[gdpr-discuss] Undeleteable data
TJ
0.gdpr-discuss at iam.tj
Fri Apr 13 14:00:55 BST 2018
On 13/04/18 12:07, Daniel Stone wrote:
> Does anyone know if there's some kind of GDPR 'out' for, 'by posting
> here you agree that everything is going to be made public, so as
> there's nothing we can do about its distribution, it's not useful or
> practical for us to undo that'? And are there any kind of credible
> Bugzilla/Mailman deletion tools?
>
>From reading the regulation and various interpretations of it, it seems
that PII required to operate the service is exempt from the requirement
to get specific consent, and from what I've read, may also exempt (some
of) that data from the deletion requirement.
The regulation is designed to protect non-essential collected PII.
I'd also wonder about the difference between 'collected' and
'volunteered' data in respect of bug reports, emails to mailing lists,
etc., since in most cases the service isn't asking for PII.
On the contract side, if the processing is necessary for the performance
of the contract, then it is a lawful use not requiring explicit consent.
The data subject is giving consent by subscribing or sending to a
mailing list, or creating or adding to a bug report. In this case I'd
suspect ensuring there is an explicit notice that the action is giving
consent would be sufficient (although it's not clear these used require
consent).
Corner-cases are where a child is the data-subject and verifiable
parental consent is required.
More information about the gdpr-discuss
mailing list