EBCDIC is incompatible with GDPR
shkspr.mobi/blog/2021/10/ebcdi…
Welcome to acronym city!
The Court of Appeal of Brussels has made an interesting ruling. A customer complained that their bank was spelling the customer's name incorrectly. The bank didn't have support for diacritical marks. Things like á, è, ô, ü, ç etc. Those accents are common in many languages. So it was a little surprising that the bank didn't support them.
The bank refused to spell their customer's name correctly, so the customer raised a GDPR complaint under Article 16.
The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her.
Cue much legal back and forth. The bank argued that they simply couldn't support diacritics due to their technology stack. Here's their argument (in Dutch - my translation follows)
Bank X also explained that the current customer data management application was launched in 1995 and is still running on a US manufactured mainframe system.
This system only supported EBCDIC ("extended binary-coded decimal interchange code"). This is an 8-bit standard for storing letters and punctuation marks, developed in 1963-1964 by IBM for their mainframes and AS/400 computers. The code comes from of the use of punch cards and only contains the following characters…
(Emphasis added.)
EBCDIC is an ancient (and much hated) "standard" which should have been fired into the sun a long time ago. It baffles me that it was still being used in 1995 - let alone today.
Look, I'm not a lawyer (sorry mum!) so I've no idea whether this sort of ruling has any impact outside of this specific case. But, a decade after the seminal Falsehoods Programmers Believe About Names essay - we shouldn't tolerate these sorts of flaws.
Unicode - encoded as UTF-8 - just works. Yes, I'm sure there are some edge-cases. But if you can't properly store human names in their native language, you're opening yourself up to a lawsuit.
Source
Dance
youtube.com/embed/v1c2OfAzDTI?…
Reactions
Très intéressant ! t.co/bRxEem8Rem— Marie ʕʘᴥʘʔ Julien (@mariejulien) October 20, 2021
Hâte de mettre en justice tous les sites et autres compagnies qui ont décidé que le fait que j'ai un accent dans mon nom de famille soit source de bug (avec évidemment un message d'erreur qui n'a rien à voir. Histoire de bien pas comprendre pourquoi ça marche pas) t.co/ReIodsI1dh
— Grumpy anxious Nat 🇨🇭🇧🇷🇲🇫 (@Nat_Keely) October 20, 2021
À tous les Fran?ois et les ?milies qui perdent leur caractère t.co/MzX0mXWPRv
— @joachim (@joachimesque) October 20, 2021
La France va sortir de l'UE juste pour que leur état-civil et autres administrations puissent continuer à ruiner la vie de quelqu'un parce qu'il a un tilde dans son nom t.co/i8FisgEEjD
— Lays Y. M. Farra (@LYMFHSR) October 20, 2021
Does this mean that Z̷̡̧̢̰͓̪͖̭͙̰̣̱̬̹̙̜̪̣̏̿̏̋͑́̒͑́̒̿̇̈̍̇̌͝͝a̵̡̧͍̘̮̤̙̹͙̦̙͙͖͓̥̟̦͔͒̇̊̊̔̓́͒́̌̈́̑͋̏̏̏̚͘͝͠͝l̶͉̯̱͇̭̭̉̉̈́̿͐̽̒̎̽͌̚͜ģ̸̧̛͙̩̹̰̤̱̖̘̻̪̻̮̫̟̙̲͍̰̻͕̗̫̿̆̃́͗̽̊̽̌̔̂͂̈͊̐̈́̈̈́̈̓̆͌̑́̕͜ǫ̶̢̹̥̮̟͍̔̑̔̽ can finally open a bank account? t.co/06cTjHxdgx
— KristoferA 🌏 (@KristoferA) October 20, 2021
Next up, I’m suing La Poste for still using ISO-8859-1 when printing labels. Poor “Frédéric” I recently sent a game to… t.co/Z7WuFY0QmK
— Bastien Nocera (@hadessuk) October 20, 2021
Eine Erschütterung der Macht, als würden Millionen Banken-ITler in panischer Angst aufschreien und dann verstummen. t.co/H0WokiIZnu
— Michael Büker (@emtiu) October 21, 2021
Court of Appeal of Brussels - 2019/AR/1006
The Court of Appeal of Brussels held that data subjects have the right under Article 16 GDPR for their name to be spelled correctly when processed by a bank's computer systems.GDPRhub
(Nitter addon enabled: Twitter links via https://nitter.net)
reshared this
Christian Kalkhoff and Jan Walzer reshared this.
