Was there even a mass exodus? I largely avoid Reddit now, but I do kind of doubt that they’ve been hurt in any meaningful way by all the protests and people leaving…
Was there even a mass exodus? I largely avoid Reddit now, but I do kind of doubt that they’ve been hurt in any meaningful way by all the protests and people leaving…
The requester can have no idea where his data ended up. That’s why the admin who receives the data is responsible for who he gives it to. And he also has to forward the delete request to whoever he gave it to.
Otherwise, customers of an online service that sells their data would have to request deletion from everyone who bought it, which is impossible cause they don’t know who that is.
The regulation was written to give people more control over their data, but it has no provision for something like federation, and it also doesn’t allow for a “do whatever you want with my data” box the users could check.
The regulation was written to give private users control over what big corporations can do with their data. It doesn’t fit for non-commercial (but also not private) use by a loose group of admins. But legally, it still applies.
Unless these instances are showing ads and selling data, I’m pretty sure they’re protected from the law. Not only that but if you’re not hosting in the EU that law doesn’t apply to you.
Making money is not a requirement for the GDPR to apply. Neither is being based or hosting in the EU.
In fact, the example the EU provides on their site is of a company that offers free services (and is based outside of the EU):
https://commission.europa.eu/law/law-topic/data-protection/reform/rules-business-and-organisations/application-regulation/who-does-data-protection-law-apply_en
The problem here is how does that work? If I host something in the USA, how is someone going to bring a lawsuit towards me if I am also in the USA?
Asking honest questions here. As this just sounds like a lot of chest thumping from the EU.
“Provided your company doesn’t specifically target its services at individuals in the EU, it is not subject to the rules of the GDPR.”
Just say, we don’t provide or target EU individuals and you’re free.
So then if someone requests that Gmail delete all their email data, is Google then responsible for making sure any emails sent out from it’s server to another is also deleted from those external servers?
See https://gdpr-info.eu/issues/right-to-be-forgotten/
Once the “controller has made the personal data public”, they have legal obligations. When you send an email, you are not making it public.