In point number 3, you state that one of the trains caused the accident, whereas the cause of the accident is not yet known and could be for example an issue in the rails themselves.
Yes, that was not accurate and you're correct, it's still not clear what caused the first train to derail to begin with.
The way I looked at it is that the first train derailing wasn't a big issue, I don't think it caused any injuries. What was really catastrophic was the impact with the second train.
How do you object to the site's legitimate interest use of your personal data? That is a legal grounds for processing, which can be enabled by default as long as you are provided with an option to actively object.
>How do you object to the site's legitimate interest use of your personal data?
With the legitimate individual control over one own data required to run a healthy society and unavoidable to sustain a democracy. If a business can't exist without threatening society, the sooner it's going out of existence the better.
If it is an actual legitimate interest then you would likely be expected to contact the site out of band to object to the use of your data. Depending on the technical details you might not be able to continue using the site after a successful objection. In some cases the site might be able to reject your request.
The cookie banner thing is intended to allow the user to explicitly provide consent, should they for some reason wish to do so.
The cookie banners are routinely used to object to "legitimate interest" uses and the corresponding sites continue to work normally, not sure what your alternate understanding is based on.
The cookie banners are for initial consent. You just consent to less stuff sometimes.
A website might claim some sort of legitimate interest for the initial collection of data but might not think that they can claim that for the retention of data I suppose. That would seem kind of dodgy to me...
Just because a website claims something doesn't mean it is valid. There isn't a lot that falls under legitimate interest for a website.
It’s also to check if something works. I recently added something new and while I cannot and will not track any personally identifying information, I still need some data if people go through the whole process alright. That covers legitimate interest. It’s the minimum data I collect and its get wiped after some time.
An IP address is not "personally identifiable data". You can not know who the person is just because you got an IP address in the request.
We are almost 10 years into the GDPR, and we still have these gross misunderstandings about how to interpret it. Meanwhile, it has done nothing to stop companies from tracking people and for AI scrapers to run around. If this is not a perfect example of Regulatory Capture in action, I don't know what is.
> An IP address is not "personally identifiable data".
GDPR says it is [1][2].
> We are almost 10 years into the GDPR, and we still have these gross misunderstandings
Because people would rather smugly and confidently post about their gross misunderstandings. If only there was some place to read about this and learn. I’ll give you the money shot to save 10 more years:
> Fortunately, the GDPR provides several examples in Recital 30 that include:
> Internet protocol (IP) addresses;
From Recital 30:
> Natural persons may be associated with online identifiers provided by their devices, applications, tools and protocols, such as internet protocol addresses
When an IP address is linked to any other data, then it counts as PII. By itself, it's not.
So, sure, if you stick the user's IP address on a cookie from a third-party service, you are sharing PII. But this is absolutely not the same as saying "you need to claim legimate interest to serve anything, because you will need their IP address".
IPs are PII even before you inevitably link them to something in your logs. If you can make a case that you absolutely don’t store them anywhere, they’re just transiently handled by your network card, maybe you get away with it but only because someone else along the stream covers this for you (your hosting provider, your ISP, etc.)
Source: I have been cursed to work on too many Data Protection Impact Assessments, and Records of Processing Activities together with actual lawyers.
Basically we are in agreement: IP addresses, by themselves, are not PII, only when they are linked to other information (a cookie, a request log) then it consitutes processing.
So, apologies if I was not precise on my comment, but I still stand by the idea: you don't need to a consent screen that says "we collect your IP address", if that's all you do.
Not really, no. I don’t think I can make it more clear than I, or the law, already did: IPs are PII no matter what. Period. It’s literally spelled out in the law.
The misconception is that you need explicit consent for any kind of processing of PII. That is not the case. The law gives you alternatives to consent, if you can justify them. Some will confuse this with “must mean IPs aren’t PII”, which is not the case.
An IP address linked with the website being accessed is already PII.
When serving content, you're by necessity linking it to a website that's being accessed.
For example, if grindr.com had a display in their offices that showed the IP address of the request that's currently being handled, that's not saving or publishing or linking the data, but it's still obvious PII.
IP address is considered personal data and can be considered personally identifiable data in some circumstances for example if you can geolocate someone to a small area using it
- they don't care about the cookies they are setting on their properties, if most of the functionality they have require you to be authenticated anyway.
- These "smaller websites" are exactly the ones more likely than not to be Google's and Facebook's largest source of data, because these sites are the ones using Google Analytics/Meta Pixel/etc.
This is not my experience at all with Facebook. Since six months ago or so, Facebook is saying my three option are to pay them a subscription, accept tracking, or not use their products. I went with option three, but my reading of the GDPR as that it's illegal for them to ask me to make this choice.
I'm in Spain, this is probably not the same worldwide.
The "Reject all" does not in fact reject all. They are taking extreme liberties with the "legitimate interest" clause to effectively do all tracking and analytics under it.
The YouTube consent screen for example includes this as a mandatory item:
> Measure audience engagement and site statistics to understand how our services are used and enhance the quality of those services
I don't believe this complies with the GDPR to have this mandatory.
800 W is que conservative for a schucko plug, which is typically rated for 13 or 16 A (>3000 W). I regularly charge the car at 10 amps (2400 W) on a schucko.
The problem is not the plug itself but the rating for the circuit it's connected to. If there is a 16A breaker for the circuit to protect the wiring from overload but you add 10A via a plugged in battery you're now allowing a total of 26A to flow through those same wires.
The 800W is a compromise, the wiring for a 16A circuit (typically 2.5 mm2) is able to handle 20A without a fire risk.
If you install the same battery in a fixed setup by an electrician it would be on a dedicated circuit so the only limit is the wiring of that circuit and the breaker you let them install. They would then also consider limits on the upstream wiring and things like earth fault protection.
I had separate circuits installed for my solar and future battery, using 4 mm2 wiring and 25A breakers. Only a small change to the central installation swapping the earth fault protection for one that was rated for higher currents.
Yes! However, we are not allowed in Germany to use more than >800W on a Battery with a Schuko Plug, without a certified electrician. Everything is regulated! :D
I have been waiting for the electrician to hardwire the battery for about six months. He said he would stop by next week. Once he has done that, I will increase the maximum charge/discharge power to 1500 W (conservative, I know, but I think I don't need more to fully charge/discharge the battery on regular days).
I don't think this is a Schuko limitation... 800W is a limit that you can send back to the grid without having a properly registered PV plant with a normal inverter. Your meter might disconnect you if you try to send more.
He has 30 kW solar so the registration with the grid operator already happened.
This isn't a grid limitation but a rule about safe home installations. The limits are low for things the general public gets to plug in on their own. Those simple limits don't apply to the same battery installed by a professional. Professionals would instead follow a more complex set of rules and make some calculations, allowing for much higher currents if done in the right way.
What you say is correct. Except: As the AC battery was installed four years after the PV system, I did have to register it separately with the grid operator, which included creating a new entry in the Martstammdatenregister. In other words, registering the PV system and the battery were two completely separate processes for me.
The Iberian outage had nothing to do with inertia.
The root cause was insufficient dispatch of reactive power due to non compliance of some power providers, and ultimately traceable to outdated procedures for the dispatch of reactive power.
Don't waste your time and money on funding bug bounties or "getting audits done". Your staff will add another big security flaw just the next day, back to square one.
reply