GDPR and stuff

Randomface74 · 18 May 2018 at 13:00

touch said:
If your post gets quoted by someone else that becomes their right to freedom of expression and you dont have the right for it to be deleted.

Do you know that? / are a lawyer? / or are you guessing?

touch · 18 May 2018 at 13:03

billysielu said:
Do you know that? / are a lawyer? / or are you guessing?

I'm reading the link you just posted to the legislation...

When does the right to erasure not apply?
The right to erasure does not apply if processing is necessary for one of the following reasons:

to exercise the right of freedom of expression and information;

Randomface74 · 18 May 2018 at 13:08

I wouldn't have thought someone else's freedom of expression (expressing my personal information) would remove my right to erasure of that personal information. If so, that's a mistake surely, as quoting everything would become a loophole to avoid GDPR.

touch · 18 May 2018 at 13:28

billysielu said:
I wouldn't have thought someone else's freedom of expression (expressing my personal information)

If you make a post containing your own personal information, would that not make you the data controller?
You would be the one with control over what data gets posted and where it is posted.

Randomface74 · 18 May 2018 at 13:37

touch said:
If you make a post containing your own personal information, would that not make you the data controller?
You would be the one with control over what data gets posted and where it is posted.

I don't think so. I'm the user of the system, OCUK is the controller and processor.
The right to erasure is the right of the individual, and that right isn't contingent on who the controller or processor are.

touch · 18 May 2018 at 14:07

billysielu said:
I don't think so. I'm the user of the system, OCUK is the controller and processor.

If OcUK can't control what personal data, if any, you include in your post, how could they be the data controller for that data?

Randomface74 · 18 May 2018 at 14:16

Dunno, but if I can't delete it, how can I be?

Kenai · 18 May 2018 at 14:21

Once you've put something into the public domain though, surely you forfeit any right to be able to make other people remove it? You can delete your own contributions but if someone else has quoted or repeated something you chose to make public then that's tough really.

Does GDPR not contain some general definition that identifies it as only applying to data being handled 'in private' as it were?

Devrij · 18 May 2018 at 18:57

touch said:
I dont think that's correct?

If you've given a company permission to email you then they are legitimately allowed to email you under the current rules. The rules around you giving permission are being tightened so after 25th May, they wont have the correct permission to email you.
They are allowed to contact you before that date (if you've previously given permission) and ask your permission to continue contacting you under the new rules.

What I'm referring to is that if they do not have existing consent to send marketing emails, they can't send you an email to ask if they can send marketing materials. This is what we were advised by our legal firm. Why they'd ask you for your consent if they already have it is beyond me. This is the kind of thing I'm referring to here
https://www.theregister.co.uk/2017/03/28/ico_fines_flybe_honda/

PapaLazaru · 18 May 2018 at 19:01

Had to delete all my emails over 2 years old today, unless they are still relevant for cases. I work in fraud so if the case is still ongoing it is fine to keep. We work closely with Privacy so we have had to act in line.

Bye bye 17,000 emails from the 3 years prior.

krooton · 18 May 2018 at 20:04

Devrij said:
What I'm referring to is that if they do not have existing consent to send marketing emails, they can't send you an email to ask if they can send marketing materials. This is what we were advised by our legal firm. Why they'd ask you for your consent if they already have it is beyond me. This is the kind of thing I'm referring to here
https://www.theregister.co.uk/2017/03/28/ico_fines_flybe_honda/

Because they might not have sufficient proof of that consent. We had a number of consents that were lacking a date and method of acquisition, and from the 25th that isn't good enough. Thankfully only 10% of our database is at risk.

Kenai · 18 May 2018 at 20:37

Moses said:
Place voluntarily in the first instance, but what if they then want to remove them from that public place?

Then they're free to do that surely? The only thing that would prevent that, as said earlier, is if someone has quoted you but i'm not convinced these regs place an obligation on OcUK as a company to be responsible for clearing up after you in the public domain, if you've said things publicly and other people have quoted it, I would have thought that's effectively your problem to overcome.

Kenai · 18 May 2018 at 20:44

Moses said:
Well, it’s not practical for a user to delete tens of thousands of posts. It’s incredibly easy for the mods to delete all of my posts (perhaps harder to remove instances where people have quoted me). The easiest and safest thing for them to do would be to delete all my posts if I ask them to... unless they want to take a big gamble or get expensive legal advice.

Well, as I said to billysielu earlier, there's a very easy way to test that theory in a week's time

touch · 18 May 2018 at 22:23

Devrij said:
What I'm referring to is that if they do not have existing consent to send marketing emails, they can't send you an email to ask if they can send marketing materials. This is what we were advised by our legal firm. Why they'd ask you for your consent if they already have it is beyond me. This is the kind of thing I'm referring to here
https://www.theregister.co.uk/2017/03/28/ico_fines_flybe_honda/

Agreed, if they do not have existing consent they cannot email you to ask you to consent to their new terms. (Which is why flybe have been fined, as you pointed out)

Most companies do need to ask for your consent again even though they already have it because the rules around how you give consent have changed. That's why we're all being bombarded with emails asking us to consent again.

Lakeland · 18 May 2018 at 22:58

I work for a school and they're taking the new legislation as though it's not serious. Apparently if we met the old data protection legislation we're likely to meet GDPR... Only just been brought to our attention even though I highlighted it over 2 months ago.

krooton · 18 May 2018 at 23:10

Lakeland said:
I work for a school and they're taking the new legislation as though it's not serious. Apparently if we met the old data protection legislation we're likely to meet GDPR... Only just been brought to our attention even though I highlighted it over 2 months ago.

Hehe, I have been banging on about this at my work since May last year (though I am the consumer database analyst, so am closer to it than most), and we only got any real traction in January.

The whole bloody thing has taken over my work life though, next Friday can't get here soon enough.

Devrij · 19 May 2018 at 00:01

krooton said:
Because they might not have sufficient proof of that consent. We had a number of consents that were lacking a date and method of acquisition, and from the 25th that isn't good enough. Thankfully only 10% of our database is at risk.

Get yes that's true. The vast majority of our database is corporate email addresses so mercifully we haven't had to worry about it too much, but one lady I spoke to see theirs go from 11k to 600 after a permission pass. Brutal!

Bonjour · 19 May 2018 at 11:09

- Do you know of a good GDPR consultant?
- Yes
- Can I have his email address?
- No

Randomface74 · 19 May 2018 at 11:18

haha nice one

StriderX · 20 May 2018 at 08:37

Small query for folks perhaps in the know about the legalese, i assume this does not whatsoever affect the weirdos asking for your email in person? (Certain store cashiers)