|
|
|
|
|
|
by 7373737373
1598 days ago
|
|
|
I don't think you get the agency argument. Of course the request to the third party provider is causally related to the website sending the instructions. But while that is necessary for it to happen, it is not sufficient. The user agent's execution, on behalf of the user, makes it happen. |
|
|
I do get that argument; I just don't think it holds any water.
If one hires a hitman to kill someone, that one may still be held accountable to manslaughter, even if that specific person didn't kill anyone themselves. It may also not matter how many degrees of separation are there between that person and the hitman: as much as putting a (Bitcoin) bounty on someone's head (with a "smart contract" or whatever) may be considered manslaughter, even if nobody knows who the actual hitman is.
"Agency" is not a magic get-out-of-jail card.
Also, one may try convincing a judge "Your honor, it's true that I wrote the code that encrypted the plaintiff's network and wrecked a havoc, but I did NOT execute it; the plaintiff could have instructed his CPUs to not execute my code"; I don't know if this argument would hold.
Finally, there might be a "reasonable burden" argument in this case. It's reasonable to expect that website builders would know how browsers/internet work. It's not reasonable to expect that website visitors (general populace) would know that. Hence, the burden of GPDR compliance is better put on the builders' shoulders, which is exactly what happened in this particular case.