You need to know what's on the cutting-edge of technology. Find out what's coming and the unique Warptest POV with just one click on the "Blog" tile.

All posts tagged EU

GDPR IS LIVE

GDPR like any legislation has unforeseen consequences and impacts. Not for nothing have we learned how little Congress and the EU Parliament comprehend of Facebook or the underlying technologies of the Web, based on their questions when confronting Mark Zuckerberg.

GDPR - Zuckerberg vs EU

These same people in the EU have legislated GDPR. Many will not know exactly what GDPR (The General Data Protection Regulation) is. WordPress provided a guide and template for compliant Privacy Policy that you can see here.

Unless you are currently residing in a cave, your email inbox is probably swamped with mails from websites & apps you have signed up with in the past asking you to opt-in to their updated, GDPR compliant new ToS.

Last night I shared this video on Facebook Live with my take on GDPR and what might be some issues that did not get proper consideration.

 

GDPR & Software Development

Over the last 10 to 15 years, the development culture and lifecycle has been strongly influenced by Web 2.0 both for web / mobile apps and sites. Methodologies also evolved based on technology and platforms to ensure rapid product delivery. Agile & Lean replaced Waterfall methodologies and the culture included these interconnected practices: –

GDPR vs Development Practices

Ultimately MVP (Minimum Viable Product) and the ethos of let the customer test it were based on rapid delivery or a just ship it mentality. Some of this was based on fear of not being first to market, some on the fallacy that software testing was a bottleneck.

Beta testing also allowed release of an incomplete version of the software to a sample group of end users to evaluate customer satisfaction with the product and its features.

These fly in the face of GDPR compliance. De facto, data protection is something that should be baked in from the start and until this becomes habit, most will develop their apps and sites and tack-on data protection after the fact.

Where does MVP go from here?

The Warptest POV

GDPR and the just ship it mentality of MVP are in conflict. Apps and sites will comply because the alternatives are limited. There are companies already opting to block European users until they can be sure they are compliant. Just today, the Verge reported that Instapaper has done this temporarily. We can be certain that smaller developers and startups may opt to keep their apps out of the different European countries App Stores, Play Stores or Windows Stores as the scale of fines are greater than the accrued benefit of onboarding European users prior to compliance.

This leads to some serious questions. What are the geographical boundaries of this law?

  1. What if an EU citizen uses a VPN or some other method to bypass geo-blocking to download an app? Is the app still liable for any violation?
  2. What if an EU citizen is on vacation outside the EU and downloads an app or surfs to a site? Where does the EU see their jurisdiction ending regarding data protection of their citizens?
  3. Microsoft announced that they want to make GDPR the standard for their worldwide operations. Will we see GDPR compliance integrated into their, Apple, Google, Amazon and other app stores?

Big companies like Microsoft do offer GDPR guidance on how to make company IT compliant but the most important question is who in a company developing software, apps or websites should be the expert on GDPR compliance?

The simple answer is every employee involved in delivery must receive GDPR training but, logically the gatekeeper should be someone versed in compliance issues, how to verify and report on them. A smart company will ensure initial compliance by hiring an expert (possibly a consultant) but subsequently, the best person for the job is one of your testing / QA team.

A catastrophic mistake would be to have an employee brush up on GDPR by Googling it. Whoever the designated gatekeeper is should be sent on the appropriate certification course.

Getting back to MVP, it’s going to be up to founders, R&D heads, QA Managers to ensure that their processes evolve to ensure data protection is built-in from day 1. If this means an end to MVP and let the customer test it then this can only have a positive impact on customer satisfaction.

Personally, one of my bigger problems with GDPR is that the EU has repeatedly demonstrated a litigious attitude with anti-trust cases, often against companies like Apple, Google & Microsoft. Is GDPR just another EU kickstarter campaign?

Are you ready for GDPR or have you found a way to opt-out?

EU Says No to Microsoft

The EU Slapped Microsoft Yet Again.

In what seems to be a bad flashback to the 1990’s the EU has fined Microsoft $731M for inhibiting user choice of browser in Windows 7.

According to Venturebeat the fine stems from a bug in Windows 7 SP1 that disabled a browser choice screen. The EU claimed this was a breach of an agreement Microsoft made with them to prevent Windows users in Europe from simply defaulting to Internet Explorer.

You Want the Truth…

The EU seems obsessively fixated on massively fining American multinational technology companies. Microsoft are not alone here, companies like Google have also been subject to the whimsy of the EU Anti-trust “cops”.

The other ugly truths here are: –

    • The people suing Microsoft are the same people deciding if that case has any validity. As the Roman poet Juvenal asked Quis custodiet ipsos custodes? (Who watches the Watchmen?)
    • This case seems to rest on the flawed premise that Europeans are simply too inept to know how to install a different browser. Really?!??
    • Browser usage statistics over the past several years have indicated a world-wide downturn in use of Internet Explorer. This sort of undermines the premise of this case too. Why? Because other desktop browsers have seized a greater market share and because of the increase in Smartphone browser use.

The Warptest POV

The EU is not exactly displaying enlightened self-interest by fining Microsoft $731M for what was not a malicious or intentional breach of agreement. Whilst this bug should not have slipped thru the testing cracks I still maintain that the underlying premise(s) of this case are so flawed that they would be better served working with Microsoft on what the EU wants for Windows 8.

One could accuse the EU of a pattern of pathological behavior that displays xenophobic, Euro-trash tendencies designed to undermine foreign companies operating in Europe or worse that this is a cynical attempt to line the empty coffers of the EU at the expense of private enterprise.

If Steve Ballmer Skype’d me now to discuss this my advice would be simple: the cost of doing business in the EU just got too high. Microsoft cannot allow a situation where the wolf is guarding the sheep.

Steve Ballmer onscreen at Discovery 2012

In an ideal world I would recommend shutting down all Microsoft offices in the EU and moving the jobs to neighboring countries. Microsoft would have to be sadomasochistic to continue the existing relationship with the EU. Let the EU Competition Enforcement Department run a Linux or Mac OS X computer and see if the same inhibited choice of browsers exist there.

Was this Avoidable?

Possibly if Microsoft had fixed this bug on the spot but somehow I feel that past behavior of the EU indicates that one way or another Microsoft were going to get fined.