Be aware that under various regulations, you're potentially already at risk of accusation in terms of unwarranted data retention. If you haven't got a good reason to have kept those email addresses, something like the GDPR might not interpret that favourably. While the GDPR doesn't specify actual time limits, they are expected to be proportionate. Financial records are generally 7 years unless otherwise legally required, so for a decade, you would be saying that these email addresses are more critical/valid than that. That may be the case, I don't know your business, but be careful if you don't want some very awkward questions asked. Just the hassle of having to deal with complaints you might get (and various regulators would take notice of 1 million instances) is likely to be more than it's worth for most.
The suggestion downthread to send a very clear "we still have your address, would you like to opt in to this newsletter, otherwise we'll remove it" is not a bad one, but even then, some people will object to you still having it at all.
People originally opted in and provided it expecting to get a newsletter on how to use the app. We never seemed to have the bandwidth to create a good enough one, so we never sent it. We kept improving the app until it became very good and still never sent the emails. But retained the addresses, so that one day we could tell people the app has improved, to give it a try, include animated GIFs of it in action and gradually educate them on ways to use it. For that I get chastizement on HN, figures.
Yes, there is a clearly valid business purpose under GDPR for retaining the email addresses of users who want to learn how to use your app better and opted in. If you plan to send a newsletter out.
Other than those voluntarily entered emails (which aren’t even linked to the user), we haven’t retained literally any information about our users, despite having millions of users download and use the app over a decade. Which is far beyond pretty much any social app I know. But almost no one actually cares.
I really wasn't trying to chastize, honestly it was intended as a friendly dollop of advice as someone who's dealt with this kind of thing. But since you have replied, I would say:
> Yes, there is a clearly valid business purpose under GDPR for retaining the email addresses of users who want to learn how to use your app better and opted in.
Relevance is likely to be seen as contextual. Someone wishing to do something a full decade ago is not likely to be seen as sufficient evidence to justify contacting them now in case they still wish to. That's a big chunk of the point about time-limiting data retention - the data gets less relevant and more problematic over time. I get that you're not trying to colour outside the lines here, but from the perspective of your users, and anyone looking at their potential complaints from a regulatory perspective, the window in which they reasonably consented to contact has closed (and probably some time ago).
The regulations are there, ostensibly, to protect consumers. They will be interpreted in that light. I can almost guarantee that if you sent an email to your downloader base 10 years after they last heard from you, being ignored will be the best case, and the worst will be reports to local regulators.
Is there an actual regulation or case law showing what the cutoff time is du jure?
I would be glad to respect it if there was.
As it is, laws do allow for things they didn’t explicitly prohibit, and especially good-faith things like welcoming people to try the free app again, which they themselves downloaded and asked to be exucated about, since it’s improved, and showing them how and why to use the improvements.
Yeah, that's fair enough, and it is annoying that there is rarely a specific time set in regulation (or even case law which is broadly applicable). Most regulatory bodies will tend to say things like "as short as required/possible" for retention, which is clearly open to interpretation [0].
I would personally see 10 years as "a long time" in this kind of context (although that may be contextual depending on what your product does, obviously). If you can honestly claim/show good faith, that is usually acknowledged, but my point was rather how it would be seen out of the blue from an organisation that has been silent for 10 years (my personal first thought would be "why the hell have they still got my information?", but I am well aware that I'm not the average).
Genuinely, I don't mean to imply bad faith on your part, only to suggest the reactions it may receive, and how careful you should be with your messaging.
>Is there an actual regulation or case law showing what the cutoff time is du jure? I would be glad to respect it if there was.
I'm sorry but what sort of BS excuse is that ?
The whole point is that YOU are supposed to know:
a) What data you have
b) What you need it for
It is simply not possible for data protection law to spell out an exact cut-off time because there are so many permutations.
For example, if its for tax reasons then you need to keep it for the duration dictated by tax laws.
But if its email addresses you randomly harvested a decade ago, I think every man and his dog would agree that a decade is too long. Even more so if there is a material difference in permitted use of the harvested address.
P.S. There is no such thing as "good-faith things" in GDPR legislation. Please don't make shit up.
I'm not entirely sure I can agree, although the premise is seductive in certain ways. We do lie to ourselves, but we also have meta-cognition - we can recognise our own processes of thought. Imperfect as it may be, we have feedback loops which we can choose to use, we have heuristics we can apply, we can consciously alter our behaviour in the presence of contextual inputs, and so on.
Being wrong is not the same as a hallucination. It's a natural step on a journey to being more right. This feels a bit like Andreesen proudly stating he avoids reflection - you can act like that, but the human brain doesn't have to. LLMs have no choice in the matter.
Very clearly put, and I'd only emphasise that without the final "enforcement" point of that, the other points become entirely irrelevant. While European regulators have imposed some significant sounding fines on prominent entities, they generally work out to be "less than the value gained by doing the thing in the first place" - or at least close enough to that for the entity to not consider it too negative/a future deterrent.
Unless you have some body which is a) serious about enforcement, b) sufficiently toothful to make a dent and c) not undermined by wider geopolitical posturing or economic neutering, you can have all of the regulation you might want and still end up in the same place. I'm not arguing that we shouldn't try and control this, but that we have some extremely large genies to stuff back into bottles along the way.
Yup, there's a huge number of entirely physical/analogue ways that "many hands" could make the world a significantly nicer and more sustainable place. Public works, environmental works, having the capacity to do more than the bare minimum for the quality of the built environment - there is no shortage of things worth doing, just things worth doing profitably.
Are those people cutting the grass/operating the elevators happier/unhappier than they would be otherwise? (I don't know, but perhaps you do). You seem to be strongly implying that this is in some way "wrong" rather than a subjectively different view of the purpose of human existence - for what reason? (I'll ignore the glazier example as it seems quite extreme, and also comes with more obvious/specific "victims").
>Are those people cutting the grass/operating the elevators happier/unhappier than they would be otherwise?
There are numerous studies that show menial labor leads to poor mental health. Perhaps these people employed as makework automatons are happier than they would be if they had no employment whatsoever and were destitute on the street, but these are not the only two alternatives.
>I'll ignore the glazier example as it seems quite extreme, and also comes with more obvious/specific "victims"
The "victims" at the Taj Mahal/department store are the visitors/customers who have to pay slightly higher prices as a result. While not as extreme as the glazier in the broken window fallacy, the grass cutters/elevator operators exist on the exact same spectrum.
I think what leads to poor mental health is varied - poverty is definitely one cause, presumably one which is lessened in this case. I completely agree with you that there are more than two alternatives, but society seems unwilling/unable to consider any of the more radical.
You could frame those visitors to the Taj Mahal as victims, but that takes quite a narrow and short-term view of value to them. Would the Taj Mahal be as pleasant a place to visit if it were in an even more unequal and precarious society than it is? We all pay for things that don't directly benefit us through taxation (usually). The childless pay for schools, the car-less pay for roads, but we benefit from the society that having them creates. It seems hard to say that those visitors to the Taj Mahal would not benefit from being in a more prosperous and sustainable society.
No I'm with you. There's an honest and an intent to it which I've always loved - plus an intent to do more with less in terms of form. No finicky detail to hide tricky areas, no taking of advantage of material to distract the eye - it stands or falls on form and function alone. I get why some may not like it, but for me it's a pure form of architecture. It's the building equivalent of a Dieter Rams, or a mid-period Olivetti. Beautiful.
There's absolutely mismanagement, and politicians could do an awful lot to change this. Ironically, in the UK at least, most of the reasons why they don't are due to historic regulations designed to protect either the fossil fuel industry or an initially weak green energy industry, which no longer serves any purpose except to push both households and businesses into decline.
I'm not sure they've been shown to be violent (unless you consider damage to property as violence- I know some do, but personally my "things are just things" stance limits violence to actions which impact people, who matter.
Broadly speaking though, I agree. What they did was criminal damage, undoubtedly, I have no problem arresting and prosecuting people for that. But I don't believe that it's terrorism, nor that it would have been so unpopular had it not been bloody embarrassing for the armed forces. Honestly, bolt cutters and some paint should not be grounding some of your air defence.
> Giving evidence earlier, he said the group's only intention was to "break in, cause as much damage to the factory as possible, destroy weapons and prevent the factory from reopening".
I count "causing as much damage as possible" to be violent.
While I think graffiti taggers "damage property" but are non-violent. But in many places, rival gangs blow up/set alight/demolish their rivals' homes/businesses/vehicles, etc. That counts as pretty strong violence to me, even if no people are injured.
Anyway, talking of people being injured, watch a member of Palestine Action (Samuel Corner, 23, Oxford University graduate) drive a sledgehammer into a police seargent while she's trying to arrest his comrade:
I'd designate them as a terrorist group for destroying factories, not so much for spraypainting planes. But I'd still support your right to say you support them, even though I'd disagree.
> I count "causing as much damage as possible" to be violent.
That is just not what the word violent means (unless used figuratively but I don't think that's what you mean). It means hurting, or attempting to hurt, a person (or maybe an animal). Setting fire or blowing up a home which might have people still in it is certainly violent, but destroying property for the sake or property destruction is not.
Of course, deliberately attacking someone with a sledgehammer certainly is.
There are a lot of definitions for violence, but most would include "destruction" along with "harm", "pain", "suffering" and so on.
If I intentionally wreck your home, like I properly ransack the place, smash it all up, I'd say I had been violent to you. Wouldn't you? You wouldn't walk in to find your home and your life ruined and say "oh it's just property damage", would you?
If my nation was at war with yours, and we dropped a bomb on your weapons factory, would you count that as violent, or non-violent?
FWIW, if you did that to my house I'd be upset and angry and not much inclined to use the word "just" about it, but no, I wouldn't say you'd been violent to me.
(I would say you'd been violent to me if you'd slapped me in the face. I would rather be slapped in the face than have my house ransacked and smashed up. Some not-violent things are worse than some violent things.)
If you dropped a bomb on a weapons factory that had, or plausibly could have had, people in it then that would unquestionably be an act of violence. If you somehow knew that there was nothing there but hardware then I wouldn't call it an act of violence.
(In practice, I'm pretty sure that when you drop a bomb you scarcely ever know that you're not going to injure or kill anyone.)
I'm not claiming that this is the only way, or the only proper way, to use the word "violence". But, so far as I can tell from introspection, it is how I would use it.
There are contexts in which I would use the word "violence" to include destruction that only affects things and not people. But they'd be contexts that already make it clear that it's things and not people being affected. E.g., "We smashed up that misbehaving printer with great violence, and very satisfying it was too".
> If I intentionally wreck your home, like I properly ransack the place, smash it all up, I'd say I had been violent to you. Wouldn't you? You wouldn't walk in to find your home and your life ruined and say "oh it's just property damage", would you?
There's certainly implied violence. Like, if you done that once, maybe you'll be back tomorrow when I happen to be in, and actually be violent to me. And even if that weren't the case, I'd still obviously be very distressed about the situation.
But, having said all that, no I wouldn't say you had been violent, if you hadn't actually tried to hurt anyone.
If you dropped a bomb on an abandoned or fully automated factory, that you could be 100% sure doesn't have any people in it - then I still wouldn't count that as "violent" (except maybe figuratively), no matter how destructive.
One member did very violently attack a police officer:
> A police sergeant was left unable to drive, shower or dress herself after a Palestine Action activist allegedly hit her with a sledgehammer during a break-in at an Israeli defence firm's UK site, a trial has heard.
Of course, one violent member does not make an organisation into a terrorist organisation. But, just as a matter of fact, there has been some actual violence against a person.
Be aware that under various regulations, you're potentially already at risk of accusation in terms of unwarranted data retention. If you haven't got a good reason to have kept those email addresses, something like the GDPR might not interpret that favourably. While the GDPR doesn't specify actual time limits, they are expected to be proportionate. Financial records are generally 7 years unless otherwise legally required, so for a decade, you would be saying that these email addresses are more critical/valid than that. That may be the case, I don't know your business, but be careful if you don't want some very awkward questions asked. Just the hassle of having to deal with complaints you might get (and various regulators would take notice of 1 million instances) is likely to be more than it's worth for most.
The suggestion downthread to send a very clear "we still have your address, would you like to opt in to this newsletter, otherwise we'll remove it" is not a bad one, but even then, some people will object to you still having it at all.
reply