@cayars I do not know if you are a lawyer or have a background in law but you stated the basics quite well and pointed out, quite concisely, what I have tried to say several times.
It just shows that a legal education does not mean that one can always state exactly what one is trying to say.
Thank you for the wonderful response.
In some ways the GDPR reminds me of the Y2K fiasco. There was a great welling of fear and fear mongering leading up to the event and then, when it happened, what actually happened wasā¦nothing.
The two events are not perfectly analogous but they do have a lot in common and the level of hysteria is VERY similar.
Semi similar situation to yourself Elijah (remember we talked about that a couple of years ago). I no longer work in the law field in any shape or manner and havenāt in 2 years, one week and counting and hopefully never will again.
I read what you said a few times, but it just went ā¦ over everyoneās head just like my post probably will as well. People believe what they want to believe because someone else they agree with said so even if they donāt understand what is said or law. You know the drill.
My specialty regardless of education has always been computers/programming anyway and Iāve been served as CIO of a couple of large companies as well as done lots of CIO type consulting for fortune 50/500 companies as well as consulting for a couple of government agencies over several decades. I now do nothing but consulting and practice retirement.
Hehe, Y2K was a giant fiasco and cost many business tons of money investigating source code and all. I know I made lots of $ on that! The computer world was coming to an end, the date changed and life went on as usual. LOL
@cayars I had forgotten about that conversation. I plead old brain syndrome. At 70 years old my brain is sometimes unable to quickly and easily recall events and conversations.
Actually I sometimes feel like the boy in a Farside cartoon where he is sitting in a schoolroom and raises his hand and says, āMrs. Brown, my brain is full. Can I go home now?ā
Looking back on it I find that I hatted the legal profession and the way it exploited and continues to exploit the general public.
I have not read and do not intend to read the GDPR with the purpose of finding exactly what it does but on my basic reading I believe that it will be found that the GDPR increases the profits for most companies in the data mining business and, of course for lawyers and it makes it harder for the general public to actually protect themselves without lawyers. The GDPR was written by lawyers for lawyers and written in legalese and legalese fulfills one definition of poetry, āThe art of obscuring meaning with language.ā
Iāve read it first to last page a few different times. Way more generic then most people would think.
Nothing I worry about with any of my USA sites, being blunt.
Now if I were Twitter, Facebook or similar Iād be a bit worried and make needed changes since everything they do is āpersonalā. to some extent. But thatās completely different to what this discussion is about as your know. Plex is in a different class of services especially in how they use said data.
Yep same on your general public being screwed comment. I could go on for pages and pages (anyone knowing me would know I can) but will refrain to keep this on target.
@Elijah_Baley said:
I have not read and do not intend to read the GDPR with the purpose of finding exactly what it does but on my basic reading I believe that it will be found that the GDPR increases the profits for most companies in the data mining business and, of course for lawyers and it makes it harder for the general public to actually protect themselves without lawyers. The GDPR was written by lawyers for lawyers and written in legalese and legalese fulfills one definition of poetry, āThe art of obscuring meaning with language.ā
That is so true. All the GDPR did/does is create unnecessary jobs. Nothing more.
@cayars said:
Iāve been watching and reading this thread for a while. I find it kind of funny how the arm chair lawyers all think they know/understand what the new requirements are but probably havenāt even read it, or read it correctly as a lawyer would.
Go back and re-read the different links youāve provided showing why Plex MUST do this or that. While reading your links note terms such as TARGETED, GENERIC, OPTIONAL, PERSONAL and the like.
As an example if I run a site in the USA that doesnāt target you in the EU but you find my site and decide to use my services and I collect NON PERSONAL data Iām just fine. If the data on all my āusersā is stolen but there is not any identifiable info who has been hurt except my business data? I can sell you items and collect information needed to ship items to you which are personal and Iām still just fine. Visa, MC already have this covered for the most part and if I separate your financial info from your personal info even better. Most financial transactions have been like this for a long time. The Financial provider will take care of that and give me a payment token, not your CC data, billing address, etc.
On the other hand if Iām collecting information of a personal nature without your consent that is different. If I target the EU with a survey that is generic and non personal Iām fine. If Iām collecting personal info (address, name, etc) itās different.
Collecting information on a piece of software or web site of how many people use this page or that page in a generic fashion is fine. If I track how many people hit my XYZ page that isnāt personal. If I track specifically every page you specifically visit that is personal. Tracking YOUR SPECIFIC use is problematic without your consent. So for example if what Plex is doing is tracking how many people playback MP4 vs MKV or how many SD vs HD vs 4K items people have in general without it being tied to specific people then there isnāt a problem. None of your personal information has been violated.
Itās similar to having someone stand on the side of a road counting cars to see how busy different roads are so the city can better know what roads to fix first. This would be generic data gathering. Now on the other hand if someone was following you specifically around to see what roads you use, then this is personal and problematic.
With that said Plex should allow easier OPT IN/OUT in general regardless of where you live. Regardless of any laws there is popular opinion of what is right or wrong and choice is always seen favorably.
What these laws are trying to do at the most basic level is stop theft. Yes, someone taking your personal identifiable information without your consent is theft. Someone using your personal identifiable data or services without your consent or reward is theft. Someone using generically gathered data is just doing smart business.
A simple way to think about it is if the data gathered was exposed who could be hurt? Could you the specific user be tied to this data?
Have you ever opened up the network log (in your browser of choice) and opened https://app.plex.tv/desktop? You can clearly see MANY POST requests going to āhttps://analytics.plex.tv/collect/eventā which includes your device ID, user ID and other information. I may be wrong, but I believe that with that information one can easily identify the individual to which the āanonymous analytical dataā refers to.
@zmike808 - What do you mean by āindividualā?
Unless Plex are idiots and store the information in the same location and DB as my home address and CC billing info, āidentityā is still a reach. Data generating profiles of us. Sure. It sucks.
Is it any worse than what FB/YT/Snap/twitter sites track us across the web even if we donāt have an account?
Not really, in my humble opinion.
No need to try to guess what they are collecting. Theyāre pretty transparent about it. https://www.plex.tv/about/privacy-legal/privacy-preferences/#dwc
Thereās even a switch (though it being opt-out instead of opt-in is annoying) to disable some additional data.
@JamminR said: @zmike808 - What do you mean by āindividualā?
Unless Plex are idiots and store the information in the same location and DB as my home address and CC billing info, āidentityā is still a reach. Data generating profiles of us. Sure. It sucks.
Is it any worse than what FB/YT/Snap/twitter sites track us across the web even if we donāt have an account?
Not really, in my humble opinion.
No need to try to guess what they are collecting. Theyāre pretty transparent about it. https://www.plex.tv/about/privacy-legal/privacy-preferences/#dwc
Thereās even a switch (though it being opt-out instead of opt-in is annoying) to disable some additional data.
Fairly certain facebook, YT, SC, twitter, and anything else like it have to and are complying with GDPR. So I donāt see how Plex doesnāt have to comply with GDPR if your saying that theyāre similar?
Also, Plex most likely does log your IP address. The server definitely knows the IP address of everyone using it, so I donāt see why itād be so hard to believe Plex is also including that with their analytics. And from an IP address, and some other information you can get a pretty good estimate on who someone is. An IP address alone can give someones location to an accuracy of less than a 5km radius. Sometimes even 1km.
@zmike808 said:
Also, Plex most likely does log your IP address. The server definitely knows the IP address of everyone using it, so I donāt see why itād be so hard to believe Plex is also including that with their analytics. And from an IP address, and some other information you can get a pretty good estimate on who someone is. An IP address alone can give someones location to an accuracy of less than a 5km radius. Sometimes even 1km.
And may be essential part of Plex to determine region laws and regulations. Just saying.
Since I usually use a VPN that pretty much hides my IP and said VPN places me in New Jersey I guess that drone strike will hit some random location in Jersey. You know it is too bad I cannot choose the exact location returned. There are some people in Jersey thatā¦
@flow Wow, youāre certainly jumping to aggressive fast.
Iām aware. That doesnāt mean I canāt prepare for Plexās eventual failure to deliver. Time is running out and not a peep. I have my reports ready.
Edit: That said, they just sent itā¦ no idea if it was a coincidence or prompted by my post but Iāll pour through it later and see what they keep on me! Thereās an absolute ton there to look through.
Had a bit of a poke around through the JSON files they sent me and it all looks like exactly what youād expect Plex to hold on a user in order to provide the services they do.
Iām a bit uncomfortable with them storing detailed playback information about every playback session (time, date, duration, IP, device, location (including long and lat)) but it seems unrealistic to expect them to not store that information, and I can see no sign that they have even remotely enough information to work out specifically what I was watching.
Of course, who knows if they know things they didnāt reveal. It would obviously be a complete circus around here if it was established that they were recording specific media information.
Iāll keep digging through when I get more time but all seems fairly innocuous so far.
