Quote:
Originally Posted by Iwon8
How will getDare comply with this?
|
Not?
- - - - - - - - - - - - - - - - - - - - -
I am neither a lawyer nor someone who has dealt with legal stuff before but I took a closer look at the GDPR and found out that getDare is not applicable to this data protection regulation of the European Union. I hope that I have understood the GDPR document right and in order to avoid a mistake or confusion, I'll go through how I came to understand all this.
Please correct me if I made a wrong turn somewhere.
- - - - - - - - - - - - - - - - - - - - -
At first, I read about GDPR in the media but like most media websites, it's way too vague. Writing that it's an EU law but it applies to
'most' websites based outside the EU as well. So instead of trying to find information about whether forums must comply with these data protection regulations as well, I decided to actually read the GDPR. No idea where I had to begin but once I opened the document, it was pretty obvious that I had to read article 3: territorial scope, under
general provisions. (bold added)
Source:
https://gdpr-info.eu/
Quote:
|
Originally Posted by Art. 3 GDPR: Territorial scope
- This Regulation applies to the processing of personal data in the context of the activities of an establishment of a controller or a processor in the Union, regardless of whether the processing takes place in the Union or not.
- This Regulation applies to the processing of personal data of data subjects who are in the Union by a controller or processor not established in the Union, where the processing activities are related to:
- the offering of goods or services, irrespective of whether a payment of the data subject is required, to such data subjects in the Union; or
- the monitoring of their behaviour as far as their behaviour takes place within the Union.
- This Regulation applies to the processing of personal data by a controller not established in the Union, but in a place where Member State law applies by virtue of public international law.
|
Article 3.1 - getDare is not established in the European Union so getDare is not applicable.
Article 3.2a - getDare offers not goods but services, including to EU data subjects that decide to register on the entirely US-based website forum called (you guessed it!) getDare.
Article 3.2b - getDare does not monitor EU data subjects' behaviour.
Article 3.3 - Member State law applies not to the USA.
The only thing to determine in order to know whether getDare is applicable to GDPR, is to see if getDare is applicable to article 3.2a (applicable to be applicable? I guess so). So we go to Recital 23 which states the following.
Quote:
|
Originally Posted by Recital 23 GDPR
Applicable to processors not established in the Union if data subjects within the Union are targeted*
¹In order to ensure that natural persons are not deprived of the protection to which they are entitled under this Regulation, the processing of personal data of data subjects who are in the Union by a controller or a processor not established in the Union should be subject to this Regulation where the processing activities are related to offering goods or services to such data subjects irrespective of whether connected to a payment. ²In order to determine whether such a controller or processor is offering goods or services to data subjects who are in the Union, it should be ascertained whether it is apparent that the controller or processor envisages offering services to data subjects in one or more Member States in the Union. ³Whereas the mere accessibility of the controller’s, processor’s or an intermediary’s website in the Union, of an email address or of other contact details, or the use of a language generally used in the third country where the controller is established, is insufficient to ascertain such intention, factors such as the use of a language or a currency generally used in one or more Member States with the possibility of ordering goods and services in that other language, or the mentioning of customers or users who are in the Union, may make it apparent that the controller envisages offering goods or services to data subjects in the Union.
* This title is an unofficial description.
|
¹ About ensuring to not deprive EU data subjects to their right of GDPR, sort of...
² getDare is only applicable to the GDPR if it is apparent that getDare envisages offering services to EU data subjects.
³ getDare's accessibility to an e-mail address or other contact details (of EU data subject), or the use of the third countries language (= USA --> English), is insufficient to show intentions to target EU data subjects with getDare's service. Factors such as the usage of an EU-Member State's language or currency to offer getDare's services, or mentioning of users who are in the EU, may make it apparent that getDare envisages offering services to EU data subjects.
So by these definitions on whether getDare is applicable to article 3.2a, thus the GDPR; getDare is not applicable. Neither have I seen getDare use languages or currencies of an EU-Member States nor the mentioning of users who are in the EU.
- - - - - - - - - - - - - - - - - - - - -
And just to clarify, if you ask a mod nicely and give a reason as to why you want certain posts to be deleted then a mod will do it for you. Or at the very least, I will do it for you provided it doesn't damage the other content on getDare. Don't delete great dares or create big holes in threads.