Talk:General Data Protection Regulation/Archives/2019


I've started contributing to the GDPR fines and notices page. Would it be appropriate to add a link to this page under the Sanctions section? And if so, what would be the appropriate text for such a reference? — Preceding unsigned comment added by Rkranendonk (talkcontribs) 14:18, 24 June 2019 (UTC)

Criticism: Social Engineering Vulnerability

According to https://www.theregister.co.uk/2019/08/09/gdpr_identity_thief/ it appears that there is at least anecdotal evidence that GDPR has made it *easier* for (possibly malicious) 3rd parties to extract private information from online services. This may be worth starting a "Criticism" section, as this is a vulnerability apparently worsened by GDPR. Tantek (talk) 23:29, 16 August 2019 (UTC)

Drop tools section

The tools section feels like spam/advertising. It's just an arbitrary list of 4 software tools. I think it should be removed, but didn't want to edit the article without asking.

If anyone else agrees, I'd vouch for removing it.

Grocko1 (talk) 11:34, 23 August 2019 (UTC)

I removed all. Actually, there are tools that might be more "objective", namely those provided by the authorities (we use one in Germany that is provided by the French office for data protection; and which is favored here in Bavaria). But I would have to research that area before I'd feel confident to add them here on WP. --User:Haraldmmueller 13:50, 30 August 2019 (UTC)

Hello, where do I find a map for age of consent in the EU?

Which is issued by Ingrida Milkaite and Eva Lievens at Ghent University. [1] --TaleofTalisman (talk) 22:27, 12 September 2019 (UTC)

Here's are my list that limits younger people to gain access data in European Union:

EU country Age required
  Belgium 13
  Denmark 13
  Estonia 13
  Finland 13
  Latvia 13
  Malta 13
  Portugal 13 (16 for Google accounts)
  Sweden 13
  United Kingdom 13
  Austria 14
  Bulgaria 14
  Cyprus 14
  Italy 14
  Lithuania 14
  Spain 14
  Czech Republic 15 (same as age of consent)
  France 15 (same as age of consent)
  Croatia 16
  Germany 16
  Greece 16 (15 for age of consent)
  Hungary 16
  Ireland 16
  Luxembourg 16
  Netherlands 16
  Poland 16
  Romania 16
  Slovakia 16
  Slovenia 16 (15 for age of consent)

However, San Marino is not member of the European Union and/or European Economic Area. Instead, the minimum age of consent is 16 for Google accounts.

Source: [2]

--TaleofTalisman (talk) 08:13, 24 September 2019 (UTC)

Missing Basic Explanation of Applicability

Sometimes it's instructive to hear how some random person off the street views an endeavor. I came here wondering why US citizens have to comply with EU laws? And there's no explanation in the article, or did I miss it? It's a simple matter but I bet many people will have the same question. Friendly Person (talk) 22:51, 4 October 2019 (UTC)

But there is. See the paragraph under "Impact" on "international law" and the "Brussels effect"; and, additionally, the paragraph on "extraterritorial effects". That's about what can be said (unless you are a US citizen in the EU - then of course you have to comply with national, as well as EU law of the state where you are). --User:Haraldmmueller 20:18, 5 October 2019 (UTC)

"B2B Marketing" original research?

Someone added that section - with only links to GDPR articles, but no secondary source. This alone is not really ok. However, "B2B" implies that both (or all) involved parties are not persons, but "businesses" - so prima facie, the GDPR should not at all be relevant for B2B. So why would one claim this, and support it with paragraphs from the GDPR, which only refer to "natural persons"? I argue that this section should be removed, unless some proff can be given that GDPR professionals (lawyers) regards B2B in the context of the GDPR. --User:Haraldmmueller 10:00, 18 May 2018 (UTC)

... has been removed. Thanks! --User:Haraldmmueller 17:02, 14 October 2019 (UTC)

Extraterritorial effects, again

https://mirrors.tuna.tsinghua.edu.cn/ (see bottom:根据相关法律法规,本站不对欧盟用户提供服务。)

Tsinghua mirror site declared it will not serve EU citizens, despite it's an open source mirror site + doesn't make any explicit data requests. (This line was quietly added, no appearance in https://mirrors.tuna.tsinghua.edu.cn/news/)

From the article: Article 48 states that any judgement of a court or tribunal and any decision of an administrative authority of a third country requiring a controller or processor to transfer or disclose personal data may not be recognized or enforceable in any manner unless based on an international agreement, like a mutual legal assistance treaty in force between the requesting third (non-EU) country and the EU or a member state.

Does that mean for any country/region which legal system is not mutually-endorsed with EU's, all entities there cannot simultaneously satisfy its own country's laws and GDPR effectively has EU blocking them, even if they have no intention to abuse the data?