GDPR and Logos

Page 1 of 2 (27 items) 1 2 Next >
This post has 26 Replies | 2 Followers

Posts 762
Patrick S. | Forum Activity | Posted: Thu, May 24 2018 1:05 PM

I don't see, haven't seen, any information about the European General Data Protection Regulation ('GDPR') which comes into law tomorrow, Friday, on the Logos website or emails nor any (now required) email confirming explict opt-in coming from Logos.

It does not matter that Logos is an American company, they are selling services to EEA residents therefore they are bound by the personal data regulations of the GDPR — which are pretty substantial, as are the fines, up to 20 million Euros.

Also statements on the privacy page

https://www.logos.com/privacy

such as:

"At times Faithlife may make certain personal information available to strategic partners."

"By using our site, you consent to our online privacy policy."

will not, as I understand, cut it with the EU commission and the GDPR.

One of the foundational principles of the GDPR is that data subjects (natural persons) have (sole) ownership of their personal data — forever. That ownership remains inviolate, and companies, including non EU (i.e. American) companies, cannot attempt to 'contract out' data subjects from their right (of ownership).

So if I say that I do not agree (and I don't) that "Faithlife may make certain personal information [of mine] available to strategic partners" — then they may not do so.

I would be interested to hear comments from Logos.

==================

For those interested (for your interest, separate to my query to Logos above), two good information websites about the GDPR:

'GDPR in Plain English' (easy reading)

https://blog.varonis.com/gdpr-requirements-list-in-plain-english/

Good Detailed Information Site 

https://www.i-scoop.eu/gdpr/

"I want to know all God's thoughts; the rest are just details." - Albert Einstein

Posts 1691
Robert M. Warren | Forum Activity | Replied: Thu, May 24 2018 2:08 PM

So there.

Win 10 Android 8.1 Fire OS 5

Posts 1690
LogosEmployee
Bob Pritchett | Forum Activity | Replied: Thu, May 24 2018 5:53 PM

We are actively working on GDPR issues, and have engaged external advisers with even more expertise. We'll have updates soon.

Posts 682
Kevin A Lewis | Forum Activity | Replied: Fri, May 25 2018 1:03 AM

Good to hear - for the sake of the company - there are some 'very' heavy fines for infractions. I will say that the regulations come into force today (25 May 2018).

Shalom

Posts 877
Paul Caneparo | Forum Activity | Replied: Fri, May 25 2018 1:45 AM

Kevin A Lewis:

Good to hear - for the sake of the company - there are some 'very' heavy fines for infractions. I will say that the regulations come into force today (25 May 2018).

Shalom

My understanding is that during the first 12 months no one will be fined - and that in a year's time enforcement by penalties will come into force. However during the next 12 months companies must be making every effort to comply.

Posts 3165
Whyndell Gizzard | Forum Activity | Replied: Fri, May 25 2018 3:09 AM

Sounds like a law we need here, but stricter. Love to see FB, Google and others like them just go bye, bye.

Posts 89
David Staveley | Forum Activity | Replied: Fri, May 25 2018 3:56 AM

Bob Pritchett:

We are actively working on GDPR issues, and have engaged external advisers with even more expertise. We'll have updates soon.

What is clear from experts in Data Protection legislation in the EU, is that the permissions people have given to websites etc under the old legislation carries over into the new legislation. For example, according to the Information Commissioner (who is the watchdog for the UK's Data Protection Act), the flurry of emails we have all experienced recently asking for us to reconfirm our permissions for various websites (I am from the UK) are completely unnecessary, and in some cases illegal. 

You can read all about it here:

Read Here

Dr David Staveley Professor of New Testament. Specializing in the Pauline Epistles, Apocalyptic Judaism, and the Dead Sea Scrolls.

Posts 145
Dustin Pearson | Forum Activity | Replied: Fri, May 25 2018 5:26 AM

Paul Caneparo:

Kevin A Lewis:

Good to hear - for the sake of the company - there are some 'very' heavy fines for infractions. I will say that the regulations come into force today (25 May 2018).

Shalom

My understanding is that during the first 12 months no one will be fined - and that in a year's time enforcement by penalties will come into force. However during the next 12 months companies must be making every effort to comply.

From Friday, European data regulators can impose fines of up to 4% of global annual sales each time the companies run afoul of the new law.

"There is no grace period," James Dipple-Johnstone, the deputy commissioner of the UK's data protection authority. "We will be looking at the algorithms they use to profit off data to make sure they are fair," he added.

http://money.cnn.com/2018/05/25/technology/gdpr-compliance-facebook-google/index.html

Posts 2248
Jan Krohn | Forum Activity | Replied: Fri, May 25 2018 5:42 AM

Dustin Pearson:

From Friday, European data regulators can impose fines of up to 4% of global annual sales each time the companies run afoul of the new law.

"There is no grace period," James Dipple-Johnstone, the deputy commissioner of the UK's data protection authority. "We will be looking at the algorithms they use to profit off data to make sure they are fair," he added.

I'd like to see them trying to enforce the fine onto a US based business with no EU presence at all. Big Smile

Past IT Consultant. Past Mission Worker. Entrepreneur. Future Seminary Student.
Why Amazon sucks: Full background story of my legal dispute with the online giant

Posts 963
JohnB | Forum Activity | Replied: Fri, May 25 2018 8:42 AM

Don't bet your socks on that. Or anything for that matter.

Errr Facebook would seem to fit into your category yet their boss agreed to be hauled over the coals by the European Commision in person the other week. History tells us that every world power fades away after a time and the USA is not immune from that. neither is the EU come to that. The UK certainly was not immune although many of us in the UK seemed not to have noticed it yet! History also demonstrates the futility of fortune telling by any of us mere humans! 

Posts 3649
Francis | Forum Activity | Replied: Sat, May 26 2018 2:26 AM

It is about time that such measures are implemented although they still lack what would really make them effective: cracking down against "forced consent". The idea of forced consent is that users are in effect coerced to agree to give up personal information in order to use a service although usage does not require such information. A good example of that is how many websites force users to accept cookies. There is no real yes or no choice given. Cookies are often just stated with the option to close the dialog (which is tantamount to saying that since you read it, you agree that to continue on the site you allow the cookie) or one single button that says you accept.

Services like to play on words by claiming that you do not have to accept but these are the terms for using the service. This obviously is problematic when (1) Services have a broader societal impact and have become "standard" (Facebook to sign on many websites, Linkedin, Google account, etc). In the professional world today, it is expected that you will be well connected or it will be a disadvantage; (2) Since nearly everybody does it, "refusing" is not just a matter of doing without one or two services. A systematic refusal of cookies and forced consents would essentially cripple one's ability to use many of the Internet most useful services. Companies are taking advantage of this to force people to give up information they don't really want to give. It has some analogy to professional environments that put pressure on women to "be nice" to the bosses to get advancement. They don't have to (and should not!) but if enough companies do this, the line "you don't have to work here if this does not work for you" is still abusive. 

To return to privacy consent, marketers exploit this widespread situation heavily. "Default" opting in falls in that category and the disclaimer that one can turn it off if they don't want to falls within this area of legal but questionable ethics. I hope that further legislation will stop the madness. Let US websites lose business by continuing not to comply to the new regulations until the US has the guts to show that money is not all that counts. Faithlife also has opportunity to demonstrate a high commitment to ethical business by learning from these regulations and the legitimate concerns they bring out. This means, among other things, moderating marketing pushiness in order to opt for the ethical high ground. Does not seem like it should be very controversial as a question of Christian praxis.

Posts 1691
Robert M. Warren | Forum Activity | Replied: Sat, May 26 2018 4:26 AM

  And lawyers think to themselves, "What a wonderful world." 

Win 10 Android 8.1 Fire OS 5

Posts 781
scooter | Forum Activity | Replied: Sat, May 26 2018 5:23 AM

Francis:
Faithlife also has opportunity to demonstrate a high commitment to ethical business by learning from these regulations and the legitimate concerns they bring out. This means, among other things, moderating marketing pushiness in order to opt for the ethical high ground

I believe I had toset my rig so FL does not collect data on what I do with my resources.  It seems to me I did this several years ago. [I cannot remember how I did this.]

It is my opinion that I never should have had to change the setting to ''no,'' as FL should have never auto-set the toggle to ''yes'' in the first place.

Posts 10039
Denise | Forum Activity | Replied: Sat, May 26 2018 7:15 AM

Francis:

... The idea of forced consent is that users are in effect coerced to agree to give up personal information in order to use a service although usage does not require such information. A good example of that is how many websites force users to accept cookies. ... 

I'm surprised a large paper I read periodically asked me to stop refusing adverts ... their bread and butter. My refusal isn't the adverts .... it's the tracking.   It's like they demand to sit in my kitchen and take notes as I read their paper. Or else.  I'm even happy to subscribe. Just stop the monitoring.

scooter, I'll admit maybe I'm being unfair to Logos. But their corporate personality never seemed to involve customer respect. I very much doubt you're not being watched .. resources, notes, etc. And not implying nefarious. They just view your data as their data ... simple.  I also assume google's embedded. Don't know.

Off-line, copy from an active version is clean. 


Posts 2829
Don Awalt | Forum Activity | Replied: Sat, May 26 2018 11:25 AM

Personal information - prayer lists, notes, clippings, sermons, reading lists, probably history too - are kept on servers, which makes sense as it is a cloud/distributed platform.

But in addition, despite pleading in the past on these forums, this data is NOT encrypted in the cloud. Most don't seem to care about that. I do, which is why any personal note taking and prayer lists are no longer used or kept in Logos.

Posts 963
JohnB | Forum Activity | Replied: Sat, May 26 2018 3:12 PM

Don Awalt:
which is why any personal note taking and prayer lists are no longer used or kept in Logos

That I can appreciate if it involves other people. I personally have nothing i would be concerned about others knowing kept on Logos, But I would not put other peoples information or my personal details which could be used for identity theft on any servers of any organisation whether encrypted or not. As a general rule, for example, I use my correct date of birth with banks and a false on for all other organisations including email providers. I doubt if Logos really needs my correct date of birth as long as they have a consistent one (so I can only get one present a year!)!

Posts 963
JohnB | Forum Activity | Replied: Sun, May 27 2018 1:19 AM

Jan Krohn:
I'd like to see them trying to enforce the fine onto a US based business with no EU presence at all.

A number of USA newspapers (LA Times, Chicago and others) have currently closed access to their web sites from EU countries while they figure out a way to protect themselves against running foul of the regulations. Formal complaints have already been laid against Google, Facebook, Instagram and Whats App  .

Well, before Logos close access to their sites to us EU users perhaps we should wish you outside the EU goodbye!

Hopefully that was an ironic joke of mine in poor taste but who knows.   Logos have my best wishes on trying to navigate through it.

Posts 762
Patrick S. | Forum Activity | Replied: Mon, May 28 2018 12:34 PM

Bob Pritchett:

We are actively working on GDPR issues, and have engaged external advisers with even more expertise. We'll have updates soon.

That is good to hear, however you need to get the external advisers to move faster as the GDPR is now law and FL is definitely not in compliance - and has to be, American company or not.

David Staveley:

What is clear from experts in Data Protection legislation in the EU, is that the permissions people have given to websites etc under the old legislation carries over into the new legislation. 

Except in almost all cases there was no real permission, if someone is holding a gun to your head saying "you agree, don't you" and you 'agree' then it's not really consent freely given.

Jan Krohn:

I'd like to see them trying to enforce the fine onto a US based business with no EU presence at all.

Don't look now... but 'they' will. And don't think the American government is going to 'protect' any US businesses. It's a thing called international treaties - which even the USA has signed up to and has to follow.

Robert M. Warren:

♫  And lawyers think to themselves, "What a wonderful world." ♫

Mmmm, actually in this case it's more the case that people (or, to use the technical term, data subjects) are singing because large corporations who have abused peoples' rights will no longer be able to do it and get away with it. And that's something to sing about.

===========================

The first complaints - from a major privacy NGO, the lawyer who was instrumental in getting the US 'Safe Harbour' agreement scuttled - were submitted on the day the GDPR went into force.

https://techcrunch.com/2018/05/25/facebook-google-face-first-gdpr-complaints-over-forced-consent/

The complaints were submitted against Google, Facebook, Instagram & Facebook.

https://noyb.eu

the total maximum penalties being 7.6 Billion Euro (Mrd is European for Billion).

And as an example of (sorry again American) how some companies have been ‘making hay’ with individuals personal data monetising ( i.e. ‘appropriating’) it with ‘strategic partners’, go to the TechCrunch site (link above) from and EU located computer and click through their full screen permissions popup. They sell your personal data to around 60 companies. They use to do so with impunity, but no longer.

"I want to know all God's thoughts; the rest are just details." - Albert Einstein

Posts 10039
Denise | Forum Activity | Replied: Mon, May 28 2018 2:04 PM

Patrick S.:

Also statements on the privacy page

https://www.logos.com/privacy

such as:

"At times Faithlife may make certain personal information available to strategic partners."

Probably who got prayed for (but not why, of course; competitive information). Kind of like publishing sermon editor.


Posts 2248
Jan Krohn | Forum Activity | Replied: Mon, May 28 2018 2:07 PM

Patrick S.:
That is good to hear, however you need to get the external advisers to move faster as the GDPR is now law and FL is definitely not in compliance - and has to be, American company or not.

All right, suppose China issues a new privacy law that all personally identifiable information by Chinese users has to be submitted to the Chinese government, by all businesses worldwide. Would it apply to US businesses? Yes, of course it would. Would it be enforceable? No...

Patrick S.:
Except in almost all cases there was no real permission, if someone is holding a gun to your head saying "you agree, don't you" and you 'agree' then it's not really consent freely given.

Just except that no-one was holding a gun. If a user didn't want to submit their information to Google, they had every option not to use Google, but alternative services such as DuckGoGo, or keep the browser's privacy mode switched on by default.

Patrick S.:
Don't look now... but 'they' will. And don't think the American government is going to 'protect' any US businesses. It's a thing called international treaties - which even the USA has signed up to and has to follow.

Please name the treaty that forces US businesses to comply with GDPR.

Patrick S.:
Mmmm, actually in this case it's more the case that people (or, to use the technical term, data subjects) are singing because large corporations who have abused peoples' rights will no longer be able to do it and get away with it. And that's something to sing about.

GDPR is silly. It's not restricted to businesses at all. It's far too broad and far too strict.

Is your church GDPR-compliant? Yes, it has to be!! It collects and processes personally identifiable information.

Past IT Consultant. Past Mission Worker. Entrepreneur. Future Seminary Student.
Why Amazon sucks: Full background story of my legal dispute with the online giant

Page 1 of 2 (27 items) 1 2 Next > | RSS