752 Matching Annotations
  1. Jul 2021
    1. On the difference for writing for one's self and for others. Of course there's also the need to be able to re-decifer one's notes again in the future. It may be best to keep more detailed for your future self as if you're writing for the public.

      I like the idea of distance in "communication space" which comes up in the comments. This is related to context collapse and shared contexts which are often too-important in our communication with regard to being understood in the far future.

      <small><cite class='h-cite via'> <span class='p-author h-card'>Matthias Melcher</span> in Commonplace Book | x28's new Blog (<time class='dt-published'>07/06/2021 11:13:34</time>)</cite></small>

    1. Another interpretation of the “Small Web” concept is that it refers to the use of alternative protocols to the dominant HTTP(S), lightweight ones like the older Gopher and newer Gemini. For example, the blog post Introduction to Gemini describes these collectively as “the Small Internet”.

      Maybe the idea of a "personal internet" is what we're all really looking for? Something with some humanity? Something that's fun? Something that has some serendipity?

    2. Finding these kinds of sites can be tough, especially if you’re looking for authentic 1990s sites and not retro callbacks, since Google seems to refuse to show you pages from over 10 years ago.

      I think I've read this bit about Google forgetting from Tim Bray(?) before. Would be useful to have additional back up for it.

      Not being able to rely on Google means that one's on personal repositories of data in their commonplace book becomes far more valuable in the search proposition. This means that Google search is more of a discovery mechanism rather than having the value of the sort of personalized search people may be looking for.

  2. Jun 2021
    1. Captivating Online Matters

      This has been my motto since I started keeping a personal site. So now you can use this to track my online presences.

    2. Five Facts About Me

      I will try to add some proof of these facts soon.

    3. A Web Developer in Hyperspace

      As someone who grew up in the nineties I remember clearly being immensely intrigued by surfing the Web and the interactivity of multi-media, so I made it my job to help develop it.

    1. Ran across via https://openlibrary.org/developers/api

      OpenBook WordPress Plug-in by John Miedema OpenBook is useful for anyone who wants to add book covers and other book data on a WordPress website. OpenBook links to detailed book information in Open Library, the main data source, as well as other book sites. Users have complete control over the display through templates. OpenBook can link to library records by configuring an OpenURL resolver or through a WorldCat link. OpenBook inserts COinS so that other applications like Zotero can pick up the book data.

    1. “The data does not exist independently in the world, nor is it generated spontaneously. Data is constructed by people, from people,” (source 1).
    1. Reflecting on how new digital tools have re-invigorated annotation and contributed to the creation of their recent book, they suggest annotation presents a vital means by which academics can re-engage with each other and the wider world.

      I've been seeing some of this in the digital gardening space online. People are actively hosting their annotations, thoughts, and ideas, almost as personal wikis.

      Some are using RSS and other feeds as well as Webmention notifications so that these notebooks can communicate with each other in a realization of Vanmevar Bush's dream.

      Networked academic samizdat anyone?

    1. Libib is a website & app that catalogs books, movies, music, and video games

      This looks like a pretty solid catalog system for the cloud.

  3. May 2021
    1. They feel more personal. It's no handwritten note, but it's much more personal than an over-designed email with the recipient's first name crammed somewhere inside.
  4. Apr 2021
    1. This looks fascinating. I'm not so much interested in the coding/programming part as I am the actual "working in public" portions as they relate to writing, thinking, blogging in the open and sharing that as part of my own learning and growth as well as for sharing that with a broader personal learning network. I'm curious what lessons might be learned within this frame or how educators and journalists might benefit from it.

    1. I LOVE the hover effects for the book covers on this site which is also a great example of someone collecting highlights/annotations of the books they read and hosting them in public on their personal website.

      Melanie has written about the CSS part of the hover effect here: https://melanie-richards.com/blog/highlights-minisite/ and like all awesome things, she's got the site open at https://github.com/melanierichards/highlights. I may have to do some serious digging for figuring out how she's creating the .svg images for the covers though.

    1. It is usually best,in fact, to work out your own key words and mental associationsrather than adopt those of someone else; your inventions will becloser to your own experience and therefore easier to recall.

      Incidentally, this is sometimes what makes the system harder to teach/describe to others. It also means a slightly higher threshold of work on the part of the learner.

    Tags

    Annotators

  5. Mar 2021
    1. Particularly striking in 1971 was his call for advanced technology to support "learning webs": The operation of a peer-matching network would be simple. The user would identify himself by name and address and describe the activity for which he sought a peer. A computer would send him back the names and addresses of all those who had inserted the same description. It is amazing that such a simple utility has never been used on a broad scale for publicly valued activity.
    1. Deepti Gurdasani. (2021, February 27). The campaign against @DrZoeHyde that has involved several scientists targeting her with personal attacks, and trying to misrepresent her is deeply disappointing. She has been referred to as ‘evil’, ‘idiotic’, ‘sadistic’, and a’sociopath’. A few thoughts on these attacks. [Tweet]. @dgurdasani1. https://twitter.com/dgurdasani1/status/1365641557404229638

  6. Feb 2021
    1. when we engagein work, we must distinguish between this type ofsocial bullshit, which can be harmless or evenhelpful to the organization (because it can enablethe development of normal interpersonal re-lationships), and other types of bullshit that canhave damaging impacts on the organization.

      This points out the difference between personal bullshit and work bullshit; the later may help at times, but largely, corporate bullshit is anti-intellectual and damages the workplace.

    1. Let us give you a clearer picture of the various features and benefits associated with a personal loan balance transfer. Personal loan balance transfer in Hyderabad is the working concept in which the outstanding amount of existing loan is transferred from one financial institution to another.

    1. Loans Paradise make sure you can easily get personal loans with some simple documents and without any difficulty. Apply Personal Loans in hyderabad in Hyderabad, Bangalore, Amaravathi at Best Interest Rates

    1. They’re also filling the lungs of California’s children with smoke, with potentially grave effects over the course of their lives

      Looking at what I study with one of my majors in Communication Sciences and Disorders, I recognize and understand the struggles that they may have in the future with breathing as well as speaking due to the wildfires.

  7. Jan 2021
    1. I started using Cronicle a few weeks ago and really like it. Runs on a server... https://github.com/jhuckaby/Cronicle

      This also ticks a lot of my desired features.

      Really easy to set up if you already have node ready to go.

      UI is very slick and feels right to me out of the box.

      Multi-server support.

      Jobs can be assigned to categories. A given category can have max concurrent processes running at the same time (so run 1 backup task a time, even though 5 tasks are scheduled within the same time period). Individual tasks can also be set to be singleton or configurable max concurrency.

      Supports configurable retry (number of attempts, delay between).

      Supports optional catchup runs if runs are missed or queued runs.

      Supports killing and erroring out if timeouts or resource limits are hit.

      Time from download to first job setup... 2 minutes? Very intuitive UI.

      Has management API, not clear if it has an existing good CLI interface.

      Also supports setting up users to be able to run pre-defined scripts and see output.

      Need to figure out how to back-up and restore jobs.

    2. RUNDECK

      Very quick impression is this ticks a lot of my desired features.

      I'm not wild about the community edition default dashboard - I'd rather a more high level view of everything configured and its statuses.

      UI is clunky when compared to Cronicle. Lots of steps to get from setting it up to actually running something. No quick click from a run task to its log output. No good resources/stats view that I found.

      Like the fact it keeps track of logs, runtime (and can alert if runtime deviates from normal), gives you an estimated time to complete, lets you run on a schedule and/or manually.

      Like the fact it supports farming tasks off through SSH or other, or running them locally. Can auto-discover nodes using a script you provide (e.g. query AWS nodes) or using static config.

      Really interested in the multi-user capabilities. This may solve a problem I didn't really know I had at work (giving a semi-technical person access to kick off jobs or monitor them before asking me).

    3. Running all that manually (more than 100 scripts across all devices) is an awful job for a human. I want to set them up once and more or less forget about it, only checking now and then.

      My ideals for all of my regular processes and servers:

      • Centralized configuration and control - I want to go into a folder and configure everything I'm running everywhere.
      • Configuration file has the steps needed to set up from scratch - so I can just back up the configuration and data folders and not worry about backing up the programs.
      • Control multiple machines from the central location. Dictate where tasks can run.
      • [nice to have] Allow certain tasks to running externally, e.g. in AWS ECS or Lambda or similar
      • Command-line access for management (web is great for monitoring)
      • Flexible scheduling (from strict every minute to ~daily)
      • Support for daemons, psuedo-daemons (just run repeatedly with small delays), and periodic tasks.
      • Smart alerts - some processes can fail occasionally, but needs to run at least once per day - some processes should never fail. A repeating inaccurate alert is usually just as bad as no alert at all.
      • Error code respect (configurable)
      • Logs - store the program output, organize it, keep it probably in a date-based structure
      • Health checks - if it's a web server, is it still responding to requests? Has it logged something recently? Touched a database file? If not, it's probably dead.
      • Alerts support in Telegram and email
      • Monitor details about the run - how long did it take? How much CPU did it use? Has it gotten slower over time?
      • Dashboard - top-level stats, browse detailed run stats and logs

      So much of the configuration/control stuff screams containers, so more and more I'm using Docker for my scripts, even simpler ones.

      I'm pretty sure a lot of this is accomplished by existing Docker orchestration tools. Been delaying that rabbit hole for a long time.

      I think the key thing that makes this not just a "cron" problem for me, is I want something that monitors and manages both itself and the tasks I want to run, including creating/setting up if not already. I also want to ideally focus my mental energy into a single controller that handles my "keep this running" things all together, be they servers or infrequent tasks.

      Doesn't have to be a single project. Might be multiple pieces glued together somehow.

    1. ¶Telegram

      Can a full backup of my Telegram be used such that a message I forward to Saved Messages can link back to the context in which the message was forwarded?

      Do I have to forward the context of the video link I'm saving for later, or is there enough metadata to back-link to where it came from?

    1. If you’re not a huge fan of Snap packages, but love using Ubuntu, this guide is for you. In it, we’ll go over how you can remove Snap from your Ubuntu system and make it so that your system will no longer have access to the Snap store or anything like that.
    2. Snap packages are quickly becoming the primary way that Ubuntu users consume software. Despite Snaps dominating Ubuntu, many users still opt to avoid Snap packages in favor of Apt packages that have long been available in Ubuntu.
    1. Long before there was the Internet, there was the commonplace book — a creative and intellectual ledger of fragmentary inspirations, which a writer would collect from other books and copy into a notebook, often alongside his or her reflections and riffs. These borrowed ideas are in dialogue with the writer’s own imagination and foment it into original thinking. Over long enough a period of time — years, decades, often a lifetime — the commonplace book, while composed primarily of copied passages, comes to radiate the singular sensibility of its keeper: beliefs are refined, ideas incubated, intellectual fixations fleshed out, and the outlines of a personhood revealed. (Brain Pickings is, in an unshakable sense, a commonplace book.)
  8. Dec 2020
    1. Better contribution workflow: We will be using GitHub’s contribution tools and features, essentially moving MDN from a Wiki model to a pull request (PR) model. This is so much better for contribution, allowing for intelligent linting, mass edits, and inclusion of MDN docs in whatever workflows you want to add it to (you can edit MDN source files directly in your favorite code editor).
    1. YouTube recommendation algorithms pushing alt-right conspiracy theories, deepfake videos going viral . . .

      My personal experience is the youtube always recommand me to watch some video wich doubt is the Apolo 11 real? And some other conspiracy theories, after that, I found that I like this kind of video.

  9. Nov 2020
    1. In order to maximize the effectiveness of your projections, figure out which things you want to be associated with in people’s heads and be excited about them. Nothing is more memorable than distinct excitement. Similarly, try to figure out the things that drive the whomever you’re talking to and incorporate them into your mental representation of that person.

      Determine what you want to be known for, present yourself as such, and be excited about those things.

  10. Oct 2020
    1. This is until you realize you're probably using at least ten different services, and they all have different purposes, with various kinds of data, endpoints and restrictions. Even if you have the capacity and are willing to do it, it's still damn hard.
    2. Hopefully we can agree that the current situation isn't so great. But I am a software engineer. And chances that if you're reading it, you're very likely a programmer as well. Surely we can deal with that and implement, right? Kind of, but it's really hard to retrieve data created by you.
    1. Instead my approach now is to publish my thoughts more freely with less premeditation. Particularly in this space, which is mine, for me, by me.

      a good philosophy for a personal website

    2. The second article is from Tom Critchlow titled Building a Digital Garden. What I really like about Tom's piece is his discussion of the idea of "non-performative blogging" in your personal space on the web.I love this idea. Instead of "content marketing" we can use our websites to get back to what made the web awesome while also creating better resources for ourselves and our users.

      There's a nice kernel of an idea here that one's website should be built and made (useful) for ones self first and only secondarily for others. This is what makes it a "personal" website.

    3. First up for me is adding my reading notes to the site.

      Curious to see what this looks like and how it may morph over time.

    1. I think I know why personal websites aren't popular anymore. It's the same reason retro video games aren't as fun as they were when they came out.What's missing is the context of the time when they were popular. They were new and had a high-tech aura about them.Nowadays making a website doesn't differentiate you in a good way unless you have a super creative way of coming up with the website and a lot of content to fill it with.Nowadays you have to take it to the next level. What's a skill that's beyond the reach of most people? This could be why PCB business cards are so appealing. Because it's a thing most people can't do and if you can do it it shows your technical prowess. I think that's my personal web pages were popular back then and why they won't ever be popular again.
    1. Personal websites can be so much more than a progression of posts over time, newer posts showing up while everything from the past is neatly tucked on “page 2” and beyond.

      This is an interesting idea and too many CMSes are missing this sort of UI baked into them as a core idea. CMSes could do a better job of doing both: the garden AND the stream

    1. “You should write down your brand statement, and then EVERYTHING you communicate online (or around your customers) should be in line with that statement. In short, if it doesn’t advance your brand, don’t share or say it.” And my heart rose up in revolt and shouted: F@CK THAT SH*T!
  11. Sep 2020
    1. novelization," which transforms already exhibited films into novels)

      this is a very interesting idea that i have never thought of. But i don't think that it would work as well because for me i like of make my own mental image of the characters while reading the book. so if it were a movie i would immediately think of the actors that played them in the movie.

    1. The appeal of social networks is partly because they let us create documents without thinking about web technology,

      mirrors strongly another comment i made, that our appetites & expectations for computing has outstripped the personal, that we now expect computing to be connective. we want the digital matter we create to exist not just locally, but widely. https://hypothes.is/a/11-k1v7pEeqJ1qdf5kJahQ

    2. There was a time when we could install applications, give some sort of explicit agreement that something would run on our computers and use our hardware. That time is ending,

      The end seems perilously close at hand for personal computing, but, imo, as much as anything that is because users now expect to compute to have impact & effect far beyond the beige box.

      Open source has many amazing things, but in terms of ways to get user's digital stuff online & available & circulating, there have been precious few compelling attempts. I'd call out in particular RemoteStorage spec, & the newer SOLID specs from MIT & TBL.

    1. But I actually think stock and flow is a useful metaphor for media in the 21st century. Here’s what I mean: Flow is the feed. It’s the posts and the tweets. It’s the stream of daily and sub-daily updates that reminds people you exist. Stock is the durable stuff. It’s the content you produce that’s as interesting in two months (or two years) as it is today. It’s what people discover via search. It’s what spreads slowly but surely, building fans over time.

      Een interessant inzicht van Robin Sloan (via) wat mij doet denken aan zowel de Zettelkasten methode van Niklas Luhman maar ook aan de opkomst van nieuwsbrieven de laatste maanden. Online publiceren begon met het maken en distribueren van "stock" sites. Semi-statische sites die soms nog terug zijn te vinden. De laatste 20 jaar zijn de flow feeds daar bij gekomen. Met name de social sites. Email en nieuwsbrieven lijken die sweet spot er tussen hebben gevonden. Enerzijds flow omdat ze periodiek verschijnen. Anderzijds stock omdat ze blijven bestaan in een online archief en in het mailarchief van de ontvanger. Een zoektocht in mijn mailbox brengt soms het antwoord boven in de vorm van een nieuwsbrief bericht van jaren geleden.

    1. The chaos manager is concerned with the credibility of the organization and ensures that positional authority is aligned with personal authority.  That the people in leadership are the ones people want to follow.  While the Marine Corps has a clear position hierarchy, they have a deep understanding of this idea.  Official authority is a function of rank and position and is bestowed by organization and by law. Personal authority is a function of personal influence and derives from factors such as experience, reputation, skill, character, and personal example. It is bestowed by the other members of the organization.…Official authority provides the power to act but is rarely enough; most effective commanders also possess a high degree of personal authority

      The Marine Corps draws a distinction between positional authority and personal authority.

      Reminds me of lateral leadership.

  12. Aug 2020
    1. Hendrix, his wife and three kids moved into a 29-foot travel trailer. Aside from the flexibility to get up and go if they feel the need, their housing cost has dropped from $2,500 to $213 a month.
  13. Jul 2020
    1. As a result, web browsers can provide only minimal assistance to humans in parsing and processing web pages: browsers only see presentation information.
    1. As mentioned earlier in these guidelines, it is very important that controllers assess the purposes forwhich data is actually processed and the lawful grounds on which it is based prior to collecting thedata. Often companies need personal data for several purposes, and the processing is based on morethan one lawful basis, e.g. customer data may be based on contract and consent. Hence, a withdrawalof consent does not mean a controller must erase data that are processed for a purpose that is basedon the performance of the contract with the data subject. Controllers should therefore be clear fromthe outset about which purpose applies to each element of data and which lawful basis is being reliedupon.
    2. If there is no other lawful basisjustifying the processing (e.g. further storage) of the data, they should be deleted by the controller.
    3. In cases where the data subject withdraws his/her consent and the controller wishes to continue toprocess the personal data on another lawful basis, they cannot silently migrate from consent (which iswithdrawn) to this other lawful basis. Any change in the lawful basis for processing must be notified toa data subject in accordance with the information requirements in Articles 13 and 14 and under thegeneral principle of transparency.
    1. Some vendors may relay on legitimate interest instead of consent for the processing of personal data. The User Interface specifies if a specific vendor is relating on legitimate interest as legal basis, meaning that that vendor will process user’s data for the declared purposes without asking for their consent. The presence of vendors relying on legitimate interest is the reason why within the user interface, even if a user has switched on one specific purpose, not all vendors processing data for that purpose will be displayed as switched on. In fact, those vendors processing data for that specific purpose, relying only on legitimate interest will be displayed as switched off.
    2. Under GDPR there are six possible legal bases for the processing of personal data.
  14. Jun 2020
    1. Individual Financial Planning

      Alexander Beard Group - Financial advisor for individuals, we use a variety of approaches to ensure that your individual financial planning requirements are comprehensively met.

    1. Barry, D., Buchanan, L., Cargill, C., Daniel, A., Delaquérière, A., Gamio, L., Gianordoli, G., Harris, R., Harvey, B., Haskins, J., Huang, J., Landon, S., Love, J., Maalouf, G., Matthews, A., Mohamed, F., Moity, S., Royal, D.-C., Ruby, M., & Weingart, E. (2020, May 27). Remembering the 100,000 Lives Lost to Coronavirus in America. The New York Times. https://www.nytimes.com/interactive/2020/05/24/us/us-coronavirus-deaths-100000.html

  15. May 2020
    1. using SSH is likely the best approach because personal access tokens have account level access

      personal access tokens have account level access ... which is more access (possibly access to 10s of unrelated projects or even groups) than we'd like to give to our deploy script!

    1. Where I track capacity, appetite, & commitments. A place where I can stay organized while also allowing transparency for my teams & anyone else who is interested in what I’m currently focused on.

      "My Plate"

    1. This starter takes advantage of Typescript and Emotion. This is a personal choice, and I'd encourage you to give it a shot. If you're interested in using plain ES6 and regular scss styling, see release v1 of this library.
    1. learn how to be a data steward or data ally. Help organizations proactively think about what data they collect and how it is governed after its collected. Help organizations get their collective head around all the data they possess, how they curate it, how they back it up, and how over time they minimize it.
    1. Services generally fall into two categories: Services related to your own data collection activities (eg. contact forms)Services related to third-party data collection activities (eg. Google Analytics)
    1. Sure, anti-spam measures such as a CAPTCHA would certainly fall under "legitimate interests". But would targeting cookies? The gotcha with reCAPTCHA is that this legitimate-interest, quite-necessary-in-today's-world feature is inextricably bundled with unwanted and unrelated Google targeting (cookiepedia.co.uk/cookies/NID) cookies (_ga, _gid for v2; NID for v3).
    1. Google encouraging site admins to put reCaptcha all over their sites, and then sharing the resulting risk scores with those admins is great for security, Perona thinks, because he says it “gives site owners more control and visibility over what’s going on” with potential scammer and bot attacks, and the system will give admins more accurate scores than if reCaptcha is only using data from a single webpage to analyze user behavior. But there’s the trade-off. “It makes sense and makes it more user-friendly, but it also gives Google more data,”
    2. For instance, Google’s reCaptcha cookie follows the same logic of the Facebook “like” button when it’s embedded in other websites—it gives that site some social media functionality, but it also lets Facebook know that you’re there.
    1. Because consent under the GDPR is such an important issue, it’s mandatory that you keep clear records and that you’re able to demonstrate that the user has given consent; should problems arise, the burden of proof lies with the data controller, so keeping accurate records is vital.
    2. This right only applies to personal data and as such does not apply to genuinely anonymous data (data that can’t be linked back to the individual).
    3. The records should include: who provided the consent;when and how consent was acquired from the individual user;the consent collection form they were presented with at the time of the collection;which conditions and legal documents were applicable at the time that the consent was acquired.
    4. Non-compliant Record Keeping Compliant Record Keeping
    5. they are processed by a natural person in the course of a purely personal or household activity. Practically speaking, the only relevant exception is the latter: for instance, if you collect your friends’ personal data for your own personal phone-book you’re not bound to the GDPR.
    1. there’s no need to send consent request emails — provided that this basis of processing was stated in your privacy policy and that users had easy access to the notice prior to you processing their data. If this information was not available to users at the time, but one of these legal bases can currently legitimately apply to your situation, then your best bet would be to ensure that your current privacy notice meets requirements, so that you can continue to process your user data in a legally compliant way.
    2. Here’s why sending GDPR consent emails is tricky and should be handled very carefully.
    1. they sought to eliminate data controllers and processors acting without appropriate permission, leaving citizens with no control as their personal data was transferred to third parties and beyond
    1. Consent receipt mechanisms can be especially helpful in automatically generating such records.
    2. With that guidance in mind, and from a practical standpoint, consider keeping records of the following: The name or other identifier of the data subject that consented; The dated document, a timestamp, or note of when an oral consent was made; The version of the consent request and privacy policy existing at the time of the consent; and, The document or data capture form by which the data subject submitted his or her data.
    3. Where a processing activity is necessary for the performance of a contract.

      Would a terms of service agreement be considered a contract in this case? So can you just make your terms of service basically include consent or implied consent?

    4. “Is consent really the most appropriate legal basis for this processing activity?” It should be taken into account that consent may not be the best choice in the following situations:
    1. “Until CR 1.0 there was no effective privacy standard or requirement for recording consent in a common format and providing people with a receipt they can reuse for data rights.  Individuals could not track their consents or monitor how their information was processed or know who to hold accountable in the event of a breach of their privacy,” said Colin Wallis, executive director, Kantara Initiative.  “CR 1.0 changes the game.  A consent receipt promises to put the power back into the hands of the individual and, together with its supporting API — the consent receipt generator — is an innovative mechanism for businesses to comply with upcoming GDPR requirements.  For the first time individuals and organizations will be able to maintain and manage permissions for personal data.”
    2. CR 1.0 is an essential specification for meeting the proof of consent requirements of GDPR to enable international transfer of personal information in a number of applications.
    3. Its purpose is to decrease the reliance on privacy policies and enhance the ability for people to share and control personal information.
    1. It’s useful to remember that under GDPR regulations consent is not the ONLY reason that an organization can process user data; it is only one of the “Lawful Bases”, therefore companies can apply other lawful (within the scope of GDPR) bases for data processing activity. However, there will always be data processing activities where consent is the only or best option.
    2. Under EU law (specifically the GDPR) you must keep and maintain “full and extensive” up-to-date records of your business processing activities, both internal and external, where the processing is carried out on personal data.
    3. However, even if your processing activities somehow fall outside of these situations, your information duties to users make it necessary for you to keep basic records relating to which data you collect, its purpose, all parties involved in its processing and the data retention period — this is mandatory for everyone.
    1. If you’re a controller based outside of the EU, you’re transferring personal data outside of the EU each time you collect data of users based within the EU. Please make sure you do so according to one of the legal bases for transfer.

      Here they equate collection of personal data with transfer of personal data. But this is not very intuitive: I usually think of collection of data and transfer of data as rather different activities. It would be if we collected the data on a server in EU and then transferred all that data (via some internal process) to a server in US.

      But I guess when you collect the data over the Internet from a user in a different country, the data is technically being transferred directly to your server in the US. But who is doing the transfer? I would argue that it is not me who is transferring it; it is the user who transmitted/sent the data to my app. I'm collecting it from them, but not transferring it. Collecting seems like more of a passive activity, while transfer seems like a more active activity (maybe not if it's all automated).

      So if these terms are equivalent, then they should replace all instances of "transfer" with "collect". That would make it much clearer and harder to mistakenly assume this doesn't apply to oneself. Or if there is a nuanced difference between the two activities, then the differences should be explained, such as examples of when collection may occur without transfer occurring.

    1. you can think “sold” here as “shared with third parties for any profit, monetary or otherwise”
    2. under most legislations you’re required to inform extensively about the processing activities, their purposes and the rights of users.
    3. Full and extensive records of processing are expressly required in cases where your data processing activities are not occasional, where they could result in a risk to the rights and freedoms of others, where they involve the handling of “special categories of data” or where your organization has more than 250 employees — this effectively covers almost all data controllers and processors.
    1. If you have fewer than 250 employees, you only need to document processing activities that: are not occasional; or
    2. Most organisations are required to maintain a record of their processing activities, covering areas such as processing purposes, data sharing and retention; we call this documentation.
    1. it buys, receives, sells, or shares the personal information of 50,000 or more consumers annually for the business’ commercial purposes. Since IP addresses fall under what is considered personal data — and “commercial purposes” simply means to advance commercial or economic interests — it is likely that any website with at least 50k unique visits per year from California falls within this scope.
    1. You must disclose how the add-on collects, uses, stores and shares user data in the privacy policy field on AMO. Mozilla expects that the add-on limits data collection whenever possible, in keeping with Mozilla’s Lean Data Practices and Mozilla’s Data Privacy Principles, and uses the data only for the purpose for which it was originally collected.
  16. Apr 2020
    1. If the PIA identifies risks or high risks, based on the specific context and circumstances, the organization will need to request consent.
    2. Privacy impact assessments or data protection impact assessments under the EU GDPR, before the collection of personal data, will have a key role
    3. U.K. Information Commissioner Elizabeth Denham clearly states that consent is not the "silver bullet" for GDPR compliance. In many instances, consent will not be the most appropriate ground — for example, when the processing is based on a legal obligation or when the organization has a legitimate interest in processing personal data.
    4. data processing limited to purposes deemed reasonable and appropriate such as commercial interests, individual interests or societal benefits with minimal privacy impact could be exempt from formal consent. The individual will always retain the right to object to the processing of any personal data at any time, subject to legal or contractual restrictions.
    5. organizations may require consent from individuals where the processing of personal data is likely to result in a risk or high risk to the rights and freedoms of individuals or in the case of automated individual decision-making and profiling. Formal consent could as well be justified where the processing requires sharing of personal data with third parties, international data transfers, or where the organization processes special categories of personal data or personal data from minors.
    6. First, organizations must identify the lawful basis for processing prior to the collection of personal data. Under the GDPR, consent is one basis for processing; there are other alternatives. They may be more appropriate options.
    1. Other languages, German for example, are notorious for very long compunds like this and this, that are made up and written as one word directly. Perhaps the way your native language deals with compounds explains your (or other authors') personal preference and sense of "right"?
    1. Before we get to passwords, surely you already have in mind that Google knows everything about you. It knows what websites you’ve visited, it knows where you’ve been in the real world thanks to Android and Google Maps, it knows who your friends are thanks to Google Photos. All of that information is readily available if you log in to your Google account. You already have good reason to treat the password for your Google account as if it’s a state secret.
    1. The data is stored in log files to ensure the functionality of the website. In addition, the data serves us to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context. The legal basis for the temporary storage of the data and the log files is Art. 6 para. 1 lit. f GDPR. Our legitimate interests lie in the above-mentioned purposes.
    2. The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user's computer. For this the IP address of the user must remain stored for the duration of the session.
    3. The collection of the data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility of objection on the part of the user.
    4. The legal basis for the processing of personal data using cookies is Art. 6 para. 1 lit. f GDPR. Our legitimate interests lie in the above-mentioned purposes.