Stories
Slash Boxes
Comments

SoylentNews is people

Your business passed the GDPR challenge — but SCA is next

posted by mrpg on Tuesday May 14 2019, @10:00AM   Printer-friendly
from the ohoh dept.

An Anonymous Coward writes:

Europe is bracing itself for a big shake-up in how we pay for things online, which will have significant consequences for businesses across the region. Similar to how GDPR hugely impacted how millions of organizations handle personal data when it was enforced last year, Strong Customer Authentication (or SCA) will have profound implications for how businesses handle online transactions and how we pay for things in our everyday lives when it is enforced on September 14.

SCA will require an extra layer of authentication for online payments. Where a card number and address once sufficed, customers will now be required to include at least two of the following three factors to do anything as simple as order a taxi or pay for a music streaming service. Something they know (like a password or PIN), something they own (like a token or smartphone), and something they are (like a fingerprint or biometric facial features).

https://thenextweb.com/podium/2019/05/10/your-business-passed-the-gdpr-challenge-but-sca-is-next/

Original Submission

 
This discussion has been archived. No new comments can be posted.
Your business passed the GDPR challenge — but SCA is next | Log In/Create an Account | Top | 65 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2) by edIII on Wednesday May 15 2019, @07:08PM

    by edIII (791) on Wednesday May 15 2019, @07:08PM (#843930)

    Soylent does delete spam. They have banned users and removed their comments. Thus the facility exists. It may not be on a GUI but try arguing that to a judge... this is exactly my point. The first time you get a proper legal request, you can cry to mommy about how it's absolutely impossible if you like... then someone will point to a post where the editors did *just that*. And then you're in for contempt of court as well as failing to comply. Or you can craft a small bodge-script that works for now, and start plumbing in features to allow this facility in the future.

    You're incorrect, and TMB corrected you properly. Also, ease up a bit on the crying to mommy. Nobody is saying it is impossible, but if you LISTEN, you would hear just how difficult it was. You think you're the only one that knows SQL and how to manage data structures?

    Obviously it can be designed, and is technically possible. Others have pointed out the super obvious too; If you need those data rows for system integrity, you can modify them, not delete them. If we had an ID that used to belong to somebody, it's easy to overwrite their information. Maybe even easier to just use the AC ID, assuming there is a dedicated ID for AC.

    This isn't a technical discussion, but a philosophical one....

    The philosophy of free speech and historical record is an entirely other matter. But if you don't want your site brought by under legal writs, if you don't want it to be spammed to oblivion by people posting, say, links to the worst kinds of illegal content, then you have to have the facility to delete or overwrite. You can do that manually, which may well be how it's being done now. But the problem will only ever get worse. Adapt or be swamped in problems when it does start getting common.

    A law is not inherently correct. No, we do NOT need the ability to erase posts. This isn't a file sharing site, nor it is intended to be. Illegal content? You mean unpopular speech and attempts to suppress said speech and control the "narrative"? No. You will be held accountable for what you say in the public view, and it isn't in the interests of the public to allow people to scrub history because they made mistakes.

    Suggesting that a bog-standard tech forum based on open-source code that you and I can read and find a way to "delete" comments is somehow more protected than, say, a Google search for illegal content, the Internet Archive, or major press associations (all of whom will also have to comply, and all of whom already have those facilities and use them every day) is so far past ridiculous that it really cuts into your credibility.

    I didn't say that, so none of what you said there means anything with regards to my credibility. Again, you're not the only database programmer, and this isn't a technical issue. Go chat up TMB about the issues with the current data structures though. There ARE issues with THIS site and its code base that currently preclude the easy use of the "DELETE" in an SQL statement. If you have any skill at all with databases, and don't wish to damage *your* credibility, than you of course recognize that there could be issues deleting rows that are referenced elsewhere. I don't know anything about the data structures (ask TMB), but I generously code in foreign key constraints that are configured to reject DELETE statements when the ID is in use anywhere else.

    P.S. If you think either Soylent or Slash ever avoid removing comments, I can only tell you that you're wrong. If you think they are above the law, or can even afford a lawyer to fight, you're wrong. And if it's likely to happen more in the future for all kinds of reasons, then getting tools to do this automatically rather than spending time trying to comply manually (and messing up because you forget a step) is the techy/open-source way.

    You're confused and TMB corrected you.

    I don't care about the if's and but's. I'm saying if you run a website with public comments, you need moderation tools. If you don't have convenient moderation tools, your time is going to be tied up on administration (i.e. paperwork-like administration) and legal hassle rather than just "Oh, what a pain... run comment delete tool on those auto-bot-troll-posting-porn".

    There is a difference between moderation tools (the tech), and the reasons to have it (the philosophy). I don't believe people have a right to be forgotten with respect to their public statements. Deleting those is akin to rewriting history. Do you believe it should be okay, or the right-to-be-forgotten should be extended, to video based interviews with people making public statements? It's just a file attachment or a link in a database and surely easy to moderate, but should we?

    The answer is a resounding NO. It will instantly be abused by those in power to "scrub" their images clean of anything undesirable, and then to further control that image. What about 3rd party sites like archival sites. Do they have to remove their archives of my comments on SN?

    I view this as no different than somebody attempting to forcibly modify the public record for their benefit. I do not support the right for your public comments to be deleted, and it isn't in the best interests of society. Legal exceptions must be made for public forums to protect their integrity, and they are very much different than for-profit companies that profit of your information, provide private spaces for information, or offer SaaS.

    --
    Technically, lunchtime is at any moment. It's just a wave function.
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  
    Total Score:   2