[ rss / options / help ]
post ]
[ b / iq / g / zoo ] [ e / news / lab ] [ v / nom / pol / eco / emo / 101 / shed ]
[ art / A / beat / boo / com / fat / job / lit / map / mph / poof / £$€¥ / spo / uhu / uni / x / y ] [ * | sfw | o ]
logo
work

Return ] Entire Thread ] Last 50 posts ]

Posting mode: Reply [Last 50 posts]
Reply ]
Subject   (reply to 12969)
Message
File  []
close
File
removed
>> No. 12969 Anonymous
10th February 2019
Sunday 10:33 am
12969 No social media
Oldlad here.

I am looking for a job in IT, but I cannot get past the meeting with the HR. Somebody mentioned "Social media presence" to me, since I have absolutely no social media presence. No FB, Instagram, Twitter, nothing at all. Do you think that it could be seen as a malus from those idiotic HR cunts? What should I answer when they ask me why I do not put every single moment of my life on social media? I have nothing to hide, I am simply an antisocial cunt with no friends and family.
21 posts omitted. Last 50 posts shown. Expand all images.
>> No. 12993 Anonymous
10th February 2019
Sunday 4:26 pm
12993 spacer
>>12991

>If you can't work that out from the interactions you have with them, you've got no business being in a position to hire people

Why not sift the arseholes out before I ever have to interact with them?

>it arises from people applying their own judgment in hiring

What if the work involves close quarters, high stress teamwork? Is taking personality out of the equation a good idea then?

>It's very different. Imagine an interview where all you have to go on is CCTV of the candidate answering questions you've written down. No interaction, just observation. Or an interview where you tell the candidate to give you their unlocked phone before you ask any questions.

You're assuming a lot about who I do and don't invite to interview based on their social media profiles.

>You're not in their social circles

If I'm bringing someone in they need to be socially compatible with the rest of the team. It's just how it goes in our industry.

>I'm not even going to bother. Extreme examples make bad arguments.

I admitted as much.

>That's what the construction industry said about their troublemakers. Look where that got them.

Still doing DBS checks?
>> No. 12994 Anonymous
10th February 2019
Sunday 4:49 pm
12994 spacer
>>12993
>Why not sift the arseholes out before I ever have to interact with them?
Like I said, accuracy and specificity.

>What if the work involves close quarters, high stress teamwork?
What if it does? Adjust your questioning as appropriate. It's not my problem if you can't or won't do your job properly.

>You're assuming a lot about who I do and don't invite to interview based on their social media profiles.
Yes, and in my experience those assumptions hold up pretty much every time.

>Still doing DBS checks?
Assuming you didn't just equate posting drunk selfies with being on a statutory register, if you want a DBS check you're more than welcome to pay for one like everyone else to get the same information as everyone else.
>> No. 12996 Anonymous
10th February 2019
Sunday 5:18 pm
12996 spacer
>>12994

I don't know, lad, I get paid to hire people and it sounds like you do too. Maybe both ways work.

What I was saying about the DBS is that most construction jobs still require one despite it often being borderline inappropriate.
>> No. 12997 Anonymous
10th February 2019
Sunday 5:57 pm
12997 spacer
>>12991

If you choose to make certain aspects of your personal life public, then employers are going to make use of that information in their hiring decisions. We could debate the rights and wrongs of that ad nauseum, but the practical reality is that you need to exercise some amount of discretion if you want hiring managers to take you seriously.

I don't really care what you do in your personal life, but I do care about your judgement. To me, having easily-Googleable racist rants or pictures of you being sick in a bin associated with your real name implies a tremendous lack of judgement. If you have no compunctions about embarrassing yourself personally, the odds are fairly good that you'll eventually do something to embarrass the company.

Go to kinky sex parties, hold abhorrent political views, hunt the homeless for sport, I don't really care - just have the common sense to keep it quiet.
>> No. 12998 Anonymous
10th February 2019
Sunday 6:08 pm
12998 spacer
>>12997

>Go to kinky sex parties, hold abhorrent political views, hunt the homeless for sport, I don't really care - just have the common sense to keep it quiet.

This is exactly it. Well said.
>> No. 12999 Anonymous
10th February 2019
Sunday 6:14 pm
12999 spacer
>>12996
>I don't know, lad, I get paid to hire people and it sounds like you do too. Maybe both ways work.
One certainly works better than the other in my experience. That said, I'm in an industry where decent people are few and far between and have a tendency to be eccentric, so the social media filter has an unacceptably high false positive rate.

>What I was saying about the DBS is that most construction jobs still require one despite it often being borderline inappropriate.
There's a reason you need to wear hard hats and toecaps on site. I don't think it's that inappropriate to request a Basic check to see if they have recent convictions for violence, and if you're bringing someone on for a job like a school extension or a hospital refurb you might need a higher level.

Just in case anyone still wasn't aware of this, there was a time where construction firms would check potential hires and contractors to see if they'd raised health and safety issues or engaged in trade union activity.
>> No. 13000 Anonymous
10th February 2019
Sunday 6:16 pm
13000 spacer
>>12996
>What I was saying about the DBS is that most construction jobs still require one despite it often being borderline inappropriate.

Interested in why you say that. In my line of work I get DBS checked for every job (I have access, or control access, to huge amounts of personal information, payment cards and actual money). I don't know anything about construction, I guess they have a big problem with casual workers, who might or might not then follow appropriate safety rules?

I thought the scandal a few years back was about companies getting together and sharing lists of potentially "difficult" employees, which does feel out of order. What am I missing?
>> No. 13001 Anonymous
10th February 2019
Sunday 6:17 pm
13001 spacer
>>12999
>Just in case anyone still wasn't aware of this, there was a time where construction firms would check potential hires and contractors to see if they'd raised health and safety issues or engaged in trade union activity.

Ah thanks, my >>13000 post crossed this while I was typing. That is pretty outrageous.
>> No. 13002 Anonymous
10th February 2019
Sunday 6:20 pm
13002 spacer
>>12997
>If you choose to make certain aspects of your personal life public
Posting on social media does not make your personal life public any more than leaving company-confidential documents accessible to all staff makes them public, or parking your car on a public street makes it public.

>To me, having easily-Googleable racist rants or pictures of you being sick in a bin associated with your real name implies a tremendous lack of judgement.
You're entitled to your opinion. You're also entitled to be wrong. It's a bit hypocritical to expect your staff to respect boundaries if you're not going to do so yourself.
>> No. 13003 Anonymous
10th February 2019
Sunday 6:22 pm
13003 spacer
>>12999

>That said, I'm in an industry where decent people are few and far between and have a tendency to be eccentric, so the social media filter has an unacceptably high false positive rate.

Funnily enough I could say the exact same thing about mine. We hire a lot of criminals and weirdos at the lower end of the payscale. Vetting people via social media is almost a necessity here to avoid people who bring four tins of stella to their interview, or are arrested at the train station half an hour before you're due to meet. Both real examples. Perhaps both were still suited to the job, but perhaps it's smarter to not take the risk.

Of course once you start hiring for non-entry level positions and management, I can agree that maybe you would lose some perfectly excellent eccentrics, but as has been said, I think it just demonstrates competency to keep that sort of thing off the public internet, especially while actively applying/interviewing for jobs.
>> No. 13004 Anonymous
10th February 2019
Sunday 6:27 pm
13004 spacer
>>12997
>Go to kinky sex parties, hold abhorrent political views, hunt the homeless for sport, I don't really care - just have the common sense to keep it quiet.

Agreed in spades. If I google your name and find evidence you do some of these things, then I am naturally going to worry about how you'll get on with the Polish people, the gayers, the women in my team, let alone the posho's we actually work with most days. You can do all of those things and worse in your spare time, if you keep it private and I would defend to the death your right to do those - but if you're regularly posting that shit publicly then I am going to assume you're happy to bring it to work.
>> No. 13005 Anonymous
10th February 2019
Sunday 6:27 pm
13005 spacer
>>13000
>>13001
Yeah, the whole social media filter just strikes me as a way of identifying "potentialaly difficult" employees for a new generation. I believe that at least one company that tried providing this as a service folded in the face of potential legal action.
>> No. 13006 Anonymous
10th February 2019
Sunday 6:31 pm
13006 spacer
>>13003
>Vetting people via social media is almost a necessity here to avoid people who bring four tins of stella to their interview, or are arrested at the train station half an hour before you're due to meet.
Why do you need to avoid them? I'd say that in both cases they both successfully ruled themselves out at interview stage.
>> No. 13007 Anonymous
10th February 2019
Sunday 6:34 pm
13007 spacer
>>13004
>then I am naturally going to worry about how you'll get on with the Polish people, the gayers, the women in my team, let alone the posho's we actually work with most days
If your business is more than just a front for laundering money or fiddling taxes, then you have policies and procedures in place to deal with this, and you should not be afraid of applying them. Don't try them and convict them for something they haven't actually done yet.
>> No. 13008 Anonymous
10th February 2019
Sunday 6:35 pm
13008 spacer
>>13006

>Why do you need to avoid them?

Saves time and money. There's no reason to wait for someone to rule themselves out at interview stage if they can rule themselves out at 'okay I've googled them, good lord what are they doing to that monkey' stage a month earlier.
>> No. 13009 Anonymous
10th February 2019
Sunday 6:36 pm
13009 spacer
>>13007

>Don't try them and convict them for something they haven't actually done yet.

Might as well hire everyone and just fire the shit ones, then.
>> No. 13010 Anonymous
10th February 2019
Sunday 6:36 pm
13010 spacer
>>13005
The difference here though is that people are willingly making that information public - and that says something about their judgement as someone earlier put so eloquently. Not sure that is the same as construction companies secretly building a shared list.

There are companies that do background checks though, plenty of them, and I've not doubt social media postings form part of their work. It might not be so overt, but it's happening.

I recently heard of a project where people were using TripAdvisor data to form a view around credit worthiness. This shit is going on, now.
>> No. 13011 Anonymous
10th February 2019
Sunday 6:44 pm
13011 spacer
>>13008
>There's no reason to wait for someone to rule themselves out at interview stage if they can rule themselves out at 'okay I've googled them, good lord what are they doing to that monkey' stage a month earlier.

I don't know, I'd say "it's none of your fucking business" is a pretty good reason.
>> No. 13012 Anonymous
10th February 2019
Sunday 6:58 pm
13012 spacer
>>13011

You seem to be having an emotional reaction to a practical reality.

As said countless times in this thread, nobody gives a fuck what you do at home, but if you're broadcasting it over the internet, then you're a fucking idiot who can't be trusted to be competent and doesn't understand how jobs work.

And yes, I do consider, in 2019, that leaving your facebook non-private counts as 'broadcasting'.
>> No. 13013 Anonymous
10th February 2019
Sunday 7:02 pm
13013 spacer
>>13010
>The difference here though is that people are willingly making that information public
We've been through this before. It doesn't matter. It doesn't erase the expectation of privacy, and it doesn't mean you're not violating boundaries by looking for it.

>There are companies that do background checks though, plenty of them, and I've not doubt social media postings form part of their work.
My experience is that this is more likely than not a myth. Companies that do background checks basically centralise work eligibility, DBS, DVLA, credit, employment history, etc. By law, they also have to get your explicit consent to do so, so they will tell you what they're looking up, and none of the agreements I've read (and I do actually read them) have ever said anything about social media.

>I recently heard of a project where people were using TripAdvisor data to form a view around credit worthiness. This shit is going on, now.
I can see a case for doing this for businesses, but for individuals this would be very much illegal under GDPR unless the users have been explicitly told that this will happen. (No, small print in the privacy policy does not cut it.)
>> No. 13014 Anonymous
10th February 2019
Sunday 7:09 pm
13014 spacer
>>13012
>As said countless times in this thread, nobody gives a fuck what you do at home
Evidently someone doing a social media check cares, otherwise they wouldn't be looking in the first place. If you really don't care what they're doing at home, then you also don't care where they talk about it. There's no way around that without rationalisation.
>> No. 13015 Anonymous
10th February 2019
Sunday 7:14 pm
13015 spacer
>>13013
Most people will tick any box and (accidentally, perhaps) give that explicit consent if they're given a job offer/offer of credit that they like the look of, "subject to background checks". You can argue with the morality of that, and GDPR has certainly made some of the worst dark patterns explicitly illegal, but most people don't turn down those offers because of privacy issues.
>> No. 13016 Anonymous
10th February 2019
Sunday 7:31 pm
13016 spacer
In case anyone's still confused by employers looking at social media before hiring people, the legal position under GDPR is roughly this:

- An external candidate is not an employee, and is therefore not subject to your internal policies. Therefore, you must obtain informed consent before viewing their profile in association with the recruitment process.

- You must inform the candidate explicitly what you're looking for and why, before you do it. If challenged, you must be able to provide a legal basis for doing so.

- You must access only information that is relevant to job performance. You must not access information that is mostly irrelevant to go fishing for something that might be relevant. Consequently, a profile being publicly visible does not automatically grant consent to view it for the purpose of recruitment.

In practice, this means:
- You can look up someone's LinkedIn, because it's assumed to be a professional profile.
- You can look up someone's Facebook profile if it's a professional profile that they explicitly and intentionally use to sell themselves.
- You probably can't look up someone's personal Facebook profile, even if it's set to public, without their explicit consent to do so, and if they refuse you cannot draw adverse inferences.

I can see why some people might want to look for questionable pictures on Facebook, but GDPR isn't on your side.
>> No. 13017 Anonymous
10th February 2019
Sunday 7:39 pm
13017 spacer
>>13016
Fantastic.
>> No. 13018 Anonymous
10th February 2019
Sunday 7:40 pm
13018 spacer
>>13015
>(accidentally, perhaps) give that explicit consent
By definition, you cannot accidentally give explicit consent. GDPR is fairly clear that burying it in small print does not count as "explicit consent", and it's also fairly clear that you can't make the process conditional on consent unless it's literally impossible without it. For instance, if you're FCA regulated, then you have to do credit checks on potential employees, and if someone does not consent to a credit check then you quite literally cannot fulfil your obligations. Social media profiles aren't remotely the same.
>> No. 13019 Anonymous
10th February 2019
Sunday 7:41 pm
13019 spacer
>>13016
I understand GDPR very well, I've been a nominated DPO and dealt with the ICO on actual live complaints. It's clear you do too (and I read every contract and every T&C as well, we're cut from some of the same cloth lad)

But what is better advice to give people?

- Post whatever you like in a public forum about your sexual deviancy and drug-taking, and when you don't get that job or loan, make a complaint to the ICO and make a second complaint seeking discovery of all the notes the company made about you?

- Don't post contentious things in public, if you don't want people to find them

(As an aside, I recently had to teach an HR department that all notes made during an interview were discoverable). One of these options is the law, but suing a new/potential employer probably isn't going to get you very far, and isn't going to be great for your career at that organisation if you win. The other is just practical advice so that you don't get tied up with this, and probably gets you that job or loan or whatever you really want, while still allowing you to live your own life.
>> No. 13020 Anonymous
10th February 2019
Sunday 7:44 pm
13020 spacer
>>13018
This is exactly how it should be, great news and fine work. All we need to do now is stay in the EU.
>> No. 13021 Anonymous
10th February 2019
Sunday 7:54 pm
13021 spacer
>>13020
It's okay, GDPR got copied into the Data Protection Act 2018, so still all applies after we Brexit.
>> No. 13022 Anonymous
10th February 2019
Sunday 8:01 pm
13022 spacer
>>13019

Also, just don't write 'is a slag on facebook' in the margins of the CVs you're sifting, and you'll probably be fine.
>> No. 13023 Anonymous
10th February 2019
Sunday 8:03 pm
13023 spacer
>>13022
One of them was prone to writing "seems like a wanker/cunt" on the CVs after interview. Had to use my best mansplaining patient voice on why this was a bad move.
>> No. 13025 Anonymous
10th February 2019
Sunday 8:09 pm
13025 spacer
>>13023

Oh dear.

I just shred the bad ones, not sure I've ever done much more than circle and underline on someone's CV, mostly for that reason.

I did have a spreadsheet with all of the staff I was responsible for complete with descriptions of them and their skills or lack thereof. It was all very diplomatic and not directly offensive, but I kept it encrypted and on a drive on my keyring for a reason. I don't know what HR would have said but it's hard to remember 300 peoples names and faces innit.
>> No. 13026 Anonymous
10th February 2019
Sunday 8:13 pm
13026 spacer
>>13025
I have similar - just use codenames when referring to them.

This has been a very enjoyable discussion.

I don't share some other posters idealism about GDPR, and have spent a lot of time with a lot of organisations implementing it. Just because something is illegal, and there are better protections than we used to have, doesn't mean people won't violate your privacy.
>> No. 13028 Anonymous
10th February 2019
Sunday 8:16 pm
13028 spacer
>>13019
>I understand GDPR very well, I've been a nominated DPO and dealt with the ICO on actual live complaints. It's clear you do too (and I read every contract and every T&C as well, we're cut from some of the same cloth lad)
As a user of .gs I have a solemn duty to maintain its reputation as a place for pedantic arseholes.

>But what is better advice to give people?
While I don't doubt your good intentions, your example basically comes across as "don't dress provocatively if you don't want to get raped". Your argument seems to be that applicants should not be entitled to expect potential employers to not break the law.

>(As an aside, I recently had to teach an HR department that all notes made during an interview were discoverable)
In a past employer, before GDPR, I was told by HR to document evaluations in copious detail. Don't make any decision or form any opinion on the candidate that you can't write down. Apparently they'd received an ET claim (failed promotion) where the lawyer's arguments included that the panel had taken into consideration things that weren't written down on the interview form, and when HR asked the hiring manager they were unable to unequivocally deny it.
>> No. 13029 Anonymous
10th February 2019
Sunday 8:20 pm
13029 spacer
>>13026

Mostly mine was to remember names of foreigners, quite honestly. I'm good with remembering people in general but if I don't see someone for three months I'm not likely to remember that their name is Sachidananda right off the bat, and I think it's a nice little Power Move to never have to ask.

>Just because something is illegal, and there are better protections than we used to have, doesn't mean people won't violate your privacy.

Exactly. I'm quite confident that if I posted a picture of my balls on instagram I couldn't be legally turned down for a job because of it, nor ever have to hear about it from a potential employer, but that doesn't mean I wouldn't be a bit of a lost cause for doing it anyway.

That's what this place is for.
>> No. 13030 Anonymous
10th February 2019
Sunday 8:44 pm
13030 spacer
>>13028
>a place for pedantic arseholes
It's what makes us great.

>applicants should not be entitled to expect potential employers to not break the law.
Employers will do the bare minimum to be compliant and plenty of their staff will continue to skirt/break the law. I'm sure eventually someone will be brave enough to challenge the system, even though it will almost certainly ruin their own personal career, and over time case law will be built up that encourages and makes companies to do better, but right now? No.
>> No. 13031 Anonymous
10th February 2019
Sunday 9:00 pm
13031 spacer
>>13029
>their name is Sachidananda right off the bat, and I think it's a nice little Power Move to never have to ask

Would work for you. One of my Boss Moves is to always ensure that you learn how they pronounce their own name, rather than conjure up an anglicised version; a tiny bit of showing you care about someone.
>> No. 13032 Anonymous
10th February 2019
Sunday 9:08 pm
13032 spacer
>>13031

That's fair, I'm apparently pretty good at mimicking pronunciations and people seem genuinely happy when an english fucker finally says their name right. I've been told quite a few times I really sound like I have a romanian accent when I say one of the many insults I've learned over the years.

Futu-ti mortii matii
>> No. 13033 Anonymous
10th February 2019
Sunday 10:20 pm
13033 spacer
>>13016

That's an extremely conservative interpretation of GDPR.

>An external candidate is not an employee, and is therefore not subject to your internal policies. Therefore, you must obtain informed consent before viewing their profile in association with the recruitment process.

Consent is not the only lawful basis for the collection of personal data. Art. 6 gives six grounds, the relevant one being:

Processing shall be lawful only if and to the extent that at least one of the following applies:

(f) processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.


If I have a legitimate interest in processing your personal data, I can do so unless my lawful interest is overridden by your fundamental rights and freedoms. If you have chosen to leave your social media settings to "public", you'd have a hard time arguing that you had a reasonable expectation of privacy with respect to that data. The obvious example of lawful collection of personal data without consent is CCTV - if I put up CCTV cameras outside my shop, I don't need to get explicit consent from everyone who walks past but I do need to make sure that the camera isn't peering into someone's bedroom.

>You must inform the candidate explicitly what you're looking for and why, before you do it. If challenged, you must be able to provide a legal basis for doing so.

Ish. Art. 14 states that the subject must be provided with certain information when personal data has been obtained from a third party (Facebook or Twitter are a third party), but Para 3 does not require notification in advance of collection, only notification "within a reasonable period after obtaining the personal data, but at the latest within one month".

>You must access only information that is relevant to job performance. You must not access information that is mostly irrelevant to go fishing for something that might be relevant. Consequently, a profile being publicly visible does not automatically grant consent to view it for the purpose of recruitment.

Nope. Art. 5 (1) (c) states that personal data should be "limited to what is necessary in relation to the purposes for which they are processed", but there's no clear line as to what is necessary or relevant. Several employment tribunals have held that dismissal because of comments made on social media can be fair. If I can lawfully dismiss someone because of what they said on social media, it's reasonable to argue that their public social media activity is materially relevant to my hiring decision and so fair game under Art. 6 (1) (f).
>> No. 13034 Anonymous
10th February 2019
Sunday 10:24 pm
13034 spacer
>>13033
>That's an extremely conservative interpretation of GDPR.

I thought the same - too many roughly/probably in there. I think you're spot-on suggesting Legitimate Interest as a basis; people mistakenly think Consent is the only option..
>> No. 13035 Anonymous
10th February 2019
Sunday 10:46 pm
13035 spacer
>>13033
>Consent is not the only lawful basis for the collection of personal data.
Correct, but the alternative is "legitimate interest", and the consensus in HR circles is that for personal social media profiles that almost certainly isn't going to fly.

>if I put up CCTV cameras outside my shop, I don't need to get explicit consent from everyone who walks past but I do need to make sure that the camera isn't peering into someone's bedroom.
True, but you do have to put up prominent signage to say that you're recording, complete with contact details for whoever's operating it, and you can't use the images for anything other than "legitimate interests" like crime prevention.

>Art. 5 (1) (c) states that personal data should be "limited to what is necessary in relation to the purposes for which they are processed"
... and quite clearly the contents of personal profiles are not necessary in relation to the purpose of recruitment.

>If I can lawfully dismiss someone because of what they said on social media, it's reasonable to argue that their public social media activity is materially relevant to my hiring decision and so fair game under Art. 6 (1) (f).
No, these are two very different things. The basis for lawfully dismissing someone because of what they said on social media is that you have a policy on social media use which applies to them as an employee and which they have breached. In the circumstances, a breach has been alleged and you have a legitimate interest in verifying whether or not a breach has occurred. A candidate who is not already an employee is not subject to that policy, and therefore that legitimate interest does not arise.
>> No. 13037 Anonymous
10th February 2019
Sunday 11:10 pm
13037 spacer
It's a larger topic, outside the context of the this thread - but as we're getting into the weeds of GDPR, perhaps relevant.

A couple of years ago when I started the GDPR journey, I stood in front of a lot of Boards and senior directors of various kinds of organisation, giving them my privacy zealot view that "it was all about Consent" - I tried to convince people that that was really the only and best way, that the entire set of principles had that at its heart; despite that, many of them actually continued with the things they were doing around data collection as Legitimate Interest. I was quite disappointed with that, and that's actually where my lack of idealism about it comes from.

More organisations are using Legitimate Interest than you think; very few are doing clear, unambiguous, informed Consent. As I said earlier in the thread, we need to wait for someone to challenge this and for case law precedent to be set.

The fact that all three of us can't agree, despite clearly having some level of experience with the regulation, shows how ambiguous some of this is. I'm sure the ICO will get the egregious, terrible examples that people complain about, but there is a lot of grey here.
>> No. 13038 Anonymous
10th February 2019
Sunday 11:23 pm
13038 spacer
At the last company I worked at, they liked to do things right, not least because they needed a licence to operate and regulatory failings could mean losing it, and the entire business with it.

We workshopped it for a bit with people from HR and legal, and figured that for tech roles we could make an argument of legitimate interest for LinkedIn and GitHub, and possibly the front page of someone's Facebook profile. We concluded that digging into someone's profile was risky, and openly searching for "second-order sharing" (i.e. your posts being re-posted or re-shared) was right out. As a result, the rule was that you could look for that person's name on LI, their alias on GH, and directly searching for them on FB, but simply Googling would be verboten. The senior staff manage to enforce the policy on themselves because they understand the existential threat to the business.
>> No. 13039 Anonymous
10th February 2019
Sunday 11:28 pm
13039 spacer
>>13037

>The fact that all three of us can't agree, despite clearly having some level of experience with the regulation, shows how ambiguous some of this is. I'm sure the ICO will get the egregious, terrible examples that people complain about, but there is a lot of grey here.

Until there's more precedent, we just don't know. Clearly some people (>>13016) are taking the cautious route and interpreting the GDPR as broadly as possible to avoid the risk of a breach, while others (a lot of my clients) are sailing as close to the wind as they dare.

The GDPR is broadly a good thing, but I think it's simply naive to expect it to protect you. There's still a lot of legitimate disagreement over exactly how the regulations should be interpreted. Worse, the saga of The Consulting Association shows that a lot of employers are willing to flagrantly disregard the law when it suits them.

It'd be nice if every company were committed to both the letter and the spirit of the GDPR, but that's clearly not the world we live in.
>> No. 13040 Anonymous
10th February 2019
Sunday 11:40 pm
13040 spacer
>>13037
The impression I've got is that positive consent trumps all. You could use the alternatives, but everything is so much easier if you just get consent. When it comes to arse covering, the other grounds available to most controllers are bits of paper in various shapes and sizes, whereas consent is a nuclear bunker. If you get your consent process right, a massive heap of complexity is pretty much completely bypassed.

The one organisation I've seen try and do differently is the NHS. Given the circumstances they work in, relying on consent is risky when your patient's first contact might be in an unconscious state.
>> No. 13041 Anonymous
10th February 2019
Sunday 11:45 pm
13041 spacer
>>13038

> The senior staff manage to enforce the policy on themselves because they understand the existential threat to the business.

It really isn't an existential threat, although it's convenient that some people believe that it is. The ICO get very grumpy very quickly if you blatantly disregard the regulations, but their default action is simply a stern telling off.

Reading through their history of enforcement shows that they're sensible bordering on soft - the only people getting big fines are persistent pisstakers. The enforcement action against AggregateIQ shows just how far you can bend the regulations without actually getting a monetary penalty:

https://ico.org.uk/media/action-weve-taken/enforcement-notices/2260123/aggregate-iq-en-20181024.pdf
>> No. 13042 Anonymous
11th February 2019
Monday 12:05 am
13042 spacer
>>13041
>It really isn't an existential threat, although it's convenient that some people believe that it is.
As I said, in that particular case, the "existential threat" comes not from the GDPR itself, but the impact it could have on the company's regulatory approval, without which it cannot operate. Some of the SMT there are cunts, but they still know how their bread is buttered.
>> No. 13043 Anonymous
11th February 2019
Monday 3:50 pm
13043 spacer
>>13035
> and you can't use the images for anything other than "legitimate interests" like crime prevention.
What can prevent me from running facial recognition on the shots and using the resulting data for something as long as I don't get caught?
>> No. 13044 Anonymous
11th February 2019
Monday 3:53 pm
13044 spacer
>>13043

If you don't get caught, you can do what you like. It's the same with shoplifting, or murdering sex workers.
>> No. 13045 Anonymous
11th February 2019
Monday 4:29 pm
13045 spacer
>>13044
Practical reality, innit. If someone's got a gun to your head, no law is going to prevent them from pulling the trigger.
>> No. 13046 Anonymous
11th February 2019
Monday 6:52 pm
13046 spacer
I seem to have missed this thead but I have an Instagram that I wouldn't give to anyone work related (it's basically Judo lads + family) and I have a facebook that I haven't logged into since 2015 and a LinkedIn that I haven't logged into since 2012.

I work in IT and no one has ever asked me for my online presence as part of the interview process. Indeed, if anything being under the radar counts for rather more.

Return ] Entire Thread ] Last 50 posts ]
whiteline

Delete Post []
Password