Europe is bracing itself for a big shake-up in how we pay for things online, which will have significant consequences for businesses across the region. Similar to how GDPR hugely impacted how millions of organizations handle personal data when it was enforced last year, Strong Customer Authentication (or SCA) will have profound implications for how businesses handle online transactions and how we pay for things in our everyday lives when it is enforced on September 14.
SCA will require an extra layer of authentication for online payments. Where a card number and address once sufficed, customers will now be required to include at least two of the following three factors to do anything as simple as order a taxi or pay for a music streaming service. Something they know (like a password or PIN), something they own (like a token or smartphone), and something they are (like a fingerprint or biometric facial features).
https://thenextweb.com/podium/2019/05/10/your-business-passed-the-gdpr-challenge-but-sca-is-next/
(Score: 4, Informative) by NotSanguine on Tuesday May 14 2019, @05:37PM (1 child)
An excellent point. I was unaware that the new California law (it is this law [wikipedia.org], right?) required deletion of comments or the "right to be forgotten."
Now that I've read the text, it's clear that Soylent News doesn't collect the sorts of information covered under the law [wikipedia.org]:
IIUC (and please correct me if I'm wrong), IP addresses are not logged by the system, just hashes of such IP addresses, and those are purged on a rolling schedule.
What's more, the law has specific requirements as to which entities are covered:
I didn't realize that Soylent News met any of those thresholds. If we do, SN is really profitable! And if that's true, you should definitely get paid for all your hard work Buzzard.
No, no, you're not thinking; you're just being logical. --Niels Bohr
(Score: 3, Informative) by The Mighty Buzzard on Wednesday May 15 2019, @11:25AM
We do have unique personal identifiers and email addresses stored. The unique personal identifier is just an auto-incrementing bigint column but it technically fits the definition. The email address is stored but doesn't have to be true.
Sweet! I'm all about not doing things. I can even not do things in my sleep. It's going to eventually become an issue again but the one requirement we're likely to ever hit, 50K or more consumers having info here, almost certainly isn't going to happen before I'm back to having plenty of free time.
My rights don't end where your fear begins.