Quote:
Originally Posted by lotusdriver81
GDPR has extra-territorial scope. Websites outside the EU that process data of people inside the EU are obligated to comply with the GDPR. So GDPR applies to GD regardless of where it is based.
This also includes the “Right to erasure” I believe. But there are other clauses that may require data to be kept for other reasons.
Wether GD complies with these rules would be a matter for more informed people than myself.
|
You're right, while i'm not personally bothered by this i feel this is kind of an important thing to keep in mind, breach of gdpr can have some really nasty consequences for an organisation. Some observations:
Privacy policy
Quote:
Our advertisers also collect information about you as well. For more information on what sorts of information they collect and what they do with it you will need to visit their sites and evaluate their policies.
By sending communications to getDare you give us permission to display that content for any reason. By posting content you agree to let us display it indefinitely. getDare does not remove posts or accounts on request. If this bothers you, don't register and post.
|
GDPR
Art 3 (1)
Quote:
This Regulation applies to the processing of personal data in the context of the activities of an establishment of a controller or a processor in the Union, regardless of whether the processing takes place in the Union or not.
|
Art 7 (3)
Quote:
The data subject shall have the right to withdraw his or her consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. Prior to giving consent, the data subject shall be informed thereof. It shall be as easy to withdraw as to give consent.
|
Art 17 (1-2)
Quote:
1.
The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
b) the data subject withdraws consent on which the processing is based according to point (a) of Article 6(1), or point (a) of Article 9(2), and where there is no other legal ground for the processing;
c) the data subject objects to the processing pursuant to Article 21(1) and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2);
2.
Where the controller has made the personal data public and is obliged pursuant to paragraph 1 to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
|
definitions
full text
Now to be clear I'm not a solicitor or anything of the sort,
however the main points I gather here is that GD privacy policy explicitly says they won't erase your information from the site, nor will they contact third party processors (advertisers) to inform of your request in accordance with art 17 (right to erasure).
GDPR details in
chapter 8 the rights of the data subject to lodge complaints for breach of the regulation as well as any possible penalties to the controller/processor if they're found to be in breach of the law.
Like as someone who has had to think about these things in work/generally it's kind of extremely important to comply with gdpr, same with CCPA (the Californian regulation) if applicable (i'm even less qualified to talk about US law so i'll just leave that there)
Basically, afaik gdpr applies whenever the data subject or controller/processor is within the EU, either is enough and the penalties can be pretty severe. I also believe there's provisions on transfer of data to a country outside of EU which the subject needs to explicitly consent to