开云体育

-----Original Message-----
From: [email protected] On Behalf Of Tony Moen
Sent: Sunday, 20 November 2022 11:57
To: [email protected]
Subject: Re: [ZaLang] GDPR alert. definition of 2FA

Proton (a Swiss IT co.) sent me the following definition of 2FA:

"(...), please note that Two-factor authentication (2FA) provides an
additional layer of security for your Proton Account. One-factor
authentication allows you to verify your identity when signing in to your
Proton Account using something you know - your login details.

Two-factor authentication (2FA) helps prove your identity using something
else. This can be something you have, such as your phone or a security key,
or something you are, using your faceprint or fingerprint.

Only if both factors are present can your account be accessed."

This was in response to my enquiry about 2FA and whether using Proton would
still allow me to use Mweb and MS Outlook. While the definition does explain
what 2FA is, it didn't answer my question. Basic Proton service is free;
whether adding 2FA is a paid add-on was not explained - will follow this up.
I don't want to lose my current address OR get an additional email address
at a price.

As regards the point
"If I understand correctly, you don't need to implement the GDPR if you
don't provide a service in the EU.
The fact that you provide a service *TO* people from the EU doesn't mean
that you provide the service *IN* the EU. You are not a company (you are a
private individual), so when you do translation work for a client in the EU,
you are providing that service in South Africa, not in the EU":
- the regulation states that it is applicable to "(2) a company established
outside the EU and [is] offering goods/services (paid or for free) or is
monitoring the behaviour of individuals in the EU."

Incidentally, the language in question is immaterial.
Also, the website I quoted states that the regulation applies (1) to "a
company or entity" and (2) to "a company". There is no reference to
individuals, but one might argue that "entity" includes any individual...
And there's the question whether, if you receive some personal info on an EU
citizen in a document (such as a CV, etc.) for translation, you have
actually "collected" that info (which you did not elicit or ask for).
And whether such processing personal info is a core part of your business...

Don't miss the next thrilling episode of this murky mystery!


-----Original Message-----
From: [email protected] <[email protected]> On Behalf Of Samuel Murray
Sent: Friday, 18 November 2022 17:54
To: [email protected]
Subject: Re: [ZaLang] GDPR alert

On 18/11/2022 15:31, Tony Moen wrote:

The US request is:

"I have setup two-factor authentication (also known as dual-factor
authentication) on the email account(s) used for conducting work for XXX".

There is no universal definition of "two-factor authentication" (TFA), so
unless they explain exactly what they mean, it may be honest enough to just
use the Wikipedia article about TFA.

So, if your e-mail account has a complex password that no-one else knows
*AND* you have only saved that password on your computer *AND* you must
supply a separate password to log in to your computer, then by some
interpretation of the definition, what you have there is already TFA.

(Some might say the fact that it is theoretically possible to log into your
e-mail account using just the password, means that it isn't truly TFA.)

If your service provider (e.g. MWEB) doesn't offer TFA (and here I refer to
sending you an SMS to log in), then there is no way for you to add it.

Samuel