Difference between revisions of "1998: GDPR"

Explain xkcd: It's 'cause you're dumb.
Jump to: navigation, search
(Explanation)
m (Reverted edits by Donald Trump (talk) to last revision by CRLF)
(26 intermediate revisions by 14 users not shown)
Line 26: Line 26:
 
|-
 
|-
 
|This policy governs your interactions with this website, herein referred to as "The Service", "The Website", "The Internet", or "Facebook", and with all other websites and organizations of any kind.
 
|This policy governs your interactions with this website, herein referred to as "The Service", "The Website", "The Internet", or "Facebook", and with all other websites and organizations of any kind.
|This starts out as a plausibly valid statement including "the service" and "the website".  But then balloons outward to include the entire Internet and Facebook.  As this presumably is a privacy policy only for xkcd, this policy should not attempt to claim that it also represents Facebook or the entire Internet. The extension to Facebook may be a reference to reports that [https://www.smh.com.au/world/asia/facebook-is-the-internet-for-many-people-in-south-east-asia-20180322-p4z5nu.html "for many people ... Facebook is the Internet."]
+
|This starts out as a plausibly valid statement including "the service" and "the website".  But then balloons outward to include the entire Internet and Facebook.  As this presumably is a privacy policy only for xkcd, this policy should not attempt to claim that it also represents and governs Facebook or the entire Internet. The extension to Facebook may be a reference to reports that [https://www.smh.com.au/world/asia/facebook-is-the-internet-for-many-people-in-south-east-asia-20180322-p4z5nu.html "for many people ... Facebook is the Internet."]
 
|-
 
|-
 
|The enumeration in this policy, of certain rights, shall not be construed to deny or disparage others retained by the users. By using this service, you opt in to quartering troops in your home.
 
|The enumeration in this policy, of certain rights, shall not be construed to deny or disparage others retained by the users. By using this service, you opt in to quartering troops in your home.
Line 34: Line 34:
 
|-
 
|-
 
|Please don't send us your personal information. We do not want your personal information. We have a hard enough time keeping track of our ''own'' personal information, let alone yours.
 
|Please don't send us your personal information. We do not want your personal information. We have a hard enough time keeping track of our ''own'' personal information, let alone yours.
|"Please don't send us your personal information" is also a phrase never expected to be found ever in a privacy policy, though [https://www.improbableisland.com/privacy.php some come close].  A privacy policy, by default, is a contract users agree to BECAUSE personal information is being stored. This is likely a reference to the previous comic [[1997: Business Update]] or perhaps [[1506: xkcloud]].
+
|"Please don't send us your personal information" is also a phrase never expected to be found ever in a privacy policy, though [https://www.improbableisland.com/privacy.php some come close].  A privacy policy, by default, is a contract users agree to BECAUSE personal information is being stored. This formulation [https://law.stackexchange.com/questions/44044/unsolicited-ideas-clause-in-terms-of-service-in-the-context-of-corporate-email-c "resembles the unsolicited ideas part of a terms of use contract"], where a company asks not to be sent suggestions or inspiration by its users and claims all IP rights on such unsolicited ideas. This can also be a reference to the previous comic [[1997: Business Update]] or perhaps [[1506: xkcloud]].
 
|-
 
|-
 
|If you tell us your name, or any identifying information, we will forget it immediately. The next time we see you, we'll struggle to remember who you are, and try desperately to get through the conversation so we can go online and hopefully figure it out.
 
|If you tell us your name, or any identifying information, we will forget it immediately. The next time we see you, we'll struggle to remember who you are, and try desperately to get through the conversation so we can go online and hopefully figure it out.
Line 45: Line 45:
 
|-
 
|-
 
|We use cookies to enhance your performance.
 
|We use cookies to enhance your performance.
|This apparently says that Randall is giving out actual cookies that can be eaten. Privacy policies normally deal with electronic cookies that track user activity and store personal information.
+
|Privacy policies normally deal with electronic cookies that track user activity and store personal information. This apparently says that Randall is giving out actual cookies that can be eaten. Depending on what "enhance your performance" means, these cookies may contain steroids, nootropics, or other compounds that alter the users' physiology. Depending on the particular compounds, their purpose, and the jurisdiction, this may be illegal. Another more innocuous possibility is that Randall is simply giving users a tasty treat as a reward, which may make users more motivated in their tasks, and therefore have their performance enhanced.
 
|-
 
|-
 
|Our website may use local storage on your device if we run low on space on our end.
 
|Our website may use local storage on your device if we run low on space on our end.
Line 78: Line 78:
 
|-
 
|-
 
|If you know anyone in Europe, please tell them we're cool.
 
|If you know anyone in Europe, please tell them we're cool.
|Randall implies that the data protection regulation would have a major impact on European citizens while the U.S. isn't involved. Both aren't true, because many of the regulation already existed before in other national or European wide laws which the GDPR just states more precisely and all U.S. websites with an audience in Europe had to adopt their policies because they fall within the scope of the law. Nonetheless, most European citizens stayed cool as well.
+
|Randall implies that the data protection regulation would have a major impact on European citizens while the U.S. isn't involved. Both aren't true, because many of the regulation already existed before in other national or European wide laws which the GDPR just states more precisely and all U.S. websites with an audience in Europe had to adopt their policies because they fall within the scope of the law. Nonetheless, most European citizens stayed cool as well. Cool may mean trendy, as in the website does not seem backwards and old-fashioned, okay/safe, as in the website is trying to ensure Europeans that it will not harvest their organs, or, knowing xkcd, physically cool, as in the website's headquarters sets the thermostat low.
 
|}
 
|}
  

Revision as of 20:02, 26 May 2022

GDPR
By clicking anywhere, scrolling, or closing this notification, you agree to be legally bound by the witch Sycorax within a cloven pine.
Title text: By clicking anywhere, scrolling, or closing this notification, you agree to be legally bound by the witch Sycorax within a cloven pine.

Explanation

This comic was released on the date on which the General Data Protection Regulation (GDPR) law went into effect. Most people will have already seen a large number of updated privacy policies in the week or two leading up to this law going active. And while xkcd would likely be outside of the jurisdiction that the law can enforce, it technically does fall within the scope of the law (as certainly EU citizens visit xkcd). This extra-territorial applicability is one of the major keys in this regulation and can be seen in more detail at the EU GDPR Information Portal.

There are several references made to this law, but also several jokes are included about the way people treat privacy policies specifically, and user agreements in general.

The comic is a joke privacy policy, with terms that no one would agree to under normal circumstances. In most cases, website users will use websites without reading the policies, potentially "agreeing" to something unexpected.

What Randall says Explanation
Privacy policy
We've updated our privacy policy. This is purely out of the goodness of our hearts, and has nothing to do with any hypothetical unions on any particular continents. "purely out of the goodness of our hearts" is a phrase never expected to be found ever anywhere in any privacy policy. "and has nothing to do with ..." is a blatantly transparent lie - if this were a real privacy policy. Randall likely makes fun of companies announcing changes to their privacy policy without mentioning the GDPR being the reason, which tries to create the impression that the companies just wanted to improve it without being forced to do so.
Please read every part of this policy carefully, and don't just skip ahead looking for sex scenes. It's not unheard of for people watching B-movies to try and skip ahead to sex scenes. This is also likely a reference to how most users don't read a website's privacy policy and skip to the bottom looking to the button to close it out.
This policy governs your interactions with this website, herein referred to as "The Service", "The Website", "The Internet", or "Facebook", and with all other websites and organizations of any kind. This starts out as a plausibly valid statement including "the service" and "the website". But then balloons outward to include the entire Internet and Facebook. As this presumably is a privacy policy only for xkcd, this policy should not attempt to claim that it also represents and governs Facebook or the entire Internet. The extension to Facebook may be a reference to reports that "for many people ... Facebook is the Internet."
The enumeration in this policy, of certain rights, shall not be construed to deny or disparage others retained by the users. By using this service, you opt in to quartering troops in your home. The language that the privacy policy will not "deny or disparage" any preexisting rights mirrors that of the Ninth Amendment to the United States Constitution, substituting "this policy" for "the Constitution" and "users" for "people." The agreement claims that it does not "deny or disparage" any of the user's other rights, but then immediately denies the user the right not to quarter troops in their home, which is a constitutional right described by the Third Amendment to the United States Constitution. Refusing to quarter troops in one's home was previously referenced in 496: Secretary: Part 3. Note that the Third Amendment only applies to Americans. However, less specific written laws guaranteeing the privacy of one's home also exist in nearly all European countries.
Your personal information
Please don't send us your personal information. We do not want your personal information. We have a hard enough time keeping track of our own personal information, let alone yours. "Please don't send us your personal information" is also a phrase never expected to be found ever in a privacy policy, though some come close. A privacy policy, by default, is a contract users agree to BECAUSE personal information is being stored. This formulation "resembles the unsolicited ideas part of a terms of use contract", where a company asks not to be sent suggestions or inspiration by its users and claims all IP rights on such unsolicited ideas. This can also be a reference to the previous comic 1997: Business Update or perhaps 1506: xkcloud.
If you tell us your name, or any identifying information, we will forget it immediately. The next time we see you, we'll struggle to remember who you are, and try desperately to get through the conversation so we can go online and hopefully figure it out. Long, awkward conversations and forgetting people's names are both themes featured in previous XKCD comics.
Tracking pixels, cookies, and beacons
This website places pixels on your screen in order to form text and images, some of which may remain in your memory after you close the page. "This website places pixels" is something websites are designed to do and has nothing to do with privacy policies. Websites are more often employing "tracking pixels" from companies such as Facebook and Twitter, which is an image file that is hosted on an external server that allows cross-platform and cross-session tracking for targeted advertisements. This is a controversial topic, as many people are against this kind of usage tracking.
We use cookies to enhance your performance. Privacy policies normally deal with electronic cookies that track user activity and store personal information. This apparently says that Randall is giving out actual cookies that can be eaten. Depending on what "enhance your performance" means, these cookies may contain steroids, nootropics, or other compounds that alter the users' physiology. Depending on the particular compounds, their purpose, and the jurisdiction, this may be illegal. Another more innocuous possibility is that Randall is simply giving users a tasty treat as a reward, which may make users more motivated in their tasks, and therefore have their performance enhanced.
Our website may use local storage on your device if we run low on space on our end. "may use local storage" is threatening to turn the user's device into cloud storage should Randall run out of space on his drive.
We may use beacons to call Rohan for aid. Beacons in privacy policies usually refer to web beacons. This privacy policy refers to the Warning beacons of Gondor, a system to call for aid used by Gondor in The Lord of the Rings. They were used before the Battle of the Pelennor Fields to request the aid of the Rohirrim, the inhabitants of Rohan. The use of the Beacons has previously been mentioned in 921: Delivery Notification.
3rd party extension
This service may utilize 3rd party extensions in order to play the song Can U Feel It from their debut album Alive. 3rd Party was a three-member dance-pop group that released one album in 1997, "Alive". In software, "third-party extensions" are small programs that plug into a larger program to modify its behavior, and are created neither by the maker of the larger program nor the user.
Permission
For users who are citizens of the European Union, we will now be requesting permission before initiating organ harvesting. This part can be construed in several frightening ways. 1. We will ask you after you die if you are willing to donate your organs. 2. We were not asking permission before, but now we have to ask. 3. We will ask you, but your answer doesn't actually matter. 4. We've switched from an organ donation program (legal) to an organ harvesting program (wildly illegal). 5. Anyone not in the EU will have (or, possibly, continue to have) their organs harvested without permission. Besides these frightening scenarios, there is also the question of how a website (and not a doctor) is going to perform the harvesting.
Scope and limitations
This policy supersedes any applicable federal, state, and local laws, regulations and ordinances, international treaties, and legal agreements that would otherwise apply. This is an apparently valid statement. Its inclusiveness is quite extreme, but appears to be a technically valid statement. However, many laws and constitutional rights cannot be superseded by an ordinary privacy policy.
If any provision of this policy is found by a court to be unenforceable, it nevertheless remains in force. This part claims to have higher jurisdiction than any court and can somehow maintain legality even if a court disagrees. A typical policy would read that an unenforceable provision would not invalidate the rest of the policy.
This organization is not liable and this agreement shall not be construed. "not liable" and "shall not be construed" are blanket statements that are supposed to have limiters. For example, a restaurant could have a policy stating "not liable for burns received from our hot coffee." A statement made to a court could say "The defendant's statement of giving the prostitute money shall not be construed as an admission of committing a crime." This makes little sense when claiming the website “is not liable” for anything, and “shall not be construed” to have any meaning whatsoever.
These statements have not been evaluated by the FDA. This website is intended to treat, cure and prevent any disease. The Food and Drug Administration has nothing to do with privacy policies, but anything that promotes itself as being intended to prevent, cure or treat disease requires FDA approval. To circumvent the need for FDA approval (which requires very expensive statistically significant double blind clinical trials), the labels on unapproved herbal remedies state they are “not intended to prevent, cure or treat any disease.” In some cases, this statement appears to be false, although not as patently absurd as the claim that xkcd will treat, cure and prevent any disease, which, if taken literally and not as a joke, would require the site to be FDA approved.
If you know anyone in Europe, please tell them we're cool. Randall implies that the data protection regulation would have a major impact on European citizens while the U.S. isn't involved. Both aren't true, because many of the regulation already existed before in other national or European wide laws which the GDPR just states more precisely and all U.S. websites with an audience in Europe had to adopt their policies because they fall within the scope of the law. Nonetheless, most European citizens stayed cool as well. Cool may mean trendy, as in the website does not seem backwards and old-fashioned, okay/safe, as in the website is trying to ensure Europeans that it will not harvest their organs, or, knowing xkcd, physically cool, as in the website's headquarters sets the thermostat low.

The title text is a reference to Shakespeare's "The Tempest", in which the witch Sycorax imprisoned the sprite Ariel in a cloven pine prior to Ariel's rescue by Prospero. As this clause cannot be escaped by anything short of restarting your computer, it may also reflect on how hard it often proves to be to opt out of privacy policy agreements and other forms to be filled on website, for all that they may appear optional. The fact that it appears as a title-text akin to a footnote, which a careless reader of the Privacy Policy may not notice at first glance, may also continue the joke of small but unexpected clauses hidden amidst a long-winded block of legalese, agreed to by users who haven't read them.

Transcript

[The picture shows a long text:]
Privacy policy
We've updated our privacy policy. This is purely out of the goodness of our hearts, and has nothing to do with any hypothetical unions on any particular continents. Please read every part of this policy carefully, and don't just skip ahead looking for sex scenes.
This policy governs your interactions with this website, herein referred to as "The Service", "The Website", "The Internet", or "Facebook", and with all other websites and organizations of any kind. The enumeration in this policy, of certain rights, shall not be construed to deny or disparage others retained by the users. By using this service, you opt in to quartering troops in your home.
Your personal information
Please don't send us your personal information. We do not want your personal information. We have a hard enough time keeping track of our own personal information, let alone yours.
If you tell us your name, or any identifying information, we will forget it immediately. The next time we see you, we'll struggle to remember who you are, and try desperately to get through the conversation so we can go online and hopefully figure it out.
Tracking pixels, cookies, and beacons
This website places pixels on your screen in order to form text and images, some of which may remain in your memory after you close the page. We use cookies to enhance your performance. Our website may use local storage on your device if we run low on space on our end. We may use beacons to call Rohan for aid.
3rd party extension
This service may utilize 3rd party extensions in order to play the song Can U Feel It from their debut album Alive.
Permission
For users who are citizens of the European Union, we will now be requesting permission before initiating organ harvesting.
Scope and limitations
This policy supersedes any applicable federal, state, and local laws, regulations and ordinances, international treaties, and legal agreements that would otherwise apply. If any provision of this policy is found by a court to be unenforceable, it nevertheless remains in force.
This organization is not liable and this agreement shall not be construed. These statements have not been evaluated by the FDA. This website is intended to treat, cure and prevent any disease.
If you know anyone in Europe, please tell them we're cool.


comment.png add a comment! ⋅ comment.png add a topic (use sparingly)! ⋅ Icons-mini-action refresh blue.gif refresh comments!

Discussion

This comic is a joke privacy policy, playing off a few things. Everyone right now is updating their privacy policy to meet the new requirements from the European Union coming into effect today, 2018-05-25, the GDPR. Link to wikipedia: [1]. It also is pointing out that no one ever reads them "by using this website you opt in to quartering troops in your home", something you probably did not agree to. --Fwacer (talk) 19:35, 25 May 2018 (UTC)

Your wording "joke privacy policy" is really good and you should add it to the existing explanation. Lassombra (talk) 19:41, 25 May 2018 (UTC)
Thanks, I have added that. First edit! --Fwacer (talk) 20:25, 25 May 2018 (UTC)

Fortunately, this doesn't appear to supersede the Shadow Proclamation. Also, I wouldn't mind quartering troops in my home if they were sexy... 172.68.90.82 20:56, 25 May 2018 (UTC) SiliconWolf

I wonder if this is the privacy policy of Beret Guy's company since he mentioned in the last comic that people keep sending them personal info even though they had asked them to stop.--172.69.42.112 21:07, 25 May 2018 (UTC)

What's the deal with the "Created by a Bot" coming up with relevant jokes as to what the explanation was created by? I didn't search exhaustively, but couldn't find any hints in other discussion pages. Is there a link to a discussion on this? Who did this? Dgbrt? I'm very curious. 00:30, 26 May 2018 (UTC) -- DanB (talk) (please sign your comments with ~~~~)

I've written the program creating the new pages when a new comic is out. It's run by the profile DgbrtBOT. This ensures that all comic pages look similar, the navigation works, and more. --Dgbrt (talk) 01:12, 26 May 2018 (UTC)
I see that now. But didn't it used to just say "Created by a bot" and not "Created by something relevant"? Or has it always done that and I missed it? Is it a reference to a comic, or just something fun? Thanks for all your work on this site, by the way. DanB (talk) 17:40, 26 May 2018 (UTC)
The original text is: "Created by a BOT - Please change this comment when editing this page. Do NOT delete this tag too soon." Check the history. And when a new comic is out there is always a race about being the first to change the word BOT to something else. It was funny when that happened first, but as every joke it isn't funny anymore when it's overused. --Dgbrt (talk) 19:01, 26 May 2018 (UTC)

It also means if you are not a citizen of the European Union, your organs can be harvested without permission, doesn't it? 162.158.62.39 (talk) (please sign your comments with ~~~~)

That depends on whether you have instructed that your whole body be supercool-vitrified and stored around Titan for until the exoplanet colony ships depart. 172.68.34.106 05:54, 26 May 2018 (UTC)

This comic failed to allow me to turn off everything Trump has ever tried to pay for; therefore, Randall owes me €300,000. 172.68.34.106 05:54, 26 May 2018 (UTC)

Point of technicality:

"purely out of the goodness of our hearts" is a phrase never expected to be found ever anywhere in any privacy policy

Aren't I allowed to block ads from funding sources which include organizations whose privacy policies don't provide goods or services purely out of the goodness of their hearts? 172.68.34.106 06:17, 26 May 2018 (UTC)

...similar laws preventing troops being quartert in ones home also exist in European countries

I don't know every European constitution but I probably would know this. The Third Amendment to the United States Constitution seems to be very unique to me. Laws about troops should exist in every country but this is about a constitution. If nobody disagrees this has to be removed or enhanced. --Dgbrt (talk) 14:58, 26 May 2018 (UTC)

I don't know, I can say for myself that when I read "similar laws", I understood just that - laws. I don't think the sentence implies it is also part of the constitution in those countries. But if you misread it that way, others may, too, and ambiguity is never a good thing, so feel free to clear it up if you want, but I wouldn't remove the reference to those laws entirely. Jaalenja (talk) 06:06, 28 May 2018 (UTC)
suggest changing to "but then immediately forces the user to agree to quarter troops in their home, which is a violation of the Third Amendment to the United States Constitution and against the law in many other countries." or something along those lines, would read much clearer. Please excuse if my formatting sucks, this is my first wiki suggestion, ever, ya done popped my cherry. SPeD173.245.52.121 08:30, 28 May 2018 (UTC)
In Germy, while not specifying statoning of troops directly, §13 Grundgesetz guarantees the inviolability of the apartment. Stationing troops in ones home would violate that part of the German constitution. 162.158.89.37 12:15, 28 May 2018 (UTC)

I summarize: Explicitly mentioning troops being quartert in ones home is unique to the US constitution but most other countries have more common articles preventing the same. This narrow description on this matter only exists in the Third Amendment. --Dgbrt (talk) 14:02, 28 May 2018 (UTC)

Moved from the first paragraph
- this is incorrect, EU law applies to all legal entities currently physically within the EU - just like every other law and state in the world. If xkcd has a legal representative of some kind in the EU then it would be enforceable on that representative. so much fud.)

This was entered by IP 162.158.38.70 at the explanation but should be discussed here which may be followed by some changes in the explanation. Please do not enter discussions at the explanation. --Dgbrt (talk) 18:48, 26 May 2018 (UTC)

False. GDPR art. 3 (2): "This Regulation applies to the processing of personal data of data subjects who are in the Union by a controller or processor not established in the Union, where the processing activities are related to: the offering of goods or services, irrespective of whether a payment of the data subject is required, to such data subjects in the Union; or the monitoring of their behaviour as far as their behaviour takes place within the Union." So, if you're not physically present in the UE it might be harder to enforce, but may still be applicable. Don't want that? Then don't track EU citizens, or simply don't do business there at all.--162.158.91.89 10:26, 28 May 2018 (UTC)
Thanks, it's obvious the first paragraph in the explanation is correct. We should accompany it with a proper link. --Dgbrt (talk) 14:02, 28 May 2018 (UTC)
Done. A link to eugdpr.org seems better than a Wikipedia article. --Dgbrt (talk) 15:55, 28 May 2018 (UTC)
You are aware that eugdpr.org is not an official site? I'd expect it to be abandoned when the whole GDPR hype is over. 162.158.93.39 17:39, 28 May 2018 (UTC)
Yes, I'm aware of this. But Wikipedia isn't too. Any better idea? I wouldn't mind. --Dgbrt (talk) 18:21, 28 May 2018 (UTC)
I think [2] is the official page. Jdluk (talk) 10:26, 29 May 2018 (UTC)
Thanks for the link, but that's really TL;DR. The eugdpr.org article puts the extra-territorial thing to the top, that's what the first paragraph is about. Haven't done further research right now, but a newspaper article covering the same issue is maybe better. --Dgbrt (talk) 20:39, 29 May 2018 (UTC)
Oh, I agree! It is law, after all, and EU law at that. Of *course* it's TL;DR. That's why I didn't add it to the article. But if someone wants official, that's probably it.Jdluk (talk) 22:14, 29 May 2018 (UTC)

"Permissions" reminds me of Monty Python's Meaning of Life Part V: Live Organ Transplants. See https://www.youtube.com/watch?v=Sp-pU8TFsg0 162.158.75.4 (talk) (please sign your comments with ~~~~)

Policy is not an Agreement?

The explanation mentions in several places "the agreement" -- my understanding of a privacy policy is that it is more like a promise than an agreement; the entity declaring the policy is bound to it whether I agree to it or not. It lays out rules that the site operator will adhere to in obtaining consent, which seems different from an agreement to me. 162.158.93.39 17:35, 28 May 2018 (UTC)

Here in the netherlands, there is a law going into effect in a few years that allows the government to harvest your organs after death even without permission, as long as you didn't register against this. This sounds plenty like the organ harvesting part. 141.101.104.53 11:55, 29 May 2018 (UTC)

"This website places pixels on your screen in order to form text and images, some of which may remain in your memory after you close the page." Uh, yeah, I'd hope I'd remember some of the page... Your memory, not your computer's. 162.158.78.28 01:09, 3 June 2018 (UTC)

I did expect to see an entry in the agreement something like "Cookies may be employed, depending on how peckish the server is" :-) --OliReading (talk) 10:03, 3 June 2018 (UTC)