On Sun, Jun 03, 2018 at 02:18:07PM -0400, Theodore Y. Ts'o wrote: > I would gently suggest that if you really want to engage in something > practical than speculating how the GPDR compliance will work out in > actual practice, that you contact a lawyer and get official legal > advice? I completely disagree. Erasure is a technical issue to be solved by engineers, not by lawyers. And that's completely in line with the GDPR. The GDPR is ultimately not a legal thing to be solved by lawyers writing lengthy legal argumentations and disclaimers and such. They are not even the ones to take lead in GDPR implementation. All that would be simply snake oil. Some legal documentation may be necessary, and having a competent lawyer in a GDPR compliance task force is certainly a must. But that gets you done only 20% of the job, 80% is engineering. Every lawyer who claims to give you shady legal tricks to get the job 100% done in no time is a liar. The GDPRs ultimate goal is to incline the world to improve how data protection is implemented on a technical level. The GDPR contains several blanket clauses that refer to the "state of the art" of technology, which the GDPR itself of course does not define and which is of course nothing a lawyer has any competence in. My proposal is a technical, not a legal one: Provide a generic possibility of having eraseability and verifiability at the same time in git. Improve the state of the art in version control such that it is more in line with the GDPRs idea that people have a right to be forgotten, but to also be useful for a multitude of other applications. The lawyers can then build on this. Best wishes Peter -- Peter Backes, rtc@xxxxxxxxxxxxxxxxxxx
