-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I think a good way to think about it is that practice is influenced in one third by law, in one third by the terms of service, and in one third by employee decisions.
So I would estimate, if employee behavior is exactly random (50/50), then the terms mentioning your right to request your private data, would increase the chance of this being true in practice, from 50% to 83%. The only situation where I think we should take more context into account is where the terms of service A state a good or a bad thing, about which service B simply doesn't say anything, because it's implied by common sense or by law. In this case, I think the rating of +30 for mentioning that you can obtain your private data, and +40 if it can be done without a lot of work such as sending faxes or letters, is fair. This is recorded in https://github.com/tosdr/tosdr.org/blob/5c2a4690f43d47eaed02b2fac18bbaf4a246a2d6/scripts/cases.js#L35-L38 Please reply to this thread and propose a different rating if you think otherwise. Cheers! Michiel On 05.09.2014 14:19, [email protected] wrote: > Op vrijdag 5 september 2014 13:27:50 UTC+2 schreef Michiel de > Jong: >> Hm, on the other hand, they probably get a lot of people trying >> to compromise celebrity accounts, so maybe it's just their way of >> being cautious? I'm not sure whether we should immediately judge >> this as them trying to discourage you or being lazy about how >> they offer this data export service. In fact, faxes probably give >> them a lot of extra work, too. See also for instance >> https://blog.scraperwiki.com/2014/08/the-story-of-getting-twitter-data-and-its-missing-middle/ >> about the trade-off between API openness and user privacy that >> Twitter apparently deals with. >> >> On the other hand, you're right that use of faxes and printed >> documents is really silly in this day and age - they could >> instead also just allow you to email a scanned copy of your >> passport as an attachment. I propose we give then the 40 positive >> points for allowing data export, but discount them 10 for >> requiring the use of fax technology (so a score of +30 instead of >> +40 in the end). >> >> On Tuesday, September 2, 2014 8:32:03 PM UTC+2, Anna D wrote: >> >> (Trying this again, image in previous post didn't work) Under >> current European law, users/data subjects have the right to >> access their personal data which the controller has collected >> (art. 12 Directive 95/46/EC, >> http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:31995L0046:en:HTML) >> >> and ask for a copy of those personal data. Twitter makes it very hard >> for users to access their personal data, because they are >> required to send a fax with various (personal) data to Twitter >> for identification purposes. It's pretty obvious that most people >> don't have faxes at home anymore. > > Hi Michiel (fellow Dutchie I suppose ;)?)! > > Personally, I don't see how it makes a difference in security to > require users to send a fax instead of mail, because users have to > hand over a copy of their ID and the email-adress (which is linked > to the Twitter-account) either way. Why is a fax in this situation > 'safer' than mail I wonder? In my opinion faxes a not required: > Facebook also allows mails for data requests. In fact, I believe > that the exercise of a right to access should be exercised the same > way as the way an agreement is created. For example: if you create > an account on a website, you should also be allowed to request your > information using that website (or by mail, as long as it's > possible via internet). > > Also I'm not sure about the points. Yes, Twitter allows a right to > access for their users, but all companies (controllers) who process > data of Europeans have to! So why give them so much credit for > that? > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJUCtQDAAoJECmDVpL5muhKJAwQALkOMM6V2IimZYNjsN6na0Q7 ZZZQtGuLkYB0TrajVXA5a7tP1gzbX2CHyXzdGYQSDSNz1rQ2o8DMmoOgdoCkbEZO VrmdjHLC+PP05QeoBBLDXq4xbC/nzlF9L2ySGL/l5JOnTiWq49DQ9+9Im/mdnpCx 1lNZH/HlDssxdD/FjS2kMfcmkG0rf6H+lEDbgeeZu7KpD5N5I6sW3iIqkiwj9PwC tQs1lyLYqHAJ9V00RMCnFviY3cvfPZydOLt1FjKzejb+mmPIpwnpwOe6qZwxmQJk bdSOLInfMOflICCEWjiLnuvmg61eEOS68AHmWVwKywaTrXC9S8AQHmrKRWeqhPzu JNq4OMUAgiJn2ro2AsPC3ec5tV/A1WZGZ03WtRzAmIzgrazdBfFaE6zGtV/xViKU II+6I0gY/oU0l9dtuSgduEjbjemBH6XoaW7t4beYW4BrPX/mn7Jwh+H7tSLrnRKK Mv2hVXTGHkjLB/WGM/X3Rgjj1CBPnjGHUYx57p52rv7Qj4fowQZj+6UXqSsxmBMd 8QU5TFWI6VomJCCjIwwthKROcA3VgHJJd5axylO6DxoX8a6HB8J+QBA/2iHrnOoi VenA9KLUsvNqmuMHgVtA7yy9c2RisloQuupisCnrsUf4fTcC/TjuihqI5MGE7Q3P 60MgpILuSgz7nUPli7Lh =G380 -----END PGP SIGNATURE----- -- tosdr.org | twitter.com/tosdr | github.com/tosdr --- You received this message because you are subscribed to the Google Groups "Terms of Service; Didn't Read" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/tosdr. For more options, visit https://groups.google.com/d/optout.
