General Data Protection Regulation (“GDPR”)

!gdpr@sopuli.xyz

Hot Top New Active
Posts Comments
List Tile Wide tile

11 US states now have laws comparable to the GDPR: California, Utah, Colorado, Connecticut, Virginia, Iowa, Indiana, Tennessee, Montana, Texas and Florida

by

But note from the article that Florida’s law is almost useless due to being exteremly narrow in the scope of who must comply. It only applies to tech giants, generally. E.g., generally must “Derive 50 percent of its global gross annual revenue from the sale of advertisements online”. That gets a lot of data abusers off the hook. It is said to be modeled after Virginia.

0
2

~~GDPR requests that must be the only request in a letter (Article 18)~~ or not?

by

I read somewhere that GDPR requests for restricted processing (Art.18) cannot be combined with any other topic or request. E.g. If you request that they not use your e-mail for marketing purposes.

0
2

Legal theory that obligatory disclosure of email address violates the GDPR minimisation principle

by

Utility companies, telecoms, and banks all want consumers to register on their website so they do not have to send paper invoices via snail mail. When I started the registration process, the first demand was for an e-mail address.

0
2

European Commission decided the US is safe from a privacy standpoint for data transfers (WTF?)

by

Yikes.

0
2

PSA: When your personal data is published, people are not free to use it

by

People are often told if their data is published, they have no expectation of privacy. But I found an interesting gem in the EDPB Guidelines of 04/2019 which counters that to some degree:

0
2

If a data controller ignores your GDPR request, you can make an access request for how they handled your request.

by

Just a pro tip if you want to build a case against a data controller: when they ignore your GDPR request, don’t simply send them a reminder. Instead, send them a new Article 15 request demanding records on how your previous request was handled. This way when you build a case against them, you can tack on yet another Article 15 violation when they also ignore your request for information about how they handled your request.

0
2

Forced use of e-receipts in Europe → forced data sharing with MS and Google (no data minimisation?)

by

So here’s a disturbing development. Suppose you pay cash to settle a debt or to pay for something in advance, where you are not walking out of the store with a product. You obviously want a receipt on the spot proving that you handed cash over. This option is ending.

0
2
1

How data controllers bypass the GDPR (contracts!)

by

This is a seriously big loophole. Paraphrasing the various positions:

0
2

Giving fake info can compromise your GDPR access rights

by

I often give fake info as an extra measure of data protection. If I don’t need the data controller to have my date of birth, I give a fake one.

0
2

(EU+UK) Legal theory that closed-source software inherently undermines or violates the GDPR in some situations

by

The GDPR has some rules that require data controllers to be fair and transparent. EDPB guidelines further clarify in detail what fairness and transparency entails. As far as I can tell, what I am reading strongly implies a need for source code to be released in situations where an application is directly executed by a data subject and the application also processes personal data.

0
2

No whistle-blowing, according to EDPB internal doc: If you discover a GDPR violation but your own personal GDPR rights were not infringed, an Art.77 complaint is inadmissible

by

This is interesting but quite unfortunate. As individuals we often spot #GDPR infringements in situations where we are not a victim. The GDPR does not empower us to act with any slight expectation of getting results. There is no reporting mechanism and no remedial correction if the complainant’s own personal data was not mishandled. No Article 77 possibility.

0
2

EDPB launches FOSS website auditing tool for GDPR compliance

by

This is a FOSS tool that enables people to check a website for #GDPR compliance.

0
2

(poll) Are DPAs getting you justice under the GDPR?

by

#poll

0
2

Individuals unable to get GDPR justice -- there’s an opportunity to complain to the Commission before Feb.8

by

Every 4 years the Commission is willing to hear from individuals as to whether the GDPR is working. It’s obviously not working one bit for those of us who actually attempt to exercise our #GDPR rights.

0
2

An EU citizen outside of the EU accesses an EU website via Cloudflare → GDPR violation or loophole?

by

The #GDPR protects everyone inside the EU (regardless of citizenship) + also EU citizens who are outside of the EU.

0
2

When a data controller introduces new access restrictions (such as blocking Tor or VPNs), does that violate the GDPR? (YES it does IMO; but more analysis needed)

by

In answering this question, this seems to be relevant:

0
2