Welcome to acronym city!
The Court of Appeal of Brussels has made an interesting ruling. A customer complained that their bank was spelling the customer's name incorrectly. The bank didn't have support for diacritical marks. Things like á, è, ô, ü, ç
etc. Those accents are common in many languages. So it was a little surprising that the bank didn't support them.
The bank refused to spell their customer's name correctly, so the customer raised a GDPR complaint under Article 16.
The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her.
Cue much legal back and forth. The bank argued that they simply couldn't support diacritics due to their technology stack. Here's their argument (in Dutch - my translation follows)
Bank X also explained that the current customer data management application was launched in 1995 and is still running on a US manufactured mainframe system.
This system only supported EBCDIC ("extended binary-coded decimal interchange code"). This is an 8-bit standard for storing letters and punctuation marks, developed in 1963-1964 by IBM for their mainframes and AS/400 computers. The code comes from of the use of punch cards and only contains the following characters…
(Emphasis added.)
EBCDIC is an ancient (and much hated) "standard" which should have been fired into the sun a long time ago. It baffles me that it was still being used in 1995 - let alone today.
Look, I'm not a lawyer (sorry mum!) so I've no idea whether this sort of ruling has any impact outside of this specific case. But, a decade after the seminal Falsehoods Programmers Believe About Names essay - we shouldn't tolerate these sorts of flaws.
Unicode - encoded as UTF-8 - just works. Yes, I'm sure there are some edge-cases. But if you can't properly store human names in their native language, you're opening yourself up to a lawsuit.
Source
Dance
Reactions
Très intéressant ! https://t.co/bRxEem8Rem
— Marie ʕʘᴥʘʔ Julien (@mariejulien) October 20, 2021
Hâte de mettre en justice tous les sites et autres compagnies qui ont décidé que le fait que j'ai un accent dans mon nom de famille soit source de bug (avec évidemment un message d'erreur qui n'a rien à voir. Histoire de bien pas comprendre pourquoi ça marche pas) https://t.co/ReIodsI1dh
— Grumpy anxious Nat 🇨🇭🇧🇷🇲🇫 (@Nat_Keely) October 20, 2021
À tous les Fran?ois et les ?milies qui perdent leur caractère https://t.co/MzX0mXWPRv
— @joachim@boitam.eu (@joachimesque) October 20, 2021
La France va sortir de l'UE juste pour que leur état-civil et autres administrations puissent continuer à ruiner la vie de quelqu'un parce qu'il a un tilde dans son nom https://t.co/i8FisgEEjD
— Lays Y. M. Farra (@LYMFHSR) October 20, 2021
Does this mean that Z̷̡̧̢̰͓̪͖̭͙̰̣̱̬̹̙̜̪̣̏̿̏̋͑́̒͑́̒̿̇̈̍̇̌͝͝a̵̡̧͍̘̮̤̙̹͙̦̙͙͖͓̥̟̦͔͒̇̊̊̔̓́͒́̌̈́̑͋̏̏̏̚͘͝͠͝l̶͉̯̱͇̭̭̉̉̈́̿͐̽̒̎̽͌̚͜ģ̸̧̛͙̩̹̰̤̱̖̘̻̪̻̮̫̟̙̲͍̰̻͕̗̫̿̆̃́͗̽̊̽̌̔̂͂̈͊̐̈́̈̈́̈̓̆͌̑́̕͜ǫ̶̢̹̥̮̟͍̔̑̔̽ can finally open a bank account? https://t.co/06cTjHxdgx
— KristoferA 🌏 (@KristoferA) October 20, 2021
Next up, I’m suing La Poste for still using ISO-8859-1 when printing labels. Poor “Frédéric” I recently sent a game to… https://t.co/Z7WuFY0QmK
— Bastien Nocera (@hadessuk) October 20, 2021
Eine Erschütterung der Macht, als würden Millionen Banken-ITler in panischer Angst aufschreien und dann verstummen. https://t.co/H0WokiIZnu
— Michael Büker (@emtiu) October 21, 2021
I’ve been saying this for years, including at the @bankofengland while they were speccing out RT2.
ASCII (and EBCDIC) is racism.
Just because legacy 🦕banks can’t handle UTF-8 and 24x7 RTGS doesn’t make it right.
NieDzejkob reposted this Article on lobste.rs.
Andy Mabbett says:
Now all you need to do is change your name by deed poll [1], to "⏽⏻ r⏻n⏾⏻ E⏼⏻⭘" and you can force everyone [2] to use your favourite Unicode symbols!
[1] Deed pool not always required: https://en.wikipedia.org/wiki/Deed_of_change_of_name
[2] Well, your suppliers.
Jim Rees says:
EBCDIC has many code pages, just like DOS, and by selecting the correct one you can encode characters from any European language you want. So the bank's argument is not completely correct.
JohnH says:
Specifically, EBCDIC Code page 37 has all the Latin-1 characters.
https://en.wikipedia.org/wiki/Code_page_37
(I worked on software on AS400 that supported multiples of these codepages. Eventually, tho, we just when to using Unicode back in 1999.)
Jan says:
I‘m happy. It feels like revenge served very cold. I tried to open a Barclays account in 2006 and have a German last name with an ö. The Lady at the bank said she had to spell the name exactly as on my id. I said, use an ö. She said I don’t have one on my keyboard. I said then use oe instead. She said she couldn’t, because she had to spell it exactly like it was on my id. And on and on.
JuggleT says:
if it is a german id just show the machine readable part there the name is written with ae, oe, ue or ss
Jan says:
Didn’t know, thanks! It’s 15 years ago, so I doubt Incan still find her…
mauvedeity says:
Wow. This is mad bonkers, and I shall be raising this with several places that can’t get my name right forthwith!
Jan (2) says:
"Unicode - encoded as UTF-8 - just works. Yes, I'm sure there are some edge-cases. But if you can't properly store human names in their native language, you're opening yourself up to a lawsuit."
Those edge cases are for a large part in human names. There are rare Chinese characters that are not in unicode, those are rare because they are only used in a few names. And one can question if a language like Chinese with a long tail of very rare characters is not effectively an open-ended set. Someone invented those characters in the past, so why won't that process continue?
All of that is not really relevant to the legal question as judges tend to take into account what is reasonable in the current day and age, which according to this court is to support at least accents.
Christopher Lord says:
This is not a technical limitation — come up with an encoding just like UTF-8. Encode where possible in EBCDIC, but choose a bit to indicate higher chunks are available. Migrate legacy data to the new encoding, keeping an eye out for corner cases. Tricky bit is that these old bank systems tend to have fixed-width fields, which can mess with multi-byte encodings. I did something like this back when I worked on compilers for IBM as a work-around for our test suites sometimes having utf-8 filenames. Fairly easy to make a idempotent transformation. I should have gone full into consulting! sheesh.
Karl Williamson says:
UTF-EBCDIC allows encoding all Unicode code points, similarly to UTF-8.
https://www.unicode.org/reports/tr16/tr16-8.html
There are modern Perl 5 releases available that support this which I run on z/OS; Python also is claimed to support EBCDIC, but I don't have experience with it regarding Unicode.
Both EBCDIC 1047 and 037 code pages are isomorphic to Latin1. Almost all European languages should be directly encodable via these.
wait which guitar tuning is EBCDIC
This is interesting not only for the tech implications but also: Can people whose gender is neither male nor female leverage this to get gender markers, honorifics, etc. corrected? 🤔 shkspr.mobi/blog/2021/10/e…
This Article was mentioned on blog.fefe.de
EBCDIC is incompatible with GDPR shkspr.mobi/blog/2021/10/e… /post reddit.com/r/programming/…
EBCDIC🥴
shkspr.mobi/blog/2021/10/e…
Dave Cridland says:
The bank could just use punycode in EBDIC of course. Just try saying that out loud author throwing up a bit.
As someone with diacritics in my name, haha, yes.
shkspr.mobi/blog/2021/10/e…
Blair Wyman says:
A point worth mentioning, IMHO, is that this banking application
was apparently designed and written in the 1990's, and has been
serving its intended purpose for almost 30 years.
If the Y2K or Euro character events did not break it --
and I have no reason to suspect that -- this application
may theoretically be unchanged since the day it was written.
Is that a Good Thing? ...or a Bad Thing? I dunno.
I just know it is a Thing.
it is a Thing.
Timothy says:
Jim Rees and others are correct, and the headline is incorrect. EBCDIC isn't the culprit. EBCDIC has had codepages for eons, and that'd be one classic way the bank could solve this problem -- or should have solved this problem decades ago. It's a well solved problem. Another way, probably better nowadays, is to use Unicode (UTF-8 probably). Whether it's IBM Z or IBM i, these systems definitely support Unicode and have since the 1990s. The implementation could be in hybrid-quick-hacky fashion. For example, put some "trigger/escape code" in the existing name field (with the current not great EBCDIC codepage choice) that then points to a UTF-8 encoded name stored alongside. It'd require an application code change, sure, but it's not rocket science actually.
Here's the real headline: "Bank that won't change anything is incompatible with the GDPR."
Pingback from
アクセント付きアルファベットの名前を登録できないEUの銀行はGDPR違反 – 秋元@サイボウズラボ・プログラマー・ブログ:
アクセント付きアルファベットの名前を登録できないEUの銀行はGDPR違反 – 秋元@サイボウズラボ・プログラマー・ブログ mentioned this Article on labs.cybozu.co.jp.
Pingback from
jcs:
jcs mentioned this Article on irreal.org.
Pingback from
Pixels of the Week – October 31, 2021 by Stéphanie Walter - UX Researcher & Designer.: