And so, the answer is Conform to the asking or leave.
Tomas: can you conform ? If this is only a matter of speed to release the final product, it may cost them a bit more (or you may lost the client), unfortunately.
There is nothing more that you can do (working without internet active BTW: Internet can be active in a second machine so: no problem.
Tomas said 2 years ago that his client uses the Xojo IDE, which calls home at each startup. But what data are sent? How are they processed? Are they stored? Of course the EU wants to know and Xojo should have addressed that concern a very long time ago!
A runtime could also call home sometimes and I guess the EU wants to make sure it does not happen. Again, Xojo should have done something about that.
@Emile Schwarz Sorry Emile, but in this case, the client is running the IDE and NOT a compiled program. And, anyway, Xojo should show that its IDE AND its framework will not store personal data in the USA.
Tomas said 2 years ago that his client uses the Xojo IDE, which calls home at each startup. But what data are sent? How are they processed? Are they stored? Of course the EU wants to know and Xojo should have addressed that concern a very long time ago!
A runtime could also call home sometimes and I guess the EU wants to make sure it does not happen. Again, Xojo should have done something about that.
It is not all about a picky customer![/quote]
Who says that XOJO is not in compliance? The EU-US privacy shield does not apply and they are in compliance with the provisions of GDPR as it applies to non resident companies - they are collecting the minimum about of data needed to conduct their business and you are aware of this. And yes this is allowed.
It is about a picky customer, one that does not know it’s ass from it’s elbow. A reading of the legislation makes it very clear, it applies to situations where a legal entity or natural person collects data within the EU in accordance with the legislation in force for the time being and later passes that data to US legal entity or natural person at some point in time. That is not happening, XOJO are collecting the data directly in accordance with US laws.
[quote=450389:@James Dooley] XOJO is collecting data in accordance with US laws.[/quote] … and obviously not in accordance with EU laws on data protection.
As said before, the client uses XOJO IDE for auditing my sources. For reasons I do not know, XOJO does not want to fall under the regime of the US Privacy Shield which is mandantory if any data is collected and transfered from EU to US. Without this legal framework no authority will allow any transfer to US companies, no matter whether data is collected directly (e.g. tracker in websites, installed software etc.) or handled over between data processors. And this is not just a picky client.
The only one exemption as far as I know is when a US company can assure, that all data remains within EU but even this is controversial. But this is not the case with XOJO at all. XOJO does collect data from EU citizens directly with his IDE software.
So I am not a lawyer and I do not run a big company to sort this out. I’ve stopped using XOJO in this particular case and I only can urge XOJO Inc. to register to US Privacy Shield in order to assure basic data protection level for any user working in context with EU or national EU authorities.
Maybe you may thank your president for this… I do not know…
This is why the US doesn’t particularly care for these overreaching EU regulations. IP addresses are not personal information, especially not IPv4 addresses, which are often shared between multiple people/devices.
But again, we’re arguing about something that doesn’t really matter if this is what the client wants.
For someone who readily admits you know little about the law you don’t seem to have any problem interpreting it and getting it wrong.
An IP address is not person data within the meaning of GDPR because in and of itself you cannot identify an natural person. There is no way that you can use an IP address to identify a natural person. You can identify a location, you might identify a building and even a particular workstation, but you cannot say that a particular IP address is only used by a specific individual and that it will never change.
You are creating problems for yourself with these interpretations, so ya good luck with that.
On 19th October 2016 the ECJ came to the result that even dynamic IP address represents personal data.
You are welcome to search for it yourself in your fav search engine.