top | item 44378889

(no title)

therobot24 | 8 months ago

until there's actual enforcement, there isn't the incentive to tell the truth...

It really is sad how much data has been captured and monetized of the average person. It seems like we're only continuing to turn up the heat as we continue to 'boil the frog'.

discuss

arez|8 months ago

I thought that's why we have GDPR and similar laws, so you can enforce it? If the company says it deleted your data but it didn't it's definitely not complying with GDPR

ygjb|8 months ago

GDPR requires data to be deleted where feasible. A common area where this falls apart is in backups made of systems implemented prior to GDPR rules, or systems which have not implemented a mechanism to allow user level deletion from backups.

There is a somewhat accepted pattern here where backup processes are updated to retain a list of users who have requested deletion, and when a restore from backup is performed, before the restored system is brought back online, the data of users who have requested deletion is removed.

As with many other compliance and governance controls, this is a known pattern, but is subject to review by auditors, and the overall pattern, or the specific implementation of the pattern may not survive a legal test via a complaint by a consumer or regulator.

Nextgrid|8 months ago

GDPR can only be enforced by regulators. The bar for a valid complaint is quite high, and a company can lie and essentially remove your grounds for said complaint. And even once you do get a valid complaint in, it'll stay in limbo for years. Noyb has some info on the subject: https://noyb.eu/en/data-protection-day-only-13-cases-eu-dpas...