Brace yourselves. This one’s kind of a doozy.
Last week’s tasks:
- Discarding old medical equipment – Done.
- Budget – No progress. I blame the EU. See my diatribe below.
This week’s tasks:
- Budget, if I have time left over
Conceptual modeling is trundling along. Not quickly but pretty steadily. A blog post by Ron Jeffries got me thinking again about how agile software development could apply to my other projects. Jeffries recommends very short iterations for delivering usable versions of your software–a week or a day. Could I post a substantial revision of my modeling project every week? It’s a goal I’d like to work toward. I think it’d mean mechanizing my writing process somewhat, the way programming is fairly mechanized with a lot of regular idioms.
Last week I was listening to Nassim Taleb’s book The Black Swan and wondering what unexpected event might throw off my project planning. Life delivered in a jiffy! The Black Swan of the General Data Protection Regulation.
I wish GDPR were a type of ASMR, but no. GDPR is an EU regulation (nicely formatted here) that lets European users exercise more control over data that organizations have about them. It lets them request the information an organization has about them, export it, have it deleted, and know it’s only being used with their consent and for its stated purpose. The regulation was created two years ago but goes into effect this Friday. It’s a great idea, in principle. Businesses have been sloppy and self-serving in the ways they handle their customers’ data, and it’s resulted in a lot of data breaches and creepy tracking of user activity.
But protecting that data GDPR-style means organizations have to do a lot more record keeping. Also possibly rewriting software, buying new software, hiring more data protection experts and lawyers, rewriting contracts with their data-handling vendors, and replacing vendors that don’t comply with the regulation. The exact requirements aren’t clear, however. To hear some tell it, the regulation is 88 pages of ambiguity, and opinions differ on who has to do what. Some articles offer 5 easy steps to GDPR compliance. But on a stricter interpretation, the burden can be monstrous, especially for a small enterprise with small resources.
And then there are the fines–up to €20 million or 4% of your annual revenue. But each case will (allegedly) begin with warnings, and the fines will (allegedly) be proportional to the circumstances.
When I read about GDPR a few months ago in headlines about Facebook, I knew nothing about it and assumed it had nothing to do with me. Big companies are always facing legal confrontations. But then a couple of recent tweets related to freelancing made me wonder if I should make some adjustments myself, and toward the end of last week the topic had engulfed my attention. The research kept me up late wringing my hands.
At first this reaction was only sympathetic. I was appalled that the EU would place such onerous requirements on even small businesses. It pushed my buttons. But while I do some freelancing, my clients aren’t European, so GDPR didn’t really seem to apply to me.
But I do run my own website, and it collects the IP addresses of visitors like all websites do, and I let people post comments, which requires them to enter an email address. Gradually I realized this might mean I fall under this draconian legislation. But maybe not? See-sawing on that question has been painful.
Everything I’ve just said about GDPR took me a lot of time to figure out. Hence the hand wringing. It’s less the fines I worry about than simply having the legal system’s attention at all. It just seems like trouble. So does complying. A rock and a hard place.
Fortunately, this is just a low-traffic blog, and it’s not likely any regulator will notice it anytime soon. But over the next few days you might notice some changes around here as I try to follow GDPR’s clearer and more relevant requirements. Some of the site’s features might eventually go away. I’m planning to follow a stairstep plan where I degrade the site in major ways only as each becomes necessary. I’ll also have an eye out for ways GDPR degrades the web in general.
I’ve drawn a few personal conclusions from this little adventure:
- User data is radioactive waste. Try to avoid it.
- Never start a business. GDPR isn’t the only regulation to deal with, and there will only be more in the future. I come up with business ideas from time to time, but now they’ll be discarded. Too much trouble.
- Never run an online hobby project. The days of treating the web as a developer playground are basically over. This is the saddest part for me. I’ve had ideas to try, but now that would be a mistake. At least it shortens my project list.
- Maybe don’t even sell over online marketplaces like Amazon. Your customers might not be Europeans, but how long before the US passes a similar law? At least now I can stop procrastinating on selling my books. Amazon felt like it’d be a pain anyway. Half Price Books is a less lucrative but much simpler option.
- If I ever create an AGI, one of its first roles will be to deal with the law for me. I sometimes joke that I have an army of minionbots that do my bidding whenever I want to make mischief for my friends. I have spybots, attackbots, and whatever else I make up. The lawyerbots might become a reality.
Having said all that, GDPR does have some upsides for me:
- It’s gotten me interested in learning about the EU (and euroscepticism). It’s fun to have new topics to research and follow.
- It’s actually a nice example of conceptual modeling. Yeah, it could be clearer, but it’s laid out more or less the way I would. It could be worth studying for that project.
- It might get me to learn about data security. I’ve read that the reaction to GDPR from data security professionals is one of relief and triumph–finally, everyone has to follow their advice! It’s just that it’s more pleasant to learn about these things when a dragon’s not breathing down your neck.
In the middle of my GDPR angst, our workplace held a company-wide minigolf event. It was to celebrate the completion of the department moves and recarpeting that’s been happening over the past few months. Each area of the building created its own hole, and we split into teams by department and played through them. We ended with a pizza lunch for National Pizza Party Day.
Participating in all this was optional. It was the kind of thing I could easily see myself skipping, but I decided to sign up to play, and I’m glad I did. It was fun, and it got me to be a little more social than I usually am at work. (I have it in mind to change that, by the way, but it’s a project that’ll have to wait its turn in line.) And my score wasn’t too bad, pretty much in the middle of our team’s scores, which is where I often end up when I play games. I’m mostly satisfied with that position.
Also the minigolf took my mind off GDPR for a while, which was nice.
Our department’s hole, called Galley Alley, for our company-wide #minigolf event. The lane was made by my fellow ebook developer and a production assistant. The tee pad is a Bible sample cover. The lane walls are galleys on top of reams of printer paper. The water trap is a Nook tablet with a watery screensaver (with a one-stroke penalty for hitting it). The sand trap is a scrap of leatherlike cover material. Par was 3.
I spent basically all Saturday continuing my GDPR obsession. But I took some time out of my unproductive day to waste time on general social media. A post on Reddit caught my eye. It was about learning by programming, which is the approach I want to take to relearn math. The poster wanted to use it to learn some biology, but they asked for resources on learning that way in general, so I replied.
Well, my reply got the attention of someone else who sent me a private message about collaborating on relearning math. I was expecting to put off that project till after I got somewhere on modeling. So now I need to decide whether this is a good time to return to it anyway (once I’m past GDPR). I’m always in danger of putting things off too long.