Michael Strc3b6der wrote:
FWIW - my wife occasionally and indirectly deals with the implementation of GDPR regulations (in banking). She is adamant that -
a) anyone asking for any action (deletion/information) under the GDPR regulations _must_ provide proof of identity.
b) that proof must be sufficient to establish a unique link to the information requested.
For emails or forum postings, I suggest that is virtually impossible.
This is your personal opinion. And I can fully understand why you're arguing that way.
I have seen a number of such requests wrt our mailing lists too, and I have sofar refused to do anything. No one has provided any proof of identity.
Personally I don't know it better but I have some doubts:
With this approach you're effectively preventing that someone makes use of his/her rights defined in GDPR. This seems to work for now because none of the users was eager enough to take this to court. (German saying: "Wo kein Kläger da kein Richter.)
But it might also produce complex conflict situations: Forged sender addresses can easily be used for really nasty spam or weird false messages. So the real owner of an e-mail address might have a vital and legitimate interest a forged message to be removed. If you prevent this correction/deletion by saying nobody can prove the identity the e-mail address owner could take the legal entity running the lists to court.
Yes, there are all kinds of complexities. The legal entity is of course SUSE GmbH. Although I manage the mailing lists, I am under no legal obligation by SUSE, nor have I received any instructions from SUSE regarding the GDPR. Another couple of reasons for not wanting to touch the whole thing.
It's not unlikely that a judge would argue that because there's also no real identity proof when accepting a message sent to the list it is sufficient as identity proof to simply check whether an e-mail challenge is correctly answered.
I have also been wondering about that.
I'm not a lawyer. These are just my personal thoughts. For now we all don't know for sure. Conclusion: Ask your lawyer.
Amen. -- Per Jessen, Zürich (20.8°C) Member, openSUSE Heroes -- To unsubscribe, e-mail: heroes+unsubscribe@opensuse.org To contact the owner, e-mail: heroes+owner@opensuse.org