And so, the answer is Conform to the asking or leave.
Tomas: can you conform ? If this is only a matter of speed to release the final product, it may cost them a bit more (or you may lost the client), unfortunately.
There is nothing more that you can do (working without internet active BTW: Internet can be active in a second machine so: no problem.
TO MAKE IT CLEARER
Tomas said 2 years ago that his client uses the Xojo IDE, which calls home at each startup. But what data are sent? How are they processed? Are they stored? Of course the EU wants to know and Xojo should have addressed that concern a very long time ago!
A runtime could also call home sometimes and I guess the EU wants to make sure it does not happen. Again, Xojo should have done something about that.
It is not all about a picky customer!
Customers usually runs application(s), no IDE(s)
And, as already said, one can run Xojo locally without internet access.
The problem is elsewhere, I believe.
@Emile Schwarz Sorry Emile, but in this case, the client is running the IDE and NOT a compiled program. And, anyway, Xojo should show that its IDE AND its framework will not store personal data in the USA.
[quote=450373:@StphaneMons]TO MAKE IT CLEARER
Tomas said 2 years ago that his client uses the Xojo IDE, which calls home at each startup. But what data are sent? How are they processed? Are they stored? Of course the EU wants to know and Xojo should have addressed that concern a very long time ago!
A runtime could also call home sometimes and I guess the EU wants to make sure it does not happen. Again, Xojo should have done something about that.
It is not all about a picky customer![/quote]
Who says that XOJO is not in compliance? The EU-US privacy shield does not apply and they are in compliance with the provisions of GDPR as it applies to non resident companies - they are collecting the minimum about of data needed to conduct their business and you are aware of this. And yes this is allowed.
It is about a picky customer, one that does not know it’s ass from it’s elbow. A reading of the legislation makes it very clear, it applies to situations where a legal entity or natural person collects data within the EU in accordance with the legislation in force for the time being and later passes that data to US legal entity or natural person at some point in time. That is not happening, XOJO are collecting the data directly in accordance with US laws.
All the legal arguments in the world don’t matter. Client says they want Xojo listed or they’re not using Xojo. Full stop.
[quote=450389:@James Dooley] XOJO is collecting data in accordance with US laws.[/quote] … and obviously not in accordance with EU laws on data protection.
As said before, the client uses XOJO IDE for auditing my sources. For reasons I do not know, XOJO does not want to fall under the regime of the US Privacy Shield which is mandantory if any data is collected and transfered from EU to US. Without this legal framework no authority will allow any transfer to US companies, no matter whether data is collected directly (e.g. tracker in websites, installed software etc.) or handled over between data processors. And this is not just a picky client.
The only one exemption as far as I know is when a US company can assure, that all data remains within EU but even this is controversial. But this is not the case with XOJO at all. XOJO does collect data from EU citizens directly with his IDE software.
So I am not a lawyer and I do not run a big company to sort this out. I’ve stopped using XOJO in this particular case and I only can urge XOJO Inc. to register to US Privacy Shield in order to assure basic data protection level for any user working in context with EU or national EU authorities.
Maybe you may thank your president for this… I do not know…
Strange, but I may have skipped that part.
Sorry.
[quote=450432:@Tomas Jakobs]
Maybe you may thank your president for this… I do not know…[/quote]
No idea what that is supposed to mean, but this is at an end.
Ja that’s my impression since 2017: This topic is ignored deliberately.
By the way: xojo.com uses Google Analytics without AnonymizeIP. Another topic in stark opposition to existing EU GDPR.
In short, they are qualified to review (control) the code, but they are not able to write it 
[or ;), depending on the point of view].
Have you created a Feedback entry for that ?
[quote=450447:@Emile Schwarz]
Have you created a Feedback entry for that ?[/quote]
scroll back, done on August, 17th 2017
Indeed Xojo does call home to verify if there is a more recent version of the IDE. During that process, no private data is collected from the user.
Most modern apps do that, including for the record Windows and macOS.
Your client may be gravely misunderstanding regulations.
Wrong! IP is personal data already. In combination with time/date stamp and Organization GeoIP/data profiles can be created with ease.
@Tomas Jakobs
That weren’t me.
This is why the US doesn’t particularly care for these overreaching EU regulations. IP addresses are not personal information, especially not IPv4 addresses, which are often shared between multiple people/devices.
But again, we’re arguing about something that doesn’t really matter if this is what the client wants.
For someone who readily admits you know little about the law you don’t seem to have any problem interpreting it and getting it wrong.
An IP address is not person data within the meaning of GDPR because in and of itself you cannot identify an natural person. There is no way that you can use an IP address to identify a natural person. You can identify a location, you might identify a building and even a particular workstation, but you cannot say that a particular IP address is only used by a specific individual and that it will never change.
You are creating problems for yourself with these interpretations, so ya good luck with that.
James, your commentary does not help.
On 19th October 2016 the ECJ came to the result that even dynamic IP address represents personal data.
You are welcome to search for it yourself in your fav search engine.
I can turn some IPs into natural people, given enough time and resources, so I’m sure someone like google et al could…