>Evernote CEO Phil Libin announced at the recent Le Web London conference that the company will soon set up a protected fund and include a legally binding guaratee that users’ data will be maintained for 100 years
That almost sounds like a threat to commit a crime in certain jurisdictions. A lot has changed regarding how we talk about data in the last decade.
> legally binding guaratee that users’ data will be maintained for 100 years
That almost sounds like a threat to commit a crime in certain jurisdictions.
It’s (or was) the promise for you to be able to access your data for so long, provided you agree. Not hoarding private data against your will.
Seems like a lot of these replies are skipping over the “almost” in my comment. I was not being literal. I was pointing out that they simply assumed that all users would want this. There was no “provided you agree” disclaimer in their comments. If anything, the specifics of it being 100 years actually implies that consent isn’t even a consideration since we can assume that nearly all Evernote users will be dead in 100 years. It is a strange reminder that so few people were concerned about this sort of thing in 2012.
Better start burning down the libraries too then? Preserving customer data with their explicit consent isn't related to data retention rules in privacy laws.
That announcement was in 2012.[1] Did they do it? I can't find any indication that they actually implemented it. Which was a good reason to get off Evernote a decade ago.
GDPR was not designed to target service providers providing a data service storing and processing data that the customer explicitly contracted for. That would be under data processing which has different rules.
Unless the guarantee was for Evernote to hold this data for 100 years irrespective of what the customer wishes and for example after the customer has ended their contract for the service, this angle doesn't apply.
Many companies are purging data associated with inactive accounts as part of data minimization. If the user specifically asked for indefinite retention before going inactive, that might be one thing, but as a general practice it could be risky.
A data processor has no say in how and for how long is the data stored. They implement exactly hat the data controller said, not more, not less. So in this case guaranteeing 100 years is just nonsense. But... in our case it's Evernote itself who gathered all its own data from its own users according to its own rules, so I really struggle to understand why you won't see them as data controllers.
As far as GDPR is concerned, I think they are a controller if they are processing data to provide their service they run to customers. The control how that service works, and are not processing data on behalf of a controller explicitly under their written instructions. If they were a service used by a company like this, they would be a processor. The rertention period here is presumably until the user closes their account or deletes the data from it, possibly plus some period to allow for Evernote to delete it, and the basis is performance of the contract created by their terms of service, or consent. If so, they don't have to delete it until they are instructed to bny the user. They would have to probvide for a way gfor it to be deleted by the organisation they setup to retain it when setting that up though. That organisation would be a processor, unless an explicit relationship with the customer was created with them (which I would expect there would be as part of the user accepting using it), in which case I think it would also be a controller. Either way, they would be responsible for deleting the data when the customer wants it deleted because either they would be as a result of their relationship with the cuastomer if they were a controller, or because it would (have to be) be part of the terms of the processoring agreement with Evernote.
Holding data is on ongoing behavior. It isn't an ex post facto law to change how a company handles it in the future. Coca-Cola can't sell you a soda with cocaine in it just because it was legal when they started their business.
What would make it an ex post facto law is if companies were punished for how they handled data before the law was created. It is perfectly reasonable to punish them if they continue that same behavior after the law was created.
Copying my comment from a couple of days ago as that is simply not practically true:
>All my university systems run on Microsoft. All my future employers' systems will probably run on Microsoft. All public transport in my country effectively requires an app which is tied to either Google or Apple operating systems to buy tickets. Schools require students as young as 6 years old to have an iPad or chromebook tied to Google or Apple.
>There is no real choice in our modern society to "not give your personal data" to these megacorps.
You'd have to be homeless, unemployed, unbanked and practically a hermit to even approach "opting out" from this private law. That's not a real choice.
The solution is to have goverments use Linux which many do, use libre office suites, sponsor projects that government project's outsourcing companies use. Web interfaces for all services without needing to signup for a third party EULA.
Sadly though, that still doesn't resolve other problems.
How many people have gmail addresses? Use Google products, such as Google's VOIP service? How many cars, or home(now) come with such products built in?
I guess what I'm getting at is, even if you do your best to purge yourself, and even if you try to purge the government, you're still left dealing with people, and if you email them at gmail, then Google still gets the entire conversation.
And if we somehow manage to create at "Don't store this" situation, will it be like when the Canadian government passed a law, forcing Google, Facebook, etc to pay for linking to stories? Just as Australia did?
They're effectively dropped all Canadian news sources.
So, would they "drop" users who have requested no data storage? That is, you cannot email anyone at gmail? It goes into a dead hole?
I suspect that freemium, as a business model, is going to be completely incompatible with democracy.
Crime against humanity didn't even exist as a concept (let alone a law) before Nuremberg, do you think the condamnation of the nazis there as “uncivilized”?
The retroactive criminalisation at Nuremberg absolutely was controversial at the time. It only got pushed through because of US instance. It is literally an example of might making right.
It is voluntarily ridiculously extreme, because the parent comment was itself ridiculously categorical.
The thing is: most of the time, retro-active laws are dangerous tools that should be used rarely and with caution, but sometimes and when some people have been doing something that they knew was evil even though not technically illegal, it can make sense to punish them with laws designed after the fact.
That’s one line everyone remembers snipped from somewhat more nuanced context.
Knuth said: "Programmers waste enormous amounts of time thinking about, or worrying about, the speed of noncritical parts of their programs, and these attempts at efficiency actually have a strong negative impact when debugging and maintenance are considered. We should forget about small efficiencies, say about 97% of the time: premature optimization is the root of all evil. Yet we should not pass up our opportunities in that critical 3%."
No, it’s not a threat to commit a crime (grandparent wrote “almost”).
Still, the problem remains; i.e. a new law is likely to require you to remove some content that you’ve been serving or to change the way you’re handling the content.
> legally binding guaratee that users’data will be maintained for 100 years
This sounds mostly like a PR stunt to use the word "legally" to try to instill a false sense of confidence in users when in reality, "legally" doesn't mean much. Legally binding to what? The corporation? The corporation can run out of funds and die in 2 years, and then the contract isn't bound to anything.
Legally binding for 100 years has NOTHING to do with staying alive for 100 years.
If you send an email from gmail to me, you don't get to ask that it be deleted just because you decide to delete your own gmail account. (Well you can ask but it would be unreasonable to comply. Same, if arguably less strongly, for comments you've made on posts or in threads on social media.)
I wonder if this eroding trust with startups and companies will become a real problem for them. I mean by now things like "lifetime subscription" have little meaning coming a commercial entity.
Well, I'm off enjoying the last few weeks of my lifetime HBO cheap subscription.
I’ve been delighted with my “lifetime” Plex pass, but I worry the day will soon come when I discover the end of the lifetime.
Marco Arment has occasionally complained about lifetime, one-time Overcast premium subscriptions and how he’d really like to rug pull those. But, to his credit, has no present plans to do so. However, it’s more because he doesn’t want to deal with the backlash, rather than because the right thing to do is honor “lifetime.”
> However, it’s more because he doesn’t want to deal with the backlash, rather than because the right thing to do is honor “lifetime.”
Yeah, it's that. He mentioned once that Apple had a rule where you can't remove functionality bought through in-app purchases, probably around the same time he was lamenting one-time subscriptions. He definitely would pull the rug (to use the phrase) if he could, and I wonder if he limits adding features to Overcast because of it.
I’m reminded of a quote from Tommy Boy about guarantees.
> Ted Nelson, Customer : But why do they put a guarantee on the box?
>Tommy : Because they know all they sold ya was a guaranteed piece of shit. That's all it is, isn't it? Hey, if you want me to take a dump in a box and mark it guaranteed, I will. I got spare time. But for now, for your customer's sake, for your daughter's sake, ya might wanna think about buying a quality product from me
I see that the article says "will", but CEOs and their companies will square the circle every time they are drumming up publicity and impressing potential investors. If they have squared the circle it would be such a feat that there will be a press release talking about it in the past tense, not the progressive or the future.
https://longnow.org/ideas/evernote-and-the-100-year-data-gua...