Re: GDPR compliance best practices?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, 8 Jun 2018, Peter Backes wrote:

On Thu, Jun 07, 2018 at 03:38:49PM -0700, David Lang wrote:
Again: The GDPR certainly allows you to keep a proof of copyright
privately if you have it. However, it does not allow you to keep
publishing it if someone exercises his right to be forgotten.
someone is granting the world the right to use the code and you are claiming
that the evidence that they have granted this right is illegal to have?

Hell no! Please read what I wrote:

- "allows you to keep a proof ... privately"
- "However, it does not allow you to keep publishing it"

And you are incorrect to say that the GDPR lets you keep records privately
and only applies to publishing them. The GDPR is specifically targeted at
companies like Facebook and Google that want to keep lots of data privately.
It does no good to ask Facebook to not publish your info, they don't want to
publish it in the first place, they want to keep it internally and use it.

How can you misunderstand so badly what I wrote.

Sure the GDPR does not let you keep records privately at will. You
ultimately need to have overriding legitimate grounds for doing so.

However, overriding legitimate grounds for keeping private records are
rarely overriding legitimate grounds for publishing them.

the license is granted to the world, so the world has an interest in it.

Unless you are going to argue that the GDPR outlawed open source development.

In case of git history metadata, for publishing, you may have consent
or even legitimate interests, but not overriding legitimate grounds.
For keeping a private copy of the metadata, your probably have
overriding legitimate grounds, however.

The GDPR is not an "all or nothing" thing.

Facebook and Google certainly do not have overriding legitimate grounds
for most of the data they keep privately.

Is it that so hard to understand?

you are the one arguing that the GDPR prohibits Git from storing and revealing this license granting data, not me.

David Lang



[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]

  Powered by Linux