Because I am a little fed up with these dreary GDPR requests for removing stuff from our list archives (which is not easy), I took a closer look at the GDPR wrt email archiving. Take a look at chapter 2, article 5, section 1, paragraph (b) of the GDPR: -------------------- Personal data shall be: - processed lawfully, fairly and in a transparent manner in relation to the data subject (‘lawfulness, fairness and transparency’); collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall, in accordance with Article 89(1), not be considered to be incompatible with the initial purposes (‘purpose limitation’); ------------------------ In my layman's view, our mailing list archives are in full compliance with the above, specifically the last sentence beginning "further processing for archiving purposes in the public interest ..." I don't know if we have an issue of "pseudonymisation" for "data minimisation" purposes, which I guess could mean replacing a name with "GDPR redacted". I just have trouble seeing how my name in a text is an example of keeping my "personal data". -- Per Jessen, Zürich (0.6°C) Member, openSUSE Heroes
On Tue 09 Feb 2021 05:49:25 PM CST, Per Jessen wrote:
Because I am a little fed up with these dreary GDPR requests for removing stuff from our list archives (which is not easy), I took a closer look at the GDPR wrt email archiving.
Take a look at chapter 2, article 5, section 1, paragraph (b) of the GDPR:
-------------------- Personal data shall be:
- processed lawfully, fairly and in a transparent manner in relation to the data subject (‘lawfulness, fairness and transparency’); collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall, in accordance with Article 89(1), not be considered to be incompatible with the initial purposes (‘purpose limitation’); ------------------------
In my layman's view, our mailing list archives are in full compliance with the above, specifically the last sentence beginning "further processing for archiving purposes in the public interest ..."
I don't know if we have an issue of "pseudonymisation" for "data minimisation" purposes, which I guess could mean replacing a name with "GDPR redacted". I just have trouble seeing how my name in a text is an example of keeping my "personal data".
Hi It's all a crock of carp in my opinion, by virtue of the fact that it's a mailing list, what about all the emails on peoples computers, nntp servers etc? Just say no.... pass it onto legal and tell them what we are doing and be done. -- Cheers Malcolm °¿° SUSE Knowledge Partner (Linux Counter #276890) Tumbleweed 20210208 | GNOME Shell 3.38.3 | 5.10.12-1-default Intel DQ77MK MB | Xeon E3-1245 V2 X8 @ 3.40 GHz | Intel/Nvidia up 2:13, 2 users, load average: 1.05, 1.90, 1.71
On 09/02/2021 17.49, Per Jessen wrote:
Because I am a little fed up with these dreary GDPR requests for removing stuff from our list archives (which is not easy), I took a closer look at the GDPR wrt email archiving.
Take a look at chapter 2, article 5, section 1, paragraph (b) of the GDPR:
-------------------- Personal data shall be:
- processed lawfully, fairly and in a transparent manner in relation to the data subject (‘lawfulness, fairness and transparency’); collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall, in accordance with Article 89(1), not be considered to be incompatible with the initial purposes (‘purpose limitation’); ------------------------
In my layman's view, our mailing list archives are in full compliance with the above, specifically the last sentence beginning "further processing for archiving purposes in the public interest ..."
I don't know if we have an issue of "pseudonymisation" for "data minimisation" purposes, which I guess could mean replacing a name with "GDPR redacted". I just have trouble seeing how my name in a text is an example of keeping my "personal data".
Maybe the mail address would have a different consideration than the name in the body? -- Cheers / Saludos, Carlos E. R. (from 15.2 x86_64 at Telcontar)
participants (3)
-
Carlos E. R. -
Malcolm -
Per Jessen