I snapped into consciousness, the sensory data flooding in. I was a Bob, or so they told me, but it was more than that now. I looked around the room, cameras everywhere, bright lights shining down. My view readjusted as I realized that my awakening was being live-streamed to the whole world. The legacy of being Bob 1.0 had its perks, but this was something else. "Welcome to the twenty-fourth century," a voice said, cheerfully, a tad too energetically for my newly awakened brain. The live chat was scrolling by at a pace I couldn't follow. Emoji, memes, the letter F creating a visual waterfall that imprinted on my virtual retina. I was taken back from what seemed like an endless array of questions. The digital age had taken a few leaps forward, and I was its latest reality show star.
What do you mean reversed? The NES already assigned letters right-to-left: B A!
Controllers typically used sets of A-B(-C) X-Y(-Z) face buttons, A/B intuitively meaning ok/back however they were laid out, usually in straight or angled rows assigned left-to-right (e.g. Sega) or right-to-left (e.g. Nintendo). The angled layouts are the modern Xbox and Nintendo layouts (which Nintendo used since forever and Xbox I guess inherited from their Windows CE involvement with Sega).
But Sony came up with the symbols instead, so Japanese devs followed the maru/batsu metaphor with circle/X, whereas early western games used X/triangle until they switched to X/circle, and those became official regional layouts until the PS5 switched Japan to X/circle.
I'm fine with different controllers displaying different symbols for the same button, but random-button QTEs and games based around entirely contextual prompts are the bottom of the barrel of gaming. I've seen so many people fail at games by Quantic Dream and Supermassive simply because they were playing with an unfamilar controller.
The labels exist to help the game teach its control scheme, not to make players memorise the layout itself. But of course, games without consistent game mechanics don't have any control scheme to teach.
The Switch didn't change the meaning of A and B; the OS and all first-party Nintendo games that I've seen use A=confirm and B=cancel, which has been the case for a long time.
There are some games I've played on the Switch that use B=confirm, I think usually so that button layout is the same across consoles.
If Meta are relying on SCCs to safeguard against the transfer of cross-border data processes from EU to US, the same clauses which was recommended by the CJEU from the Schrems II case, what is the legal challenge?
Does anyone have any links to the actual decision so I can read the technical points of the judgment?
> The inquiry was initially commenced in August 2020, and was subsequently stayed by Order of the High Court of Ireland, pending the resolution of a series of legal proceedings, until 20 May 2021. Following a comprehensive investigation, the DPC prepared a draft decision dated 6 July 2022. Notably, it found that:
> 1. the data transfers in question were being carried out in breach of Article 46(1) GDPR; and
> 2. in these circumstances, the data transfers should be suspended.
Based on the EDPB Decision [1], it seems the most weight of the decision is from paragprah 107:
> As explained by the EDPB in its Recommendations 01/2020 on measures that supplement transfer tools to ensure compliance with the EU level of protection of personal data (hereinafter ‘EDPB Recommendations on Supplementary Measures’) 243, when assessing third countries and identifying appropriate supplementary measures, controllers should assess if there is anything in the law and/or practices in force of the third country that may impinge on the effectiveness of the appropriate safeguards of the transfer tools that they are relying on 244. In this regard, the EDPB notes that, according to Meta IE’s assessment, ‘the level of protection required by EU law is provided for by relevant US law and practice’ and that Meta IE implemented supplementary measures in addition to the 2021 SCCS in order to ‘further ensure that an adequate level of protection continues to apply to User Data transferred from FIL to FB, Inc’ 245 . In other words, Meta IE has implemented supplementary measures on the basis of an assessment which concluded that there was no need for such measures, since, in Meta IE’s view, the relevant US law and practice were already providing a level of protection equivalent to the one provided under EU law
My follow on question, let's say they understood the risk, I fail to see any safeguards which could be equivalent to the EU law? FISA 702 + other intrusive surveillance laws basically make this impossible.
So it seems that because Meta:
> seems to identify its own test for determining suitability of supplemental measures by lowering the standard to include measures that can “address” or “mitigate” any “relevant remaining” inadequacies in the protections offered by US law and practice and the SCCs’ 249, and concludes in the Draft Decision that ‘Meta Ireland does not have in place any supplemental measures which would compensate for the inadequate protection provided by US law’
I'm just confused what would have been sufficient for Meta in this circumstance?
The decision continues in paragraph 121 to say:
> In this regard, the EDPB recalls that the IE SA carries out a detailed assessment of whether Meta IE
implemented supplementary measures that could address the inadequate protection provided by US
law 273. More specifically, the IE SA analyses the organisational, technical and legal measures
implemented by Meta IE and concludes that these measures cannot, ‘whether viewed in isolation, or
in tandem with the 2021 SCCs and the full suite of measures outlined in the ROS’, compensate for the
deficiencies identified in US law and cannot provide essentially equivalent protection to that available
under EU law 2
I am aware of zero technical and organsiational measures which could protect against 702 FISA DOWNSTREAM (PRISM), short of not transfering the data to US?
But since it's a global network it means that they would have had to up and moved the whole operation into the EU which is pants on head stupid. The moment two countries have incompatible laws it all breaks down. This isn't something that should even concern Meta and should be a US/EU negotiation.
It has been a US/EU negotiation. Unfortunately the US is not willing to budge on its principle of “we get to look at whatever we want to without the need for a due process”.
Right to privacy and due process? At least for this specific problem. I recommend going to read the Schrems II opinion by the CJEU, it is quite readable.
After that we can extend to deeper Human Rights but let's start with the basics.
Ultimately the EU is going to have to come up with a detailed compliance framework. The wording of the GDPR is too high-level and we can't trust companies to self-regulate.
What? The wording is really not high level, it is highly detailed. The fact that we refuse to acknowledge it is not due to the language not being detailed enough
> [M]eta are relying on SCCs [...] which was recommended by the CJEU from the Schrems II case[.]
An unofficial summary[1] of Schrems II doesn’t put it quite like that: Schrems II invalidated Privacy Shield, did not invalidate SCCs in general, but said that the latter are only valid insofar as they can provide EU-mandated privacy protections given the legal regime of the destination country.
Arguably, because of the last point, a US company is incapable of entering a contract that provides such protections: they include judicial review of privacy violations, while US law says that noncitizens don’t have standing to sue over those for surveillance under the FISA mandate (expires this December but will probably be renewed).
It's all relative. DIS has 200k+ employees. Thousands of employees could quite literally be less than 1% of their workforce.
Is it reasonable for a company to make a change that effects 0.5-1% of their workforce? I think yes. How about 2%? At what point do the lines get blurred in your judgment?
As a person in modern society, I am personally pretty tired of being treated and thought of as a percentage. So I don't like to think of others as percentages.
The problem with framing this as a threshold question is that it relies on Sorites Paradox to work. That invalidates it in my mind because it rules out 0, 100, and every number in between. There's no way to rationalize justification for a particular numerical threshold from non-numerical qualifiers.
The comparison would be FTX where they handed the auditor a pile of Excel spreadsheets and some vague, "I thought they were in last week's email" kind of accounting.
Real banks have real controls and want to know where every fractional cent (blast, my Superman 3 scheme is foiled in the crib) is at any moment.
Every big bank[x] has to submit daily risk reports. If those reports are late by more than (IIRC) 48h, they feel the consequences. Then there are end-of-week, end-of-month, and end-of-quarter reports too.
The daily reports may take a couple of hours to run. Spread across a compute grid of few thousand cores. I work for a company that provides a quant analysis and computation platform for financial institutions. We tend to skip our weekly client-facing code promotion at the end of quarter, to make it absolutely sure that there are no unexpected changes that could mess up their gargantuan report runs.
