blog: Don Marti


How to spam software developers and get away with it?

31 March 2019

(somebody tell me why this doesn't work)

Step 1: Adopt a GDPR Everywhere policy. This is obviously good. Show me a company in the IT business that hasn't decided to go GDPR Everywhere, and I'll show you a company that hasn't finished writing out all the user stories for how to handle it when some users or partners are covered by GDPR and others aren't. Or what happens when you have been giving a user the creepy second-class privacy policy for a while and then they go get married to a European, or go work for a European company, or something. Basically every IT company is going to either go GDPR Everywhere or sign up for years of intricate, expensive legal work and arguments that they'll eventually give up on.

Step 2: Have products and services interact with open source, and collaborate and test upstream. This is also obviously good. Pull open-source Git repositories and run integration testing and metrics and whatever on them. We shouldn't just sit there and pull whatever comes out at the end of the development process, help with the QA, publish peer-reviewed research, whatever.

Step 3: Congratulations, we're now a data controller under Article 14 of the GDPR. Git repositories are full of PII. Every commit includes the developer name and email address.

Oh, no, PII! Does that mean we can't work with open source?

Of course not. Open source is still legal. But we have to comply with our data subject rights obligations under Article 14. We have to contact everyone whose PII we hold, and notify them clearly of what we're doing with their data.

And what are we doing with it? We're using it to do open source QA that feeds into making our product better. And we have to explain what we're doing in our Article 14 notification. So the European Union basically just told us not just that we can send our elevator pitch to a bunch of software developers unsolicited, but that we have to.


Elizabeth Warren Calls for a National Right-to-Repair Law for Tractors

Why Microsoft is backing a major tax hike on itself … and Amazon

Android users’ security and privacy at risk from shadowy ecosystem of pre-installed software, study warns

Beginner’s Guide to Buying Traffic

Lin Clark: Standardizing WASI: A system interface to run WebAssembly outside the web

Thank EU for the music – not the grasping tech giants | Björn Ulvaeus

(from 2010) Defeating the Cookie Monster: How Firefox can Improve Online Privacy

As a musician I’m shocked there’s opposition to a new EU copyright law | Debbie Harry

Canada is becoming a tech hub. Thanks, Donald Trump!

Auction Theory Ph.D.s Share Five Things Buyers And Sellers Should Keep In Mind For First-Price Auctions

Ad Fraud Scheme Drained Users’ Batteries By Running Hidden Video Ads In Android

Instagram Is the Internet’s New Home for Hate

It Took 10 Seconds for Instagram to Push me Into an Anti-Vaxx Rabbit Hole

Digiday Research: 52 percent of publishers haven’t started preparing for the California Consumer Privacy Act