On 13.04.2018 15:54, Gregor Jehle wrote:
The data subject is giving consent by subscribing or sending to a mailing list, or creating or adding to a bug report. In this case I'd suspect ensuring there is an explicit notice that the action is giving consent would be sufficient (although it's not clear these used require consent).
This is quite a different viewpoint from Moritz's, [..]
as I understand the GDPR, a key point is that consent once given is not forever. You're able, at any point in time, to decide otherwise and then request deletion of your PII.
Exactly. My understanding is that both is correct, and not at all a different viewpoint than what I talked about, which is requested deletion. I merely implied earlier consent, because without that it would not have been (legally) possible to collect the data in the first place. ;-)
The most important thing about the GDPR is that it is actually very readable. OK, it is a couple of pages long (~50), but you do not need to be a lawyer to understand what it asks for. Of course, anyone's reading might contrast quite a bit from how lawyers will over time engineer courts into interpreting it, but the best approach here is to take some time to fully read it and make up your own mind, rather than (or before) reading 50+ pages of random interpretations.
OK OK maybe I've grown to actually enjoy reading laws, yes, that too.
-- moritz