I'm no attorney/lawyer - however, wouldn't that warrant a filing with the "Datenschutzbehörde"?
That would miss the point. The telco was traditionally government-owned, and still works like a "Behörde" itself. The top ranks are resigned party-officials, and these won't bother one of themselves. The german railroad company is still government-owned and follows the same practise of collecting data for the grandparent scam.
Also, the telco is allowed to make it's own law. I had an incident a few years ago: the telco decided that I should consume more bandwidth (without ever asking or informing me), and therefore switched my uplink to a faster and more expensive protocol (without my consent or me even knowing).
The problem was, I dont have any hardware that would understand the new protocol. So, in fact, my network and telephone was just disconnected. And after complaining, the telco told me they are unable to revert the configuration to the contractually agreed one.
So I went to the attorney, and they told me that one cannot do anything in such a case, because the telco has created a special law for themselves, and only very vew lawyers are versed in that law, and these are employed by the telco itself.
(Finally I had to complain to the telco management to get back to my contractual linkup, after a few weeks.)
The way I understand GDPR, they're not supposed to ask for data that is relevant to the business at hand and are also not allowed to retain it any longer than necessary - at least that would be the meaning of the law, I assume?
Well, thats what you may get told, by teachers and party officials. And thats alright, because they must make sure that you vote as expected in the next elections.
But then why should anybody care about the "Pöbel", except how to exploit it? Why should anybody make a law that does not profit themselves?
Have you ever heard that MasterCard was punished for
publishing their customer database in the darknet? No. Only the program was stopped, which means the customers were ripped off the awards they had already obtained, in addition to publishing their addresses in the darknet. And nowadays MasterCard runs a new similar program.
Once there was a Do-It-Yourself paper, about how to write HTML and how to create your own website. It was later extended with a chapter about CSS, and I think even Javascript was added. The idea was: you do not need to go to facebook, you can write your webpage by yourself as well.
And this is the actual concern of the GDPR: we must get rid of these people who can write their own webpages. Because otherwise, if it gets publicly known that one can write one's own webpage, then it might become obvious that facebook etc. is just superfluous. And what then with all the big money?
So, make the process of running a webpage so administratively complicated, and make the people so frightened they might violate some law, that nobody will do it anymore and all publish their stuff with the big providers like YT and FB, where they can easily be censored. That's the purpose.
Unfortunately, I have to admit that my own past dealings with the German DSB were rather unhelpful - whether that is due to lack of motivation, insufficient manpower or other reasons, I will probably never know.
That's not difficult to figure out: institutions do not exist for the people. Institutions to exist so that merited party-officials can be situated there, and the public pays them a lucrative income.
Have you ever read Franz Kafka, "Der Prozess"?
See, at first, we built the Internet, and we did it good. And it was a scientific work.
And those in power looked at it in astonishment, and had no idea of the whereabouts, but started to phantasize about making money with it. And that became the first new-market-bubble, around 2000.
Then, they started to adapt, and started to build things that actually work (somehow, more or less): amazon, google, facebook, etc. And occasionally, they would still ask us how the things were designed and how they are supposed to work correctly.
But now, since about 2017, the money-making machine runs by itself. We, the engineers, and the standards are no longer needed. The RFCs are (sorry) fucked off, Jon Postel's law, "Be liberal in what you accept, and conservative in what you send", is fucked off.
In fact, the Internet is no longer needed and is fucked off.
Now there is only a couple of big players, and they don't need standards, they don't need interoperability, because they want oligarchy, they want to make the rules all by themselves, and they want the governments to pay them their delivery infrastructure.
And the governments are, as always, all head into arse of the big business.
So, there are only two players left: the gang of corporations and governments, i.e. those in power, and You. Because the others, the consumers, they only need a new smartphone, they are NPC and don't count.
Want more proof? Again, the german telco, has given me in writing that they censor e-mails.
Specifically, they allow their customers only to receive e-mails from commercial spam providers. They do not allow them to receive e-mail sent from private people.
Now You say, ouch, we're just Berkeley hackers, we want to play with the technology, we don't want to consider politics! Well then, fine, pay the bill. Because You're the ones who will be done away with next: it is not acceptable that people can modify the code running on their computers.
So I expect the so far build dependency lang/python27 to be historic from now on.
