 Our next speaker is Pascal, he's a well-known contributor to the community around here. He's been organizing meetups in Fribourg, and he's the CEO of Etoz Digital, an agency in Fribourg, and yes, he's basically a well-known face around here. This talk will be about the new Swiss law and data protection that's going to appear this year. So a big round of applause for Pascal. Okay, I will start with a small story. When I was a kid, when I was a teenager, I liked to play board games. This was before we had the kind of games we have today, and I was always carefully reading the rules. You know, all the rules, maybe it was a long book, like I would read everything, study it, then I would try all the situations in the game, and then I would start to play with my brother and my family. And they would say, explain to us the rule. I would explain the rules, and then in the game, of course, I had not the time to explain everything, so I would win in the beginning, and then they had to learn the game. And then they said, well, no, no, no, no, no, you, we don't play with you if we don't know all the rules. Okay, I will explain all the rules, page one, page two, page three, and they would get bored. So let's play. And I say, okay, we play, but then you cannot reproach me that you don't know all the rules. And basically, this is what happens on the Internet. You go and you download an app, and then you have all those conditions, and you scroll, and you scroll, and it's long, and you click yes. And by doing this, you have created a contract, you have given your consent to all those rules, which were written by a bunch of smart lawyers, especially if it's a big company, and they have a big advantage on you because they were able to create all those rules, and you accept them because you want to use a website. Let's just take one random website as an example, right? Maybe you have used it already in your life. So if you come here and you start to type things, it will collect your data about all your searches, right? So it will use Google has immense knowledge and capability to collect data, and then to have a specific profile of who you are, your political and religious opinions, your preferences, your commercial value in specific markets, they will do all of this. So if you want to know about what they are doing, of course, you can come here and click on privacy and terms, but very few people do this. And my point with this introduction is that by never reading this, you are playing a game where you don't know the rules, like my brother was playing games with me without knowing the rules completely. So having some interest at least in what you are doing when you are saying yes, means you are taking back a little bit of control about your digital life. So now we will speak about the new law in Switzerland. It's a law that was passed and approved in the parliament in 2020. And there was a long process to make it happen as a law enforced in Switzerland. There were many debates that will explain this. And now it will come enforced in September. It's not like the European law that they gave two years of adaptation for businesses. For this law, they give like no day. It's like it comes enforced in September and all websites have to comply. And then from the first of September, if you don't respect those things I will explain today, you are outside the law in Switzerland. So my presentation has three parts. First, what is data protection? Second part is about the new Swiss law about data protection. And finally, more applies to specifically websites, maybe WordPress websites. What does it mean as a website owner? And what does it mean for you as an individual going on the web? So what is data protection? So first we have to think about the importance of data. We have to understand the stakes around the law and the conflict there was in Switzerland in the making of the law. And we can also talk about the European law because of course it was a precursor to the Swiss law. So first data is knowledge, knowledge about individuals. And knowledge is a form of power also. I mean think about the history of the world and how people will torture each other to have information for political purposes. Think about how much if you have an adversary, let's say you play chess, you want to study exactly the moves and the style of game of your opponent to know where you could exploit weaknesses in the part of his game. So you want to know whom you are playing with, right? So knowledge gives you an advantage, an edge. And here when we speak about personal data, if a company has more data about people they can use it for a commercial reason. The talk just before mine showed that, right? If you know things about your potential customers you can use it commercially. I'm not saying it's bad, I'm just saying it's a fact. It's how it works. So how data is used, it's used in marketing. For example, Amazon was pioneering this in a way when they did the online shop, you would choose a book and then they will look in the database who had bought the kind of same book and they will propose you relevant books. And it's very powerful. I mean I like it. When I go to Amazon they propose all books and I want to buy all of them and I like to buy books so my credit cards may have problems, right? But then also I understand what they are doing to me, right? They are collecting data and they know things about me. They know books I would like that I don't know I would like and they show it to me in the right moment and it influences my decision. So this is marketing and sales meaning like if you want to find a customer you will study your customer, what is his business, his budget, his approach, his personality. It will help you negotiate with this person. Then it's used also of course in internal operation in a business like how you lead projects, how you organize everything, how people communicate. This is all connected with data. With HR when you are hiring people now you have software that will go online and find everything that is relevant about a specific person and especially if you had problems or legal issues. Everything that is online you can find this. So if you have no right to erase some traces of what you did in the past it's a big disadvantage. And maybe people also slander you. They say things against you. It's not true. So do you have a right to do something about this? And this law, European law and now Swiss law allows you to do something about it which I find very important. And finance also is a big part where data is important. So I want to speak now about some of the stakes and challenges and here I find a definition of privacy because I think this word is kind of the key in the foundation of the whole discussion. So privacy is a state in which one is not observed or disturbed by other people. I mean you can find different definition in the dictionary. It comes from a Latin word, privatus. It means being by yourself but also not being observed. So you have to think that now this law and those stakes are so important because in the digital age as soon as you are online you are observed. If you are in a website they are collecting data already. If you go somewhere on a shop they are collecting data. So it means that privacy is difficult online because everything is trackable. And therefore this law is very important because it gives back some power, some possibility to individual people. So data confidentiality it's about preserving this privacy and also individual freedom. So you may think about the history of law in the West, in the Western world where freedom is very important, individual freedom. If you compare with other civilization, if you compare let's say with China today, it's a different perspective. For example I was talking with a Chinese woman I know and she's living in Switzerland and we were talking about the fact that in China they are trying to collect data with special recognition like you crossed a red light, they know it and then you lose some social points. And if your social points go below a certain threshold then you cannot take the plane or the trains. And this is starting now, it exists you know because it's this kind of philosophy of politics. So in the Western world historically at least you had a very great emphasis on freedom like there is a space around me you know I can say to other people don't come too close to me. If I choose yes but if I say no no and also the state would have like a had to keep some space from me not to to know everything about me and control me. So for this reason this question of freedom I think it's a huge stake for our age and our era. So there is also ethical questions. One time I went in Geneva in a black hat SEO conference. I'm doing white hat SEO work this is one of my expertise maybe my my strongest expertise and I wanted to see what those guys were doing. So I went to the conference and it was amazing just to see what they do like you know like having scripts that will like create 100 websites that will then point to a website that could point to the client website and they would also explain how they were selling personal data between the businesses. So for example they collect data about you and then they sell it to the next businesses. Those data have commercial values because it helps the third party business to know things about you they could not be able to know. So now if you don't read the text you don't know they are doing this because now they really have to write it in the conditions because of the European law and now the Swiss law before it was different but now they really have to be explicit and transparent. But if you don't have no interest because it's boring to read you don't know what they could do about it. So I think it's a very important question. There is also cyber security which is a field in itself and cyber security means that unauthorized people will access to data they should not have access to right. So I don't want to explore this too much but it's also a big stake for data protection. And finally data integrity meaning the notion of responsibility for the accuracy of the data. If you have a website if you have a business is your database accurate or are you mistreating or treating unfairly people customers because you have wrong data in your database. I mean it's a question also of being able to ask the business to correct data about you if it's not true is the data is not correct. And this also the law is saying this you have the right to do that. So just a word about the European law GDPRP which came in force in 2018. It's I mean generally speaking I'm a Swiss so I don't like so much European Union. I think it's very bureaucratic has very strong laws and has a lot of administrative work for businesses to do to comply with it. However in this case I think what they did is very interesting because really they give back some some power and control to individuals. So it was effective May 25th 2018 and its strengths and unifies the protection of personal data. I will explain more about this in a few minutes for all EU member states. So in Switzerland which is kind of in the middle of Europe but not being in European Union it means that it's not under this European law. However from the point of view of the European law if a European citizen is is coming to Switzerland like let's say staying in a hotel in Switzerland from the European point of view the hotel has to respect European law. But of course it doesn't really work like this if you know how how it works with trials in in juridical and legal litigation. I mean I mean Europe and you know will not come to attack a Swiss business on Swiss territory about a law which they made in their own country because then what then Sudan can attack Switzerland because one of his citizens came here and they had the law that was saying something we were not aware of. So it doesn't really work like this. So sometimes when when you see these kind of things you have to remember that law enforcement is territorial bounds. It's a little more complex than this you have international treaties but still basically this European law was not so much enforced and as far as I know no Swiss company were was ever condemned by this European law. But now of course this new Swiss law will be enforced and it's a different situation in Switzerland. So second part of the presentation will be about the new law in Switzerland and I want to speak about the history of the law, the principles, what changes for private individuals and what changes for businesses. So maybe the first thing to say is that it was a huge debate in parliament and in Switzerland there are contents and the contents disagreed with with the government. So the government made a text like to apply the law but it kind of changed what the parliament wanted so the content fired back and this process was a long process and also in Switzerland we have two chambers in the parliament and they disagreed for about two years. So in some points of the disagreement was what it means to profile somebody that is to specifically have data about somebody that helps to identify this person and use this as knowledge to do things and they were debating about the definition and it was a fight on words but actually words are very important because if we don't care about words the law is saying nothing and everything is meaningless right. So it's interesting to see this debate and basically you had kind of two aspects of course. So on one side you had people who wanted to give more freedom to protect more individuals and the other side also you had businesses who were saying well this is just crazy Europe and bureaucracy we don't want to do the same in Switzerland and they were saying it's a burden for businesses to have to comply to look all those cookies and make sure like it's not collecting data when it should not and all those things. So when you had this kind of two force pushing back and forth and since it's Switzerland nobody wins and it's kind of a balance between the two and I think it's a good thing because I think that also the interest the economical interest of businesses not to have too much bureaucracy to go through is also important so you have to have a balance between protecting rights but you have also a balance that it will be not like crazy rules that takes experts you have to hire or to have in-house to comply with. Again you have to think that it will be very unfavorable for small businesses if it's this kind of very bureaucratic solution why because small businesses don't have the resources to deal with that. I mean big businesses they have like people in house and they do this it's a job they are big they have the means but they're small businesses and in Switzerland like it's a large majority of businesses are smaller it's a different economic fabric in Switzerland than in many other countries you have a lot of PMR we say in French and small medium-sized businesses so and for those businesses the many people in the parliament say we have to be reasonable with those rules so now I want to give some definitions I have just to think about the time I started 35 right okay I want to leave time at the end for questions because I think it should be also interactive so I don't want to be too long so definition of personal data this is kind of the fundamental concept is personal data means two things a physical person can be identified so it is one specific human being that exists right so with the first name and last name and maybe an email address can use to identify this person but then they were also discussing for example does an IP address counts as personal identification and the answer basically is yes but it's problematic because let's say if you have like your WordPress website or the server which usually is the case then the server will collect the IP addresses right I mean you cannot like just manage technically the connection without IP addresses so you are already collecting personal data in this sense you cannot avoid it but of course there were debates and actually there were like also litigation about saying that IP address is not exactly the same as my name or my email address because it's less knowledge about the possibility to identify somebody also you can imagine that if you have a lot of data about somebody okay it's somebody from Romania who is living in this village and who is like 35 and who likes to eat let's say so then you have enough you have enough data to know exactly which person it is and in this case again is this is personal data if you are able to to find this person so google has has now let's say tension and problems in Europe because of this also because it's a question that if you go into the reports then you can find like few people and then you may know who those people are and then if even if they anonymize the the IP address for us the users user using google analytics still maybe we can find the people and you have attention and discussion about this also there is this notion of sensitive data so for example okay my age and my where I'm born those kind of things are personal data about me but they are not sensitive so sensitive would be my religious and political opinions would be data about my health my health record problems racial origin genetic like DNA biometric data that helps to identify me including facial recognition and this big debate and this debate will continue in the next years and like penal record if I did if I had some legal issues all this is is considered as sensitive data and especially for health which is a huge market it's very important to know okay every like doctor or every hospital is collecting sensitive data so they have to be double careful with what they do with those data and the law is stricter if you collect those kind of data so for example for you website or for your clients website is just collecting names and emails it's it's one thing it's one level but if you start to collect things about religious and political opinions and health data and maybe DNAs it's maybe a rare these kind of things you go to a different level and you have more risk so you have to be more careful about how you handle those data so the main principle of the law is three principle one is transparency from the website owners towards the people who comes on the website that is the website owners has to publish a data policy that data protection policy to explain what it is doing with those data and this is the first principle so you don't have a right any longer with this law to not say what you are doing with the data if you if you are not saying it then you are outside the law the second thing is protection of the privacy of individual and there is this notion of privacy by design I will explain this more in depth later but basically the idea is you stop to collect data if it's not useful and necessary it's not like I collect as much data as I can it's like I collect as less data as I can but if it's useful of course I collect it if I'm a hotel I have to have your name and I have to have the date you are coming to stay in my hotel because it's connected with the service I'm providing you and therefore I have to collect this data but I can explain it also and the last yeah this is so it's a justification of data data collected so what changes for let's say Swiss citizen or people living in Switzerland on the 1st of September this year is you will have the right of portability like like it exists already in Europe so basically it means you can go to Google or Facebook or Instagram or whatever and you can ask them to give you in a standard format all the data they have about you and they have to do it in Europe it's already the case so most services big services already have a mechanism for you to in self service get the data about yourself I mean just for fun just if you use Facebook or Instagram just do it I mean find the page Google it find it and ask it and you will receive like a big file and every like you did is in this database imagine every like every post every reply everything and in Google they have other searches imagine the knowledge Google has from the churches I mean you are sick and you search for some illnesses right so Google can no you know you are interested in this kind of people this kind of political opinions so how much data as they have it's amazing and just to see it to go through and to remember oh yes three years ago I was looking for this and this I mean all this they have in a database and it's not that they have like 10,000 employees looking at this day and night but it's more that they have algorithm to sort this through and extract useful knowledge so also you have a right with this new law to have a decision taken by a software reviewed by a human being so for example you you know an airline company we're speaking about airlines before an airline company say you cannot take the plane and then you understand it was taken by by a software automatically because of whatever criteria and it's obscure it's dark you don't know why so you have the right to ask that the decision is reviewed by a real living human being and that they explain how the decision was taken so the law doesn't say that those kind of decision are not possible and I think they will be used more and more and I think that with artificial intelligence the level of of the kind of decision that will be taken by software will rise rise rise much higher and this will be a very important stake maybe you follow this but Elon Musk and a bunch like 1000 people they just made a declaration about chat GPT and also software using AI saying that we have to calm down because it it may just be so disruptive what those technologies will do and at the heart of this you have also the idea that as human being we have relationship it's personal right computer it can have like artificial intelligence but it's not human intelligence it's not lived intelligence has no conscience has no experience of reality it's just electricity going in secrets right it's software so it has a human like intelligence because we designed it and created it and it can like bring together a lot of data and find new things and is more quicker than us because it can process let's say I like this example so for example if you want to teach to a to a software to recognize dogs and cats you need to give the the machine learning software like 1 million 2 million pictures of a cat and of dogs and from those millions of pictures then it's able to to recognize of course it can process 1 million pictures in a few seconds you as a human being you could not process 1 million pictures in a few seconds hire a small kid of three years you show like three dogs three cats it's done he can distinguish so when you have a lot of data those algorithms are very powerful but when you have a scarcity of data humans human beings are much much stronger because they have a kind of sense of things that is not yet built into artificial intelligence so here also this new rights we will have here in Switzerland and exist already in Europe is that there is a data protection by design by default that should be enforced in all websites so so for you if you create website it's just that you have to think about it in the process of creating a website you think about the design you think about the functionalities about the plugins you want to install you think about many things so it's just one more thing you have to think about this website will collect data and maybe it will collect personal data and therefore it's also something you can I mean as a business owner you can integrate this in your service like okay I will help my client comply with the law and I will help them understand what kind of data they collect and how they use it here there is just a notice that this law in Switzerland has has split things and it concerns the protection of physical person I mean like individual human beings for for the data of businesses of moral entities legal entities it's not in this law it's in a different law I just wanted to mention that so now what changes from the side of businesses right and if you create website you you create website for businesses certainly or maybe you are a business and you have your own website so you have now to comply with this law if you are operating in Switzerland so the first thing is about more transparency in data management and basically what the law is saying is you have to keep a record of data processing activities of course it's not only on the web it's maybe you have a shop and you you collect data manually or whatever maybe you have other way to collect data but if here we speak about the web you have to think about how your website is collecting data and then you have to also make an effort effort to only collect useful data and this is privacy by default if it's not useful don't collect it but actually it's easier to collect more data than to collect less data so you have to think about it to decide and then also to implement it at the technical level and the third point is very interesting is you have to keep and here's a law is kind of weak because it doesn't say the time so it says keep only the data as long as they are useful or necessary but how long is useful necessary is not written in the law so I think this will give rise to to conflicts and will go to the federal tribunal at some point I think in Switzerland so but basically the idea is for example you have your websites in which you have forms and you collect personal data because people are sending those forms you have a database on the website then you have a backup and the backup is on a server and then you it's there forever right because who is going on the google drive or microsoft one drive to to erase like backups you know so it means now you have to think about it because if you have personal data in the database of your website if you do backups those backups holds this data and then you have to think who has access to those data so it's it's it's just like a you need to take some time to sit down and think about it and I think it's important not just to comply with the law but just to know your own responsibility that you are dealing with data with personal data so so and finally so one point of the law is that you have to publish on your website a data protection policy where you state what kind of data you collect and what you're doing with them so when when do I have to finish just for me to leave time for question okay so I will I will go quickly and open questions so you have to know the data you collect on your website you have to eliminate unnecessary personal data collection and you have to explain to your users in the data policy what kind of data you you collect so I spoke about forms you can think about your server which is logging like IP addresses with timestamps and type of browsers so IP addresses that kind of personal data I said it's a it's a kind of debate but still the answer is yes it's it allows to redotify somebody specifically so we should also for example like erase automatically the logs of old IPs and finally you have to think about google analytics and like other analytics solutions how they work and what kind of data is a store you can think about hot jar and mouse flow like you know you can have like session recording video recording and also mouse flow for example we use it made bigger big efforts to comply with the law like to anonymize things but it's always I mean the limit is sometimes difficult and also of course cookies which is in itself like a huge subject maybe you have followed that google is going in a cookie less world direction maybe you have followed this it's interesting in a few years but for now we still have cookies and in a website typically in your protection data policy you have to say which kind of cookie you have how long they store data and this kind of things so it's a little bit technical but you should do this so also you have to think about if you are a business who else has access to the data you are collecting maybe you work with an agency maybe you work with with a freelancer and they have access to the data you have to know this you have to think about this and in the in the data policy you have to say it now there is a discussion if you have to say the names of the people in the company or not again it's not clarified but there was a case in the in Europe in Austria that went back to the courts of Luxembourg and they ruled that yes you have at least for Europe yes you have to give the names if asked so you may have to be ready for this just one customer may ask and then you have to give the information at least to this customer um I think I already covered most most of of those things so I want to open questions so we have some time thanks a lot Pascal um any questions yes one here thank you um when the GDPR was um put on place a lot of websites we have to put all those information so in terms of the swiss law so do we have to add to the GDPR um page where we have all the privacy policies we have to add also we comply to the swiss law well if you do yes you can add this but the swiss law basically I didn't mention this and I want to add this so basically the swiss law is a little softer than the european law because as I explained maybe european union has a more like stricter administrative view and switzerland is a country where you have a rule but then you have different people applying the rule in different ways so for example now because of this law all the cantons have to adapt their own law so on your website if you comply with GDPR I think you comply already with swiss law which is a little lighter I mean I mean maybe like you have to do a sorrow comparison to be sure but I think basically the swiss law is contained into the european law okay thank you I just something else I wanted to mention also is important is um so in the european union the fines if you don't respect the law can go up to 20 million euros and even more actually I mean it's you have different cases like four percent of the of the gross income internationally so it means for big company it's a lot of money right now in switzerland in the law and this was debated it's the limit is 250 000 swiss francs so euro and swiss francs are basically the same so it means for big company who are most likely to do like big violation they can just put this in a bank account and wait for the problem and they pay it right so and now the discussion is also some people in switzerland are afraid that european union will not accept that the swiss law is the same level of protection because of this US effect of a smaller fine is not so so big and one specificity also in switzerland is is that it's not the company itself that is fined but the individual who are responsible for the violation like you know like the board of directors or the the person who was managing the data yeah let me attend something to the question here my name is Andreas von Gund and i'm from d'artenschutz partner and i would say that if you comply to the gpdr that's one one thing you know but what you have written into your data privacy policy is something else so which means complying to gtbr means that you are definitely mostly complying also to the new swiss data law that's correct but writing in your you have to write in your swiss data policy that you are complying with the swiss law as long as your company is here in switzerland and as long as your website is is is concerning swiss customers you have to comply with the swiss law and not with the european law and i also would suggest you that you don't even talk about gpdr in your data protection privacy policy as long as you don't have to because as soon as you start talking about the gpdr in your privacy policy you are you are putting yourself under the gpdr policy which means for example for a swiss company that you often need a protection representative in the european union and stuff like that so you should be very careful in copying some data privacy policies out there from the web from germany or from france where else and put it into your website that usually does not work you really have to comply with the swiss law and which means your privacy policy on your website has to talk about the swiss law and not about the gpdr complying to the gpdr is something very good and i would also attend two small things it's important that you know when you when you're working with with data you all almost often have data not only stored in your wordpress site but also somewhere else for example your crm you're losing mailchimp and stuff like that every time you you have that you we are talking about data export and you have to comply you have to make sure that your data export is is legalized through a data protection data protection addendum with your export partner and you also have data outsourcing sorry about that and then you have to think about export export in other countries which is another very important thing you know as soon as you work with a u.s company you may have the problem that this is not a safe country from from from from the time of looking at as a data protector officer so you have to comply with these rules as well so it's very very complicated everything unfortunately and even in switzerland it's it gives a lot of work to do for all of you that is going to work on from 1st of september yes thank you it's a wonderful comments i mean i think i think also this problem with other countries so you have software that can look at where the data is going from your website and then typically you have the question of united states which is another complex issue but we don't have time now so other questions hi thank you very much good talk i just want to add something from the technical point of view i think it's it's really hard to actually get the technical details right as well i mean understanding the law is one thing and taking the measures correctly on the technical side is another whole big world that mostly people we struggle with so actually just checking cookies or knowing which data is processed by which entity can be really really hard and i think that that's another really really big challenge that a lot of people will need help with just to analyzing what sort of thing should be done just one quick example as we're here as a at the work camp if you're using a work with theme you're likely to or that theme is likely to include some third party code from any server actually for example google funds you can go on most websites and they will use google funds and that will could be rated as a data protection violation i think because you are like transferring or giving knowledge to that google server about your your visitors or they know that the visitor is loading funds from the servers and there are so many technical issues that are really hard to to comply with or actually it can be impossible if if anyone has experience on that kind of feel i mean you cannot just like change your whole theme to to comply so i think it it will be sort of a chance to um yeah sort of make money with by having a solution ready gdpr and ref dsk because a lot of existing solutions won't be able to comply general i just want to make a comment about this so i think we have also to realize that the the entities which are likely to have problems are larger entities collecting sensitive data as i explained so typically if you do something at least you know like you write a data policy and you try to not collect data which are useless you have done your best effort or at least an effort and it's a big difference because basically you're the risk you will have problems like real problem from the i don't know how to say in english la préposé ou la protection des données so the federal let's say agent who is responsible for this it's very small if you are a small business i mean you just do a wordpress website i mean they will not have the resource and time to go after you so but it's important to do an effort to do something to think about the data to know how it's stored how long it is stored so this is more of my message and i i completely understand i mean i agree with you i i tried with one website to have everything straight and then there was this layer it's like inception you have layers and layers and layers and it's no end right and then you do an update and you end up like unknowingly include many other things that don't comply anymore so thank you okay we we have time for two more questions uh so three let's one two and three over there one one yeah whatever order just a quick and a pragmatic one any plugins you could suggest that should be ready by um september first for the swiss way of data protection what do you mean problematic plugins or oh any any plugins you know that could be ready the first of september i mean you know what we what do we do we need some data protection and then we look we go and look for plugins we buy them we use the free version and now i'm obviously um you know what's the swiss plugin i need to install in order to be more or less safe maybe you have to create it but you have a short time now that's the point that's the point i don't think there is a plugin to install i think it's more about really like digging into what kind of data you collect where they are stored it's a kind of um it's a path you have to think about it no no plugin for now at least second so we had the question from the vap part over there it's all all the way okay i would just like to add that if you're serving any u ua customer probably just like the customer could take your um service so your order to to take care of the gdpr yes it's what i said so from the point of view of european uh law if if somebody comes from europe then the site has to comply it's just that in practice how it works in tribunals it's like it never happened from 2018 that a swiss entity to my knowledge was seized or attacked by the european law because because it's in switzerland exactly but if you have like a company which is based in germany but the the main uh company or the headquarters in switzerland and you could probably serve somebody a service the gdpr face can face you and i mean the whole right is like if nobody see it nobody cares but that's the right approach in my opinion so if you could serve any clients in the uh EU you need to have uh the protection as they want it so i mean you can live by like i don't care for any right and you could go on as the site is not caring anybody but if you want to do it right you should take care of both yes yes i agree and i think but again i think you have to differentiate between big businesses which have the means to go in all the details and small business owners who at least should do something about it but who would not maybe comply with all the details because also technically it's too complex yes well i'm i'm especially interested in publishing pictures of people on a website we know that people have to give their permission to to have a picture of themselves published on a website and that they have to opt in not opting out is not good enough so my question is especially about group pictures if in this room there's a single person who didn't opt in are pictures of the group then unusable well i think if i'm not mistaken that when you you registered for this event you accepted conditions and in those conditions it was written that you accept that pictures are taken and this is exactly what i was saying i mean no that's not true you had to you had to check that you agree that yeah but if you are if you would you would we not have been allowed to participate if we wouldn't have checked that i think you would i mean i'm not the best person to answer because this is also connected with uh word press foundation rules i think you would be able to to come but the the default if you're checking and say yes yes yes yes yes then if you accepted that pictures can be taken then if you want an exception within this consent then maybe it's possible but i'm not sure about this well the the question is not really answered but we'll talk about this yeah laterally yes so my final word i will stop here is is is just that i think every one of us has to to remember that we have some responsibility with data collection that you are part of the game of data collection and this game has rules so please read a little bit of the rules at least and try to make your websites compliant and it's not just to comply with the law but it's also to i think just be a good citizen you know to to respect the privacy of other human beings thank you