On 05/21/2018 07:01 PM, Jens Kubieziel wrote:
Hi,
So you could argue with Art. 12 (5) lit. b GDPR: »Where requests from a data subject are manifestly unfounded or excessive, […], the controller may either: […] refuse to act on the request.« However this is quite a weak argument and will probably not work for a git archive.
If it is not possible to correctly identify the person, the request must be rejected (think of nicknames).
Article 12 would also be my first place to look for exceptions, but the 'excessive' clause is not easily met, excessive is about the frequency of requests, not about administrative work to fulfil the request.
- The email address was valid at the time the commit was made and is thus an
accurate representation of the history at the time the commit was made (which is timestamped) and thus doesn’t need to be rectified.
- It is expected that the user would provide accurate information and if they,
for example, have a typo in e.g. their name in the commit metadata, it is kind of their fault and this does not need to be corrected.
I think both arguments are not valid, because the data subject has this right independent from what was correct or not not. If the data is incorrect now, the data subject has the right to rectification and also the controller has a duty to process correct data.
An e-mail address that was valid at the time of commit is not subject to the right of correction, because it is correct somebody had that e-mail address at the time of the commit. The issue arises when somebody commits with a typo in the e-mail address or with the e-mail address of somebody else.
Winfried