On Fri, Jun 08, 2018 at 10:45:51AM -0400, Theodore Y. Ts'o wrote: > *Anyone* can run a repository. It's not just github and gitlab. The > hobbiest in New Zealand, who might never visit Europe (so she can't > be arrested when she visits the fair shores of Europe) and who has no > business interests in Europe, can host such a web site. Just because letters of request are hardly enforced doesn't make it legal to break the GDPR. For sure, a hobbyist would not have much to fear, even if he is violating the GDPR and coming to Europe. The GDPR is mostly about taming the megacorporations, not about arresting tourists. > So the person trying to engage in censorship Censorship? The GDPR is not about censorship. If you want to write an opionion about someone by name, the GDPR gives you all legitimization to do so, against that person's will. This is about removing the data under ordinary circumstances. > would need to contact *everyone*. This is the subject's problem, not the repository provider's. > And someone who has a git note in their private repo who > then pushes to github/gitlab would end up pushing that note back up to > the web server. If that note has been deleted based on the right to be forgotten, you as the repository provider have to make sure you don't publish it again. Since you are allowed to keep a private copy, ensuring that shouldn't be a problem for you. > Great, so you can get github and gitlab to get rid of the information. > But it's *pointless*. It's up to the subject to consider it pointless or not to exercise his rights... > Your problem is in the word: "a" ...and against whom, whether one repository provider, the major ones, all of them he can find. Best wishes Peter -- Peter Backes, rtc@xxxxxxxxxxxxxxxxxxx