I spent a decade working with digitalisation in the public sector in Denmark and I doubt this will change a thing considering a executive order is too risky to rely on.
I'm a little torn on the issue because I value privacy, but currently we have a nice scandal going here in my country, which is essentially the former top intelligence boss of the military secret police, or whatever you'd call it in English, being accused of leaking state secrets. What he leaked was that our government let the NSA spy on our citizens illegally, so it's not like all our privacy laws actually protect us if our own governments let the Americans have free access to our data any way.
While the bureaucrats and lawyers discuss this, both the public and private sector suffers the financial consequences. We recently had a smaller scandal, where a town was told they couldn't use their chromebooks, or their google education setup, for this years schooling. Essentially making it impossible for that city to teach, because so much of their setup relied on google education and they only had a month to find an alternative. You can argue privacy over this, but it's sort of weird that one city, out of 30+ cities, were banned from using these tools while the others weren't, and that they were banned from it because they fucked up their documentation. I'm not going to defend google, but really, in this case we're hurting the education of thousands of children over something silly. Because the alternative to google education isn't going to be Linux and some European cloud alternative, because that simply doesn't exist, it's going to be Microsoft and the exact same data siphons. And this is really just a small part of the real world issue.
There is no European alternative to Azure or AWS, and while they are more GDPR compliant than Google, it's not like they are a safe bet either. So where do you put your infrastructure? In Azure or AWS and bet on the bureaucrats not coming for you, or in a worse alternative?
I'm a fan of the GDPR, you might not think so after reading what I just wrote but I am. I just think that maybe they should have worked on giving us some European options first. Especially since they seem to give the NSA access anyway, even though it's done in secret. But an executive order isn't really going to help us, because who knows what the next American government might do to it. Nobody in enterprise is going to bet their infrastructure strategy on american politics anymore.
> What he leaked was that our government let the NSA spy on our citizens illegally, so it's not like all our privacy laws actually protect us if our own governments let the Americans have free access to our data any way.
Yeah :/ Unless I hear otherwise, I'm assuming this order has little to offer individuals and is instead a big business & government treaty. Governments (including our European ones) keeps their mass surveillance and American mega-corporations get the business contracts, all covered in PR of increased individual privacy.
Since it's an executive order, it also wouldn't surprise me if there's a hidden payload relating to increased US surveillance due to the war. I may sound cynical but every leak about the intelligence apparatus has proven even me naive.
> I'm not going to defend google, but really, in this case we're hurting the education of thousands of children over something silly. Because the alternative to google education isn't going to be Linux and some European cloud alternative, because that simply doesn't exist, it's going to be Microsoft and the exact same data siphons. And this is really just a small part of the real world issue.
Nextcloud exists, and it can serve a school just fine.
In fact The EU is partnering with NextCloud to get rid of Office 365(1)
Nextcloud is not fully there yet, but the only way to push it to compete is to support local alternatives by giving them an advantage.
Even though I still think Nextcloud is being held back by technical decisions(PHP and its slowness and
It feeling janky)
> There is no European alternative to Azure or AWS, and while they are more GDPR compliant than Google, it's not like they are a safe bet either. So where do you put your infrastructure? In Azure or AWS and bet on the bureaucrats not coming for you, or in a worse alternative?
OVH is literally the fifth biggest internet hosting provider, and Hetzner is 6th according W3techs(2)
> I'm a fan of the GDPR, you might not think so after reading what I just wrote but I am. I just think that maybe they should have worked on giving us some European options first. Especially since they seem to give the NSA access anyway, even though it's done in secret. But an executive order isn't really going to help us, because who knows what the next American government might do to it. Nobody in enterprise is going to bet their infrastructure strategy on american politics anymore.
This is a specific case to Denmark, when looking at Europe in general the legal requirement (and some times bans) of Google analytics created GDPR friendly alternatives like Plausible.io and Posthog.
And you can see the same thing with Nextcloud or EU hosting and many other things.
Things take time, and result are starting to show up.
Next cloud doesn’t come with the chromebooks, or the educational tools that we’ve already paid for though.
I think you have to look at it from a bigger picture. We could technically use Linux, next cloud and something not office365, but who would operate and maintain it? Almost none of the IT staff in the public sector (or in my case the entire country) knows how to operate these things, and a major part of them don’t want to learn because they can just leave for a better paying job with AWS or Azure in the private sector. The teachers and other employees know how to use office365 and Google education because they have used it all their lives. The developers making the education software similarly know how to do so on these platforms.
I get that someone needs to make the first move, but if it’s going to be done this way, where the schools themselves are punished for decisions they don’t make. Which is essentially what happens when a city is told it cannot use the chromebooks it has already bought or the educational plans that they have laid out for the year. So in order to protect the educational data from google (again, only in the one city that fucked up their paperwork and not all the other cities using google education or chromebooks) that city is going to have at least a year or schooling broken, and will have to find the money to pay for new options. Money that means even less teachers.
If you can think of a faster way to lose public support for the GDPR in general than that, then I’d applaud you, because I sure can’t.
Mean while, the same data protection agency that banned the chromebooks removed the option from parents to avoid having institutions upload photos of their children to a national app run in AWS.
Or in other words, if the legalisation thinks it can move the EU forward through punishments, then I think the EU is going to wake up without member states because nobody is going to want to pay for it with nurses and teachers.
> The idea is to require banks, credit unions and other providers of financial services to track and submit information to the IRS about the total inflows and outflows of every account
> The IRS wouldn't receive details on individual transactions but, rather, gross yearly totals.
This seems quite different than "tracking purchases", online or not. As far as I can tell, they're looking to identify movement of money between accounts that would indicate behavior meant to skirt taxes.
I'm never excited about moves that involve more tracking of individuals, but I also don't think it's fair to characterize this as "tracking purchases".
Did this ever actually go into effect? Looks like this was all just a proposal at the time the article was written.
Literally in the next paragraph it invalidates your point
> Reports submitted by banks to the IRS would break down the numbers to include physical-cash transactions per account, any transactions with a foreign account and transactions between accounts held by the same owner. The IRS wouldn't receive details on individual transactions but, rather, gross yearly totals.
This implies tracking of purchases. In particular, a half-awake person will use cash to make transactions they don't want someone to know about. It doesn't take much digging to correlate a cash transaction to something if you know a few more details.
At any rate:
> I'm never excited about moves that involve more tracking of individuals, but I also don't think it's fair to characterize this as "tracking purchases".
It is exactly tracking purchases. Whether it's disguised as "tax data" or "purchases" the fact is they know it. Splitting hairs is exactly what they want you to do to distract you from yet another incursion into our right to privacy.
> Literally in the next paragraph it invalidates your point
How so? The quote you just pasted includes what I already quoted - specifically that the IRS does not receive details on individual transactions. Here's another article that explores this and the common misrepresentation of the proposal as well [0].
Your bank already tracks your purchases. They must do so to know how much money you have now, and how much you'll have after you make a purchase. That would not change. They also cannot see what you do with your cash - that will also not change.
The thing that seems new (and again, still potentially concerning, but also potentially reasonable), is that gross totals will be shared.
> It is exactly tracking purchases. Whether it's disguised as "tax data" or "purchases" the fact is they know it. Splitting hairs is exactly what they want you to do to distract you from yet another incursion into our right to privacy.
Given two scenarios, one in which a full list of your individual transactions are sent to the IRS, and one in which aggregate inflow/outflow data is provided to the IRS, are you really arguing that these are the same, or that distinguishing between them is splitting hairs? Another framing would be that this is looking for an accurate representation of what's actually going on.
How would you distinguish some hypothetical future policy that involves actually tracking/sending individual purchases from this one that does not do such a thing?
But this all feels like a conversation of dubious value since we're discussing an article that talks about a proposal that hadn't yet been finalized at the time of writing.
I'm not saying there aren't things to ask questions about there, but I am saying that getting the details right matters.
