The issue with society or one of them, is thinking its acceptable for a corporation breaking law to feel spite, the guy was not talking to a person, was talking to a shitty corp breaking law
There is a suggestion that some data sent is in violation with the GDPR. There is no specifics about what it would be that is in violation however. I think 90% of sites with cookie banners are blatantly violating the GDPR - but whether I'm correct in that assessment is anyones guess. It would depend on court processes that hasn't happened yet. It's based on my understanding and interpretation of the regulation, nothing else. I guess it's the same with the complaint here. If there is a question of a violation then it's probably due to microsoft and the commenter having different interpretations about specific data such as hashed mac addresses (Which certainly isn't clear cut).
Are there any concluded legal processes that are concerning
1) the form of consent banners
2) consent vs legitimate interest for ip transmission as part of http request headers
3) whether ads are a legitimate interest for web sites?
Those seem to me to be the 3 “big questions” of the GDPR. The regulation and most legal processes however seem to focus more on large scale data storage cases, failure to answer user requests etc. And those are important from a privacy standpoint but from a technical standpoint to software developers the 3 above seem much more interesting, yet mostly ignored by courts? I get a feeling they don’t want to touch it because they are a can of worms
The complaint should come from some authority or a legal backing. The poster assumes that they are breaking GDPR and seeking explanation with some shit talk to make it sound legalese.
Companies as a policy and by logic don't reply to such comments/post because the response becomes a legal document. So any expectation of answer is futile.
The requested deadline is likely done ahead of filing a complaint in Europe, to show they gave ample warning.
Also remember he's not talking to a human, but to a soulless corporation. He was as cordial as could be given the circumstances.
And finally, remember that it doesn't matter if a product Microsoft develops to increase their control over developers (via vendor lock-in, mindshare, and forced telemetry) happens to result in a decent free text editor for the user. No one owes them gratitude. This isn't charity.
P.S. Did you know VSCode lets extensions not respect the user's "no telemetry" choice? It's been an open ticket for like 4 years now, that MS have no intention to ever fix, even though all it would take is a simple VSCode Extension Store EULA change.
I've written to companies in the UK before with similar deadlines, it can be statutory - I am giving you notice that this communication starts the clock on the 30 day period I am required to allow you to give me a satisfactory resolution before I will escalate this case to the relevant authority.
Last time I had to use that sort of language was with a deranged ISP who had failed to deliver an internet connection, then decided to chase a debt for unpaid bills for this non-existent connection two years later.
This was Bulldog Broadband, back in the mid 00s when they were about the first to advertise 8Mbit in London at a relatively reasonable price, but were then swamped with orders and couldn't seem to even keep track of what they were doing, let alone deliver anything.
But you're right it could be any one of a number of them! I had problems with quite a few over the years.
Among the amusing misfeatures of bulldog broadband was their cancellation process, which required confirming by sending an email to "cancellationconfirmation@..."
Said cancellation confirmation address had not been set up and would just bounce.
That opens another question: which means of communication would count for that? Does commenting on a GitHub issue really count? Wouldn't you have some sort of contact details specifically for that in a license agreement or similar?
Usually, for the statutory thing, you do have to be able to prove the counterparty received the communication, so registered mail is often the best way, because someone has actually signed for it at that point.
But if they respond at all using other channels, you probably still have enough.
Seems GDPR is pretty explicit since it requires specific documentation (Data Protection Statements/Privacy policy) and explains that they should contain complaint contact information. I think it would be pretty easy to contact Microsoft on the "expected" channel for a GDPR complaint.
GDPR terms allow them to ask for any data about them personally. And Microsoft can say no if for example all the telemetry data is anonymous and aggregated. These attempts at sounding like a lawyer with demands to answer make the issue commenters sound like they are 14 years old and any engagement with that issue will never end unless it's locked.
Well, we are talking about GDPR. Setting a date to comply by is part of the enforcement of the GDPR afaik. I bet someone is setting points of a legal case, e.g. MS can say "oh no one explicitly stated a set date and GDPR" - now they cant use that excuse.
I always mention in my GDPR requests/complaints that I would kindly like to get a response within a month, in line with Art. 12 GDPR. Not because it's a "karen legalese" but to let the company know that I am exercising a specific right, not just asking for something random out of the blue.