Gesendet: Donnerstag, 20. Juni 2019 um 12:53 Uhr Von: "Per Jessen" <per@opensuse.org> An: heroes@opensuse.org Betreff: Re: [heroes] NNTP questions / GDPR / DSVGO
Carlos E. R. wrote:
On 19/06/2019 21.15, Per Jessen wrote:
Per Jessen wrote:
Malcolm wrote:
Users have asked under GDPR for their information to be deleted, so in vB their signatures are emptied and all of their posts are set to 'Guest'. Since the gateway has run, these posts are on the nntp side and still contain that information they asked to be deleted....
I am certainly no expert, but as long as the information stored cannot be linked to any specific individual, it ought to be okay? (as far as I have understood).
FWIW - my wife occasionally and indirectly deals with the implementation of GDPR regulations (in banking). She is adamant that -
a) anyone asking for any action (deletion/information) under the GDPR regulations _must_ provide proof of identity.
b) that proof must be sufficient to establish a unique link to the information requested.
For emails or forum postings, I suggest that is virtually impossible. I have seen a number of such requests wrt our mailing lists too, and I have sofar refused to do anything. No one has provided any proof of identity.
Wouldn't "I'm the owner of that email address" be enough? :-?
IANAL, but I don't think that is sufficient. For starters, it is not proof of identity.
The important question is - can your person be uniquely linked to that email address, by way of what we have stored?
In comparison - last weekend, I went on-line and bought something from a department store. I obviously left my name and address and I paid by creditcard. That place will now have information that is quite clearly linked to my person.
If you send me a copy of your id card, there is no way I can unequivocally link that to anything in our forums or mailing lists.
-- Per Jessen, Zürich (18.4°C) Member, openSUSE Heroes
We have such problems with GDPR/ DSGVO at our university now, too. That is more crazy than you can believe. We are a Faculty of Computer Science and all data should be anonymously after the leaving of or students. We are using gitlab for student projects and different online forms to register for our units. Every gitlab commit contains the email address by the Contributor. That should not be identifiable in the future because of the GDPR. We have been surprised... We are looking at other universities after their solutions. That is the same case with "removing personal data" after leaving the community. I think about any possibility to encrypt personal data with an additional script, that the system can know the data and users can see only encypted email addresses. The GDPR makes all difficult... Best regards, Sarah -- To unsubscribe, e-mail: heroes+unsubscribe@opensuse.org To contact the owner, e-mail: heroes+owner@opensuse.org