top | item 32694717

(no title)

You somehow forgot to mention that most (probably all) EU countries have laws that require you to know the birthdays of your customers - that of course overrides GDPR, or more precisely, the law is the reason to store the information so there's no need to find other reasons.

Also, don't forget that these laws also have requirements on you keeping logs, most of the time 3, 5 or more years. So yeah you have to obey a deletion request when that time is up, not "on request" - that would be illegal in most cases.

In many EU countries birthdate (and more) is public information, btw - my own birthdate is made public by the state itself (on the business registry website), together with my name and residence address. Same for any owner of real estate - be it land, house or unit - names, residence addresses and birthdates are publicly available in the online cadastre.

discuss

tcmb|3 years ago

> You somehow forgot to mention that most (probably all) EU countries have laws that require you to know the birthdays of your customers

That is simply not true, not in this very general formulation. What businesses does this statement of yours apply to?

It's certainly not common for an ecommerce site to ask for your birthday on signup.

ItsTooMuch|3 years ago

Any online service thanks to DSA, for example: Anything that children might use (yes, so everything - intent doesn't count). Anything where users can upload content (writing comments is enough according to our lawyer).

You picked about the only remaining thing where it's not always a requirement. It's a requirement even there if the transaction is over certain threshold (varies by local law, usually around 10k EUR) or certain categories of items (drugs, alcohol, tobacco-related, sextoys, weapons etc).