‘They’ (I.e. government agencies/PPP) actively exploit weaknesses or institutionally create them. Personal favorite is the backdoors built into TETRA, which is used for mainly government purposes (law enforcement, emergency services). ETSI acts as a strawman for government interest and serves no cause other than that of its masters. That bugs me to no end because this does not serve any purpose.

https://www.zetter-zeroday.com/interview-with-the-etsi-standards/

That’s a valid point and relates to a nation’s sovereignty. If they don’t recognise an EU legislation, it will be difficult. That’s why overarching legal frameworks exist to allow one country to enforce court decisions in another country. The EU uses this: https://eur-lex.europa.eu/legal-content/EN/ALL/?uri=CELEX%3A32012R1215. Other countries have treaties.

In other cases, if no treaty exists it could require starting legal proceedings in the country where the company resides. For instance, Australia. And through local arbitration enforce a court decision, based on the legal framework of the country of residence. It needs no explanation this is expensive and time consuming.

I’m not a lawyer and not sure if a EU-Australia treaty exists but wouldn’t be surprised. It’s more complex than just having or not having a treaty.

Assuming you’re a EU citizen, you could file a compliant with your regulator. For instance, the UK has the ICO (Information Commissioners Office). They would, based on severity, risks and their own investigative priorities, make a decision on whether or not to actively pursue your complaint. Generally speaking, it would have to be a pretty big issue to warrant an investigation because of the sheer amount of complaints and data breaches.

Assuming they have both their resources and priorities aligned on your complaint, they could

• request information regarding the matters in your complaint (proof on way of working, how the matter should be settled, etc)
• start a limited investigation (there could be something amiss but it doesn’t seem to warrant a full investigation
• start a full investigation with the aim to ascertain compliance with GDPR

The specifics can vary depending per member state and generally speaking are set out in the GDPR. If a company outside of the EU has been processing PII and does not comply materially with the GDPR they can fine them. Furthermore, they can order a stop of any data transfer out of the EU to the company or its sub processors to effectively stop all processing.

Basically, your complaint can lead to a company having the living daylights fined out of them, regardless of wether they themselves operate in the EU.

No, because by processing EU personally identifiable information a non EU company becomes a data controller / processor as defined by GDPR and has to comply with its requirements including data subject rights, such as the right to access, rectification or deletion.

Well, they can still tell you to kick rocks obviously, in which case you could report this to your EU regulator as empowered by the GDPR. If a regulator decides action is necessary this would follow the sanctions as set out in GDPR (maximum of 10 million or 4% gross worldwide annual turnover).

Total dumpster fire but solid interview

I’m trying to be more active. It doesn’t come naturally as I’m generally a lurker. Good vibes help though

I’ve dabbled on Mastodon but it’s not my style. Never was one for twitter. Still getting familiar with the whole Fediverse concept though so if there are any resources or communities anyone would like to recommend I’d be grateful

Already deleted all content a couple of years ago and was just lurking. Did notice that it became a chore, especially when boys became prevalent. Forced closure of 3rd party apps was the straw that broke this camels back. It’s a shame because it’s been roughly ten years or so and Reddit truly devolved