getting a lot of syntax errors at the bottom of the page since well... recently.
SyntaxError: JSON Parse error: Unrecognized token '<'
True... But if it should come to that, I think that people will pull the plug with a 20 million euro fine above their heads... 20 million seams to be the number that works, if you see the reaction of Christian from Apollo...
Well... Apparently (I did some reading), the topic was about Google Workspace for Education. A solution only used by schools.
Nobody is currently "caring" about the normal Google Workspace. So yes and no.
You and I are not. But if a certain giant site that is currently making not the... euh... best decisions goes in to action with a large legal team...
You are missing the point. A TOS can't fix it. If it can, they would have done so. And for GDPR, there is no difference between schools and genpop. A citizen is a citizen...
Thanks! The info actually makes sense. Also, do note that every EU country has their own specific implementation of the GDPR law with very small differences. So this is written according to the UK implementation, but the BE implementation might be just a bit different.
All complicated stuff...
Can you explain where I'm misinformed? I can surely be misinformed about the workings of Lemmy. However, for GDPR you will not "win" it with a simple TOS or something like that.
If even Google can't make their Workplace to follow rules in such a way that Workplace can be used according to the AVG rules in the Belgian (well, Flemish) schools, I'm pretty sure that just saying "it's in the TOS" is not enough...
But again, no expert so I hope that I am wrong.
Ok, so I did some checking regarding the location and stuff, since I'm clearly not informed enough about this. However, my point still stands (I think).
Copy pasted from Twilio. I guess they are better aware than I am about the rules...
The general principle for transfers is outlined in Article 44, which can be summed up as saying, if you transfer EU personal data out of the EU, make sure that this data still enjoys the same level of protection it gets under GDPR. In other words, the entity or company that you pass the data to outside the EU must be under a legally binding obligation to follow GDPR data protection principles or the equivalent. (Unlike an outright prohibition on extraterritorial data transfers, this actually makes sense. No point if having rules if those rules get tossed out the window just by moving the data out of the EU.)
and also:
This legally binding obligation can be achieved in multiple ways. Here is a sampling:
1. The entity to whom you pass the data to happens to be in a country that has data protection laws that are just as strong as GDPR (as determined by the EU Commission).
2. The entity to whom you pass the data to agrees by legally binding contract to follow GDPR principles of data protection.
3. The company has enacted Binding Corporate Rules.
4. There is some regulatory-approved code of conduct to which the entity subscribes.
So, if someone opens up an instance in, let's say, Ethiopia or the US, it is not compliant, afaik.
However, question remains about the proxy thingy of the fediverse. Is data copied/stored on other instances OR does it remain on the instance that I subscribed to. And what if that instance is located in a "non-GDPR-compliant-environment"?
Is it? I read somewhere that data effectively gets "copied" to the different instances? But that might be wrong info :p
That sounds crazy. I can hardly imagine a scenario like this!