I found a handy site for taking notes, but everything it says about the privacy of this one:
“Anonymous by default, no adverts. We offer a high level of privacy for both writers and readers. You don’t need to create an account to post something. There are no adverts on the entire page and we don’t use any social media scripts. You can rest assured that information about your activity on the site will not be used by advertising companies or social media.”
This is in the “About” section.
There is no information about what information the site collects about the user.
It’s probably made by one person or a small group of people in an unofficial capacity meaning they’re not doing eveything they should. So it could mean anything really.
Legally, it should mean no personally identifiable information is collected, since they are not accurately described. In practice, I’d expect at least IPs to be logged, but not used meaningfully. This is of course if the site services the EU.
If the site services the EU and does not have a privacy policy it’s downright illegal according to the GDPR.
Art. 14 GDPR, “Information to be provided where personal data have not been obtained from the data subject”:
Where personal data have not been obtained from the data subject, the controller shall provide the data subject with the following information […] the identity and the contact details of the controller […] the purposes of the processing for which the personal data are intended […] where applicable, that the controller intends to transfer personal data to a recipient in a third country or international organisation …
Is it just me or does this not make sense? It says you must declare the purposes of the processing for which personal data are intended, but this is under the section for when no personal data is collected. How does that work?
It’s EU garbage. The answer is that it doesn’t work and is designed to fuck people over
Found someone salty that their site didn’t comply and is big angy about having to clean it up and stop being shady 😏
There’s nothing shady about ignoring what eurotrash politicians want.
Yeah, nothing shady about ignoring the law, right.
To be fair, depending on your interpretation of “shady” I’m pretty sure you can find a lot of laws most people wouldn’t describe someone ignoring to be doing anything shady. ( I think that sentence should make sense)
Correct. There’s nothing shady about ignoring retarded laws for an irrelevant jurisdiction
That section is only applicable if personal data has been obtained by some means other than from the data subject. If a site doesn’t collect or process any personal information, period, then that section (and the rest of the GDPR) isn’t applicable.
Websites that don’t PII, not including third party content such as trackers and social media embeds, and not placing any cookies don’t need to deal with paperwork involving privacy. Of course most web servers enable IP logging by default.
The GDPR also has exemptions for non-business cases. There’s no need to tell your friends about your privacy policy if you’re adding them to your contacts, nor who you share their contacts with (i.e. WhatsApp, Signal, Google Contacts, Apple Contacts, iMessage, Jibe).
No privacy policy generally means that there’s either no privacy that can be violated (very unlikely) or that this is not required within their jurisdiction. Alternatively, the site admin can be lazy, realise nobody ever reads that shit anyway, and just doesn’t bother until it comes up.
No terms of service means that there are no additional terms of service. You’re allowed to use the application to the full extent of the law, and the application is allowed to do whatever the law allows them to do. Most websites don’t need terms of service anyway, all they ever say is “we’re not responsible for more than the law will hold us responsible for” and “don’t scrape our site or we will block you”. It’s just something most sites copy off each other. Generally, as an end user, no terms of service allows you more freedom because there are no arbitrary additional constraints to the service’s use.
I believe the GDPR doesn’t require quite a few of the things in that law unless the company is above a certain size. May have something to do with that.
