[gdpr-discuss] Git and the Right for Rectification

Karen Reilly akareilly at gmail.com
Mon May 21 18:18:37 BST 2018 

In the case of git, and the integrity of a code base that has implications
for the security of many people, I would look into legitimate interest from
Article 6(1)(f):


“processing is necessary for…

…the purposes of the legitimate interests pursued by the controller or by a
third party, …

…except where such interests are overridden by the interests or fundamental
rights and freedoms of the data subject which require protection of
personal data, in particular where the data subject is a child.”


In short: purpose, necessity, and balancing. Also consider what is PII and
what isn’t. Make a decision and document it.


Cheers,

    Karen Reilly


On Mon 21. May 2018 at 19:01, Jens Kubieziel <maillist at kubieziel.de> wrote:

> * Jonas Wielicki schrieb am 2018-05-21 um 18:22 Uhr:
> > This would require re-writing all history since that commit, which is a
> huge
> > issue.
>
> So you could argue with Art. 12 (5) lit. b GDPR:
> »Where requests from a data subject are manifestly unfounded or
> excessive, […], the controller may either:
> […]
> refuse to act on the request.«
> However this is quite a weak argument and will probably not work for a
> git archive.
>
> If it is not possible to correctly identify the person, the request must
> be rejected (think of nicknames).
>
> > - The email address was valid at the time the commit was made and is
> thus an
> > accurate representation of the history at the time the commit was made
> (which
> > is timestamped) and thus doesn’t need to be rectified.
> >
> > - It is expected that the user would provide accurate information and if
> they,
> > for example, have a typo in e.g. their name in the commit metadata, it
> is kind
> > of their fault and this does not need to be corrected.
>
> I think both arguments are not valid, because the data subject has this
> right independent from what was correct or not not. If the data is
> incorrect now, the data subject has the right to rectification and also
> the controller has a duty to process correct data.
>
> In the case of git some other arguments are needed, IMHO.
>
> --
> Jens Kubieziel                                  https://www.kubieziel.de
> Wer vom Glück immer nur träumt, darf sich nicht wundern, wenn er es
> verschläft. Ernst Deutsch
> _______________________________________________
> gdpr-discuss mailing list
> gdpr-discuss at earth.li
> https://www.earth.li/mailman/listinfo/gdpr-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.earth.li/pipermail/gdpr-discuss/attachments/20180521/0f698e78/attachment.html>

More information about the gdpr-discuss mailing list