Carlos E. R. wrote:
On 19/06/2019 21.15, Per Jessen wrote:
Per Jessen wrote:
Malcolm wrote:
Users have asked under GDPR for their information to be deleted, so in vB their signatures are emptied and all of their posts are set to 'Guest'. Since the gateway has run, these posts are on the nntp side and still contain that information they asked to be deleted....
I am certainly no expert, but as long as the information stored cannot be linked to any specific individual, it ought to be okay? (as far as I have understood).
FWIW - my wife occasionally and indirectly deals with the implementation of GDPR regulations (in banking). She is adamant that -
a) anyone asking for any action (deletion/information) under the GDPR regulations _must_ provide proof of identity.
b) that proof must be sufficient to establish a unique link to the information requested.
For emails or forum postings, I suggest that is virtually impossible. I have seen a number of such requests wrt our mailing lists too, and I have sofar refused to do anything. No one has provided any proof of identity.
Wouldn't "I'm the owner of that email address" be enough? :-?
IANAL, but I don't think that is sufficient. For starters, it is not proof of identity. The important question is - can your person be uniquely linked to that email address, by way of what we have stored? In comparison - last weekend, I went on-line and bought something from a department store. I obviously left my name and address and I paid by creditcard. That place will now have information that is quite clearly linked to my person. If you send me a copy of your id card, there is no way I can unequivocally link that to anything in our forums or mailing lists. -- Per Jessen, Zürich (18.4°C) Member, openSUSE Heroes -- To unsubscribe, e-mail: heroes+unsubscribe@opensuse.org To contact the owner, e-mail: heroes+owner@opensuse.org