- commit
- e7544141b0be0c933c091804d0688e4485f80c9b
- parent
- 06a4e35f8e2f776b74e98f44fc2747626196eead
- Author
- Tobias Bengfort <tobias.bengfort@posteo.de>
- Date
- 2024-03-25 23:08
tweak gdpr post
Diffstat
| M | _content/posts/2024-03-22-beyond-gdpr/index.md | 12 | ++++++------ |
1 files changed, 6 insertions, 6 deletions
diff --git a/_content/posts/2024-03-22-beyond-gdpr/index.md b/_content/posts/2024-03-22-beyond-gdpr/index.md
@@ -118,16 +118,16 @@ give your data to a company with 10.000 employees, all of them can now legally 118 118 access that data. Heck, the company can also pass the data to subcontractors. 119 119 120 120 One of the [principles](https://gdpr-info.eu/art-5-gdpr/) of the GDPR is "data121 -1 minimisation", which is super important just to limit the attack surface. But-1 121 minimisation", which is super important to limit the attack surface. But 122 122 to my knowledge there are basically no concrete rules that actually enforces 123 123 this. 124 124 125 125 As an example: A local film festival recently started to sell their tickets126 -1 exclusively via Eventim. Before that, it was possible to buy tickets127 -1 anonymously in cash. Now you have tell Eventim what movie you want to see. It128 -1 is reasonable to assume that they are hosting their databases on AWS, so the129 -1 whole of Amazon can probably also see that. And the GDPR doesn't protect you130 -1 from any of it.-1 126 exclusively via a third party online platform. Before that, it was possible to -1 127 buy tickets anonymously in cash. Now you have tell that platform what movie you -1 128 want to see. It is reasonable to assume that they are hosting their databases -1 129 on AWS, so the whole of Amazon can probably also see that. And the GDPR doesn't -1 130 protect you from any of it. 131 131 132 132 ## Focus on principles instead of compliance 133 133