On 6/19/19 9:15 PM, Per Jessen wrote:
Per Jessen wrote:
Malcolm wrote:
Users have asked under GDPR for their information to be deleted, so in vB their signatures are emptied and all of their posts are set to 'Guest'. Since the gateway has run, these posts are on the nntp side and still contain that information they asked to be deleted....
I am certainly no expert, but as long as the information stored cannot be linked to any specific individual, it ought to be okay? (as far as I have understood).
FWIW - my wife occasionally and indirectly deals with the implementation of GDPR regulations (in banking). She is adamant that -
a) anyone asking for any action (deletion/information) under the GDPR regulations _must_ provide proof of identity.
b) that proof must be sufficient to establish a unique link to the information requested.
For emails or forum postings, I suggest that is virtually impossible.
This is your personal opinion. And I can fully understand why you're arguing that way.
I have seen a number of such requests wrt our mailing lists too, and I have sofar refused to do anything. No one has provided any proof of identity.
Personally I don't know it better but I have some doubts: With this approach you're effectively preventing that someone makes use of his/her rights defined in GDPR. This seems to work for now because none of the users was eager enough to take this to court. (German saying: "Wo kein Kläger da kein Richter.) But it might also produce complex conflict situations: Forged sender addresses can easily be used for really nasty spam or weird false messages. So the real owner of an e-mail address might have a vital and legitimate interest a forged message to be removed. If you prevent this correction/deletion by saying nobody can prove the identity the e-mail address owner could take the legal entity running the lists to court. It's not unlikely that a judge would argue that because there's also no real identity proof when accepting a message sent to the list it is sufficient as identity proof to simply check whether an e-mail challenge is correctly answered. I'm not a lawyer. These are just my personal thoughts. For now we all don't know for sure. Conclusion: Ask your lawyer. Ciao, Michael.