[gdpr-discuss] Undeleteable data
Moritz Bartl
moritz at techcultivation.org
Fri Apr 13 15:37:09 BST 2018
On 13.04.2018 15:54, Gregor Jehle wrote:
>>> The data subject is giving consent by subscribing or sending to a
>>> mailing list, or creating or adding to a bug report. In this case I'd
>>> suspect ensuring there is an explicit notice that the action is giving
>>> consent would be sufficient (although it's not clear these used require
>>> consent).
>> This is quite a different viewpoint from Moritz's, [..]
> as I understand the GDPR, a key point is that consent once given is not
> forever. You're able, at any point in time, to decide otherwise and then
> request deletion of your PII.
Exactly. My understanding is that both is correct, and not at all a
different viewpoint than what I talked about, which is requested
deletion. I merely implied earlier consent, because without that it
would not have been (legally) possible to collect the data in the first
place. ;-)
The most important thing about the GDPR is that it is actually very
readable. OK, it is a couple of pages long (~50), but you do not need to
be a lawyer to understand what it asks for. Of course, anyone's reading
might contrast quite a bit from how lawyers will over time engineer
courts into interpreting it, but the best approach here is to take some
time to fully read it and make up your own mind, rather than (or before)
reading 50+ pages of random interpretations.
OK OK maybe I've grown to actually enjoy reading laws, yes, that too.
-- moritz
More information about the gdpr-discuss
mailing list