The GDPR, and it’s German derivative BDSG-new, is in a sense like a prophecy from the oracle of Delphi. You hear the words, but no matter how hard you try, you can’t understand what they really mean, until the course of history knocks you down. Now, in Germany for regulations, the role of the “course of history” is assumed by the courts, and until they provide some clarification about what exactly constitutes compliant behavior, I believe that at this blog we have to take the words of the regulation literally, which leads to a number of restrictions and inconveniences in our communication. Scroll beyond the next two paragraphs for details.
To provide some context: The German version of the European general privacy protection regulation is very generic in the description of the requirements, and on the other hand draconian in the measures. The fines for noncompliance are clearly made to put you out of business forever.
Experience tells us, that the most absurd possible interpretation of the regulation will prevail in judicature, until after decades of mindless harassment of all well meaning parties involved, a high court cleans out the mess for good. In Germany this is almost always the case when the internet is involved.
As a consequence there is currently only one way for me to comply, and I have no idea how anyone else seems to get around it: I refuse to process any personal information in matters regarding this blog. So, like most people, I have turned off the comment function. Also I do not accept any direct electronic communication about this blog. If you are a resident of an EU country, please do not even try to send me emails. They will be deleted instantly. Instead, please post your questions, thoughts and comments on Facebook, Twitter, LinkedIn, Google+, etc..
If you need to send me a private message, please encrypt it using this key, and then again post it on Facebook, Google+, etc. using the hashtag #notesonpersonaldatascience. I will find it and answer using the same channel.
The point of this is: this mode of communication leaves none of your personal data in any computer, router, firewall, cache or backup disk under my control.
Of course, it will at the same time refine your profile at Facebook or Google. I am truly sorry for that, and I also assume, that this is the opposite of the intention of the lawmakers who created the GDPR.
If anyone comes up with a better solution, I will happily adopt it. Maybe this should be Watsons next challenge! Meanwhile things are what they are.
The good news at the end: Users from the EU are no longer locked out from NotesOnPersonalDataScience.