Although if the Tories get back into government after the July 4th general election their intention is to weaken GDPR rules in the UK. Thankfully the likelihood of them returning to government is slimmer than the Moon being made of cream cheese.
I’ve never had a normal “Jobby Job” in my life, and that video basically made me nauseous. I must be unhireable at this point.
2 Likes
The “right to forget” here would be removing your personal data on all “data processors” that are managing your info (or, more difficult: changing it). Not so sure about Recall, but if the processing is done on-device, then it’s just a matter of having a “Remove” button in the Control Panel. But surely Microsoft will deploy an equivalent mechanism.
The main problem with Recall, as has already been said, is the attack surface. If someone compromises my computer, I’d better not have screenshots of all my activity there.
1 Like
Thanks. Question: How would the company which has received the request to remove data find all of the recall copies of the info?
(It has been over five years since I worked for a company that needed to abide by these rules, so my terminology and understanding is likely lacking.)
It wasn’t meant for us. But it’s catnip for a lot of non-technical executives.
1 Like
Not sure if I am following the question. What do you mean by “recall copies”?
I wish they would spend some time and money sorting out the hot mess that is Teams.
Teams is terrible! I sometimes have to use Teams for video calls with a large national foundation I work with, but I much prefer Zoom.
I prefer Teams over Zoom, have no issues with teams.
1 Like
Fair enough, I’ll try to clarify.
I am referring to the copies made by Recall.
Given that Recall makes copies of the screen, if a EU citizen’s data is on screen and Recall makes a copy of that data, does that copy need to be removed as part of a ‘right to be forgotten’ request’? If so, how would a company go about finding all of the copies of this citizen’s data across all of the Recall databases where that data may be?
If processing is done locally on the device (which is what I think Recall would do although I’m not sure), then there is no 3rd party “data processor” in place, it’s the operating system itself. In this case it would be similar to use Word to edit documents in your computer, would you need to send a request to Microsoft to remove the personal data in those documents?
Thanks again for humoring me.
I sign up for an account at Acme Widget Company. Acme Widget Company uses Recall on their computers. My info is viewed by a number of people in the course of setting up and servicing my account. I then send a ‘forget me’ request to Acme Widget Company.
What does Acme Widget Company need to do to completely honor this request? Does the Recall data need to be removed from the Recall databases on all of the computers that have viewed (and screenshot) my info? If so, how would that data be found and removed?
1 Like
Ah, now I see your case. As far as I know… there is no way that Acme Widget Company can remove your personal data other than removing all Recall snapshots on all the cmputers of their employees. If Acme Widget is wise, they will not enable Recall on corporate computers, otherwise they will not be able to honor these type of requests.
3 Likes
Personal recording data used to do one’s job better would fall under ‘overriding legitimate grounds.’ If the employee were to stop using Recall or leave the company, wiping the computer and any backups would satisfy. I’m only commenting on the regulations, not the value of Recall.
1 Like
Acme Widget Company would be (figuratively) insane to have Recall enabled on their corporate devices. Their infosec/privacy/compliance/legal group(s) wouldn’t permit it. If, for some reason, AWC were to be making use of Recall, I think it would be safe to assume that there would be many other regulatory requirements that they would also not be able to meet.
1 Like
With the announcements of the WWDC being out in the open, I feel confident that Apple is getting it right (when it eventually be available).
+1 
1 Like
I just assume that many large corporations use key loggers and screen monitoring software but don’t talk about it. Employee “fine print” usually allows this loss of employee privacy on the company-owned platform.
1 Like
We were very clear about computer use at my last company. It was in their employee manual and in the first email they received when they logged into their account.
Employees were allowed personal use of their computers on their breaks, but all internet traffic was logged. And all email send or received, including internal mail, was archived and kept for seven years.
Companies and schools have been monitoring users for decades. That’s one reason,IMO, that Macs were so popular.
1 Like
That’s true in the US, but iirc employees in the EU and/or some European countries have legal protections against at least some of that.