Jump to content

GDPR and how it affects Geocaching


Recommended Posts

8 hours ago, Blue Square Thing said:
9 hours ago, niraD said:

So if I create a new article for Wikipedia; and if even after a few revisions by other people, most of the text of the article is still mine; and if I then remove that article based on my supposed "right to be forgotten"; then what do you think should happen?

 

The text isn't yours once you submit it - the terms you submit it under are a share alike version of a creative commons license. As soon as you hit submit you release the text on that basis.

Ah, so it is possible to craft a TOU so that content is protected from the supposed "right to be forgotten". Now some lawyer just needs to craft a similar TOU for online forums that will be protected from GDPR-based deletion.

 

 

28 minutes ago, RuideAlmeida said:
34 minutes ago, cerberus1 said:

... a foreign "commission" that's imposing rules on a country not within it's ranks.

Not at all what's happening...

Good to know. SInce I'm not in the EU, I can ignore the GDPR when someone from the EU visits my web site.

 

After all, the EU is not imposing rules outside the EU.

Link to comment
On 28/07/2018 at 12:32 AM, niraD said:

If you submit your photo for publication in a magazine, you can't demand that all copies of that magazine be burned just because you change your mind later.

 

A different field entirely, that's a matter of copyright, the photographer owns the copyright of an image they took, so the picture may not be used again or in a different context without their consent.

 

Some unknowing amateur photographers fall for the ploy of a competition to have a pic. on a calendar or whatever, not checking the T&Cs which include waiving copyright so the organiser can subsequently use the image in anyway they wish without payment. Which is why you don't see pro photographers entering those competitions ! Facebook used to have a similar T&C claim over photos, it may have been changed since I looked, but it was one of many reasons I never signed up ....

Link to comment
1 hour ago, cerberus1 said:

 - So I'm simply alert when I hear of a foreign "commission" that's imposing rules on a country not within it's ranks.

 

US does this all the time you just don't know about it.

 

It is part of the global order. If you want to do business with my country follow my rules too even if not against your rules. 

Link to comment

Piling on an extra dose of irony, whilst searching out some factual information on GDPR I found a clearly written page here  which includes this :

 

"Almost all of us have enjoyed the use of 'free' services from the likes of Google, Facebook and Twitter in exchange for a wide range of personal information - from names and email addresses, to political leanings and sexual orientations. Confusing terms and conditions and passive opt-out tick boxes made it harder for people to understand what exactly they were agreeing to giving these tech giants.

The potential consequences of this widely-defined remit for personal data was demonstrated by Facebook's Cambridge Analytica scandal, where a third party app saw millions of users' profile data scraped, allegedly to influence the outcome of the 2016 US election."

 

It is clear that GDPR applies to companies (worldwide) only when they  are dealing with European citizen's data. Any complete thread vapourisation irrispective of country of origin of the O.P. GS chooses to do is their decision, not required by GDPR, and I guess it is simply an easier, cheaper option than employing someone to be responsible for hand-weeding individual posts which are asked to be removed, and posts quoting them, and the posts quoting the quotes ...

 

Personally I'm very happy to have GDPR increase my control over whatever of my personal data has been harvested by the myriad of commercial websites I've visited, and which has then been sold on,  collected  and collated by parasitical marketing companies.  I like having the freedom to control my own data,  and I don't appreciate  having it bought and sold without my consent.

  • Upvote 2
Link to comment
26 minutes ago, hal-an-tow said:

 

"Almost all of us have enjoyed the use of 'free' services from the likes of Google, Facebook and Twitter in exchange for a wide range of personal information

 

Hence the saying, "if it's free, YOU are the product".

 

I suspect, since GDPR laws are by design "fuzzy" to accommodate future technologies, that it will be broadened and finetuned. As other countries implement something similar they may learn from each other.

I honestly can't see why anyone would be against this kind of law especially since the arguments given here against it are false assumptions.

 

  • Upvote 2
Link to comment

A few thoughts:

A simple change in the TOU for the GS forums should solve the vaporization problem.  Add a line that when a user post a comment, they de facto relinquish their personal rights to that post and it becomes a part of the public domain.

 

The personal data associated with the person involved is in their account information, not in the things they say in a forum. If a user wants something they posted removed, make it an "All or Nothing" proposal. Deleting a public post deletes your account or at least your ability to post.

 

FB and their nefarious actions of data collection are not the same thing as the G$ forums. Does GS track your browsing? Sell your user information?

  • Upvote 1
Link to comment
1 hour ago, K13 said:

A few thoughts:

A simple change in the TOU for the GS forums should solve the vaporization problem.  Add a line that when a user post a comment, they de facto relinquish their personal rights to that post and it becomes a part of the public domain.

 

The personal data associated with the person involved is in their account information, not in the things they say in a forum. If a user wants something they posted removed, make it an "All or Nothing" proposal. Deleting a public post deletes your account or at least your ability to post.

 

FB and their nefarious actions of data collection are not the same thing as the G$ forums. Does GS track your browsing? Sell your user information?

 

It already is an all or nothing proposal,  all the thread goes when the OP deletes their post .

 

A 'simple change in the TOU' won't wash either, quite apart from the idea of legally relinquishing all rights to your own words ( " Yes officer, I made threats of physical violence in the forum, but as I relinquished all personal rights to the post that's OK isn't it ?)  from the same page I linked to above, there is this:

" Consent must be an active, affirmative action by the data subject, rather than the passive acceptance under some current models that allow for pre-ticked boxes or opt-outs. "

 

Anyway, even if it was possible, I somehow doubt that GS would alienate fee paying members, or even non-premium paying folk (whose cache page views, tracked by cookies have value as numbers of potential views of the advertising GS sells ) by summarily deleting their accounts. 

 

The most likely outcome I can see if this became an issue would be the simplest, cheapest and least bothersome one for GS : scrap the forums entirely, upsetting only a tiny percentage of cachers ... and as we know, In space, no-one would hear the screams .

 

 

  • Upvote 1
Link to comment
4 hours ago, hal-an-tow said:

It is clear that GDPR applies to companies (worldwide) only when they  are dealing with European citizen's data

So how is a company to know whether or not a user is an EU citizen?   Not all users from the EU are EU citizens and not all EU citizens are resident in the EU?

  • Upvote 1
Link to comment
15 minutes ago, Gill & Tony said:

So how is a company to know whether or not a user is an EU citizen?   Not all users from the EU are EU citizens and not all EU citizens are resident in the EU?

 

There are different ways to deal with this.

 

 User asks for deletion of their data, company does nothing.

a. user is not EU citizen, nothing happens.

b user is EU citizen but files no complaint, nothing happens

c user is EU citizen and files a complaint. Official EU papers come in... company knows it's a EU citizen. :ph34r:

 

Best way to handle this? Treat everyone like they are EU citizens and everybody is happy (except the ones imagining all kinds of scenarios that might maybe occasionally possibly happen ). :lol:

 

Link to comment
4 hours ago, K13 said:

A simple change in the TOU for the GS forums should solve the vaporization problem.  Add a line that when a user post a comment, they de facto relinquish their personal rights to that post and it becomes a part of the public domain.

 

 

Won't work. A product bought new in the EU has a legal warranty of 2 years. For a long time Apple sold it's products with only a one year warranty claiming it could do so because it said so in their terms of service. Guess what, Apple has a 2 year warranty now as their TOS on a 1 year warranty were deemed illegal.

Putting illegal conditions in a contract voids the contract over here.

 

  • Helpful 1
Link to comment
12 hours ago, on4bam said:

What will happen (actually, it was officially announced that GDPR will not be used to start a witch hunt).

You're so trusting. Here in the US, we're used to people getting laws passed by promising X will never happen, but then X does happen because it's completely within the letter of the law and all those promises are completely irrelevant. All the harder to swallow because those people promising you how it will apply to you are beyond my control.

Link to comment
1 hour ago, hal-an-tow said:

Have you never visited a website that knew where you were ? Many e-commerce sites do it without you even noticing to calculate the currency you use and postage costs. Try searching the term geolocation, or have a look here and be surprised, or perhaps alarmed .

 

I looked for something at nationwidestore.com three weeks ago.  I'm still getting that ad (for something not available in-store) on many sites, including Groundspeak.  (Hard to find Lock and Locks in my stores!)

Google sites look at my ISP, and put up ads for somewhere thirty miles east.  Sorry,   That's an hour driving!  I never go there (except maybe to geocache.)

Yup.  They're all spying on me!

  • Upvote 1
Link to comment

I thought the GDPR regs were for data that were collected from the users interactions with a website, whether the user knew it or not.  Things like:  name, email, address, ID numbers, location, IP address, cookies data, browsing history, etc.

 

In fact, if you look at Article 9 of the GDPR, section 2e, it specifically says "...personal data which are manifestly made public by the data subject"  are not covered.  At least that's how I read it.

So, a post in a public forum might not be covered.

 

Then again, the sum of my legal experience is watching reruns of Matlock.

  • Upvote 2
Link to comment
1 hour ago, egroeg said:

In fact, if you look at Article 9 of the GDPR, section 2e, it specifically says "...personal data which are manifestly made public by the data subject"  are not covered.  At least that's how I read it.

So, a post in a public forum might not be covered.

 

That is something the "GDPR experts" seem to have overlooked. And something that some of the non-EU folks may have known was in there all along.  Maybe those experts didn't read all the guidelines? :ph34r:

Link to comment
On 7/28/2018 at 10:48 AM, dprovan said:

Over the last 20 years, I've been astonished at how quickly people were falling all over themselves to spread themselves out over the Internet, and I've long feared what the resulting catastrophe would look like. My guess was that it would result in a final realization that there is no such thing as privacy. I never dreamt that we'd decide privacy is our most precious asset...and then turn over all responsibility for maintaining it to the government.

 

This sums it up for me - I've known my "info" is out there, some I've put there (my FB info and posts, even GC profile and posts on this forum, LInkedIn business info) ... some is due to CC apps and merchandise websites I've logged into and "agreed" to their privacy policies.  In this modern world of iinternet convenience and necessity, my info is "out there" - privacy is almost a myth.  And yeah ... maintaining it is the government's job?!?  Mind boggling ... "Big Brother" is watching ... :ph34r:

Link to comment
1 hour ago, CAVinoGal said:

And yeah ... maintaining it is the government's job?!?

Except they aren't making it the government's job to maintain someone's privacy. They're making it the government's job to force other people to delete all their records of what someone did/said/wrote. Not the same thing.

Link to comment

Just a quick question to those opposing GDPR, what's your real problem with it? Is it the implementation in different situations (website/forum... ) or the concept of datacollection it wants to regulate?

 

Do you think it's OK for website to track you all over the internet by means of cookies, hidden pixels and/or any other means (without your knowledge)? Do you think it's OK that data collected by registering is used for anything else than use on that one site like "share with 3rd party sites / partners" or do you prefer a website informs you first what they collect, how they store the data and what they do with it?

 

@niraD again, wrong. GDPR is about PERSONAL data, "all their records". I can say "the sun is shining" on a forum, that's not personal info and GDPR does not require you to delete this. However, if I write "it's hot today here in my xxxx shop on xxxxx street in xxxx. That is personal info and falls under GDPR regulations.

Of course it's not easy to automate deleting only personal info without deleting other stuff. Before GDPR (long before) another forum had a request to delete someone's profile and posts, what they did was anonymize the user's profile name (like change it to user123456789) and  delete the other info on his profile (links to twitter, FB, date of birth, location... if it was set). What is now left on the forum are his posts (all attributed to user123456789) and parts of his posts  as quotes but these also look like "user123456789 wrote..."

I have no idea if there's personal identifiable info in the posts or quotes but it looks like the forum was GDPR complaint at a time GDPR was only a twinkle in the EU's eye.

 

 

  • Upvote 2
Link to comment
On 7/27/2018 at 7:55 PM, niraD said:

I'm just someone who runs a help forum, who is being told that helpful threads have to be deleted (or rendered useless) at the whims of the original poster (if that original poster is from the EU, and considers the original post to contain "personal data"). Which guarantees that the help forum will have to discuss the same topics over and over, because the previous helpful threads have been deleted.

 

Quote the helpful posts in a post of your own, then delete the original, maybe?

Link to comment
13 hours ago, Harry Dolphin said:

Google sites look at my ISP, and put up ads for somewhere thirty miles east.  Sorry,   That's an hour driving!  I never go there (except maybe to geocache.)

Yup.  They're all spying on me!

 

I think the concern with this is that someone trying to be 100% anonymuos will now have one relatively accurate datapoint linked to them. Even a 60 mile diameter of your general location is like a pin point compared to the surface of the earth.  Log another datapoint and suddenly they* could be knocking on your neighbour's door.

* Of course, this would be the sentiment from someone paranoid of the government (or someone corrupt and powerful).  But the point remains. If you're trying to stay 'off the grid', then geolocation of IP addresses thwarts that goal.

 

Which of course stands to reason - if you're really trying to stay off the grid, and you're using the internet casually, then you really have no idea what you're doing :P

Post to a public forum, that's public unprotected data.

Use the internet, your general location will be known. (it's an essential function)

Although it's sort of like geolocating your cell phone by cell tower, which is just as essential a function.

Though cell triangulation of a phone is much harder to accomplish for the general populace; tracking a location by cell signal is absolutely nothing like geolocating any IP address.

 

Basically, if you use the internet, you are no longer anonymous. Live by that ethic. :)  If you want the benefit of using the internet without revealing anything about yourself, you'll have a whole LOT of work to do. I mean sheesh, they make movies about (people that try to do) that. :lol:

/soapbox

  • Upvote 1
Link to comment
5 hours ago, on4bam said:

Just a quick question to those opposing GDPR, what's your real problem with it? Is it the implementation in different situations (website/forum... ) or the concept of datacollection it wants to regulate?

 

I think a lot of the opposition earlier in this thread came from a misunderstanding of the GDPR regs.  I imagine that few people are opposed to protecting their personal data (name, email, address, ID numbers, memberships, location, IP address, cookies data, browsing history, etc.) when these data are collected surreptitiously, then passed along to the data miners.  The tone of many previous posts seemed to be that people thought the regs were far wider in scope.

 

5 hours ago, on4bam said:

 

GDPR is about PERSONAL data, "all their records". I can say "the sun is shining" on a forum, that's not personal info and GDPR does not require you to delete this. However, if I write "it's hot today here in my xxxx shop on xxxxx street in xxxx. That is personal info and falls under GDPR regulations.

 

I don't think that data which are "...manifestly made public by the data subject..." are covered.  If you voluntarily post about your "xxxx shop on xxxxx street in xxxx", then you aren't protected.  But if you post "the sun is shining" and the data miners determine that you posted from your shop on some street in some town, then you can get THAT data deleted from the miner's files.

 

But, again, that's just how I am interpreting Article 9 of the regs.  I can't figure out if, having voluntarily posted the info about your shop and street, and you suddenly realize you didn't want to say that, then these regs allow you to call for a do over, and get your post deleted.  I also am not clear about whether you can get a post deleted if you gave NO personal information, but you just expressed an opinion that you now regret.

Link to comment
5 hours ago, on4bam said:

Just a quick question to those opposing GDPR, what's your real problem with it?

My main problem with GDPR is that it appears to be an intentionally vague law that claims to apply to anyone in the world as long as someone from the EU visits their site.

 

The rest may or may not be misunderstandings of what GDPR really requires, but given that it is an intentionally vague law, confusion among non-lawyers is to be expected.

 

14 hours ago, Harry Dolphin said:

Google sites look at my ISP, and put up ads for somewhere thirty miles east.  Sorry,   That's an hour driving! 

Yeah, when I was using DSL, IP geolocation put me about 100 miles north, at my provider's headquarters. Since I've upgraded to FTTN, the IP geolocation seems more accurate.

  • Upvote 1
Link to comment
1 hour ago, egroeg said:

I think a lot of the opposition earlier in this thread came from a misunderstanding of the GDPR regs.  I imagine that few people are opposed to protecting their personal data (name, email, address, ID numbers, memberships, location, IP address, cookies data, browsing history, etc.) when these data are collected surreptitiously, then passed along to the data miners.  The tone of many previous posts seemed to be that people thought the regs were far wider in scope.

 

1 hour ago, egroeg said:

But, again, that's just how I am interpreting Article 9 of the regs.  I can't figure out if, having voluntarily posted the info about your shop and street, and you suddenly realize you didn't want to say that, then these regs allow you to call for a do over, and get your post deleted.  I also am not clear about whether you can get a post deleted if you gave NO personal information, but you just expressed an opinion that you now regret.

 

Aye, there's the rub.  That first part - correct, I don't think anyone would be against protecting "personal data".  The question is, what constitutes "personal data"?  The law is vague enough that what happens if someone claims that their post on the forum IS "personal"? That is, contains information which I deem to be private and and personal and want removed.  To what extent can someone claim that data relevant to them (at least posted/shared by them) can be considered "personal" and covered by GDPR?

 

We can assume by 'common sense' what that may mean, but I think a lot of the pushback is that that definition is not clear. So it may seem like taking it to the extreme with some of these examples, but if the law can be interpreted to allow it, then it isn't extreme; it is within the realm of possibility (and thus, being the internet, it will happen).

Link to comment
7 hours ago, on4bam said:

Just a quick question to those opposing GDPR, what's your real problem with it? Is it the implementation in different situations (website/forum... ) or the concept of datacollection it wants to regulate?

Maybe I'm not talking for everyone, but I'm not seeing people opposing the GDPR so much as questioning it and discussing the reactions to it. I'm so happy you're convinced it's entirely limited to just exactly what you think is important, but the fact remains that GS (apparently) thought it needed to allow people to delete threads, and there's every reason to think lots of US organizations, especially the smaller ones, will adopt similar better-safe-that-sorry policies. You keep excusing GS's reaction -- they should know better, they should spend lots of money to implement something less obtrusive, etc. -- but all we are seeing is the impact regardless of whether that's an intended effect or not. So from my point of view, it's a big deal even though you keep promising us it's not.

 

I'm also seeing a lot of EU citizens acting like it's a silver bullet, but I don't actually think it'll make much difference. About the only impact I can imagine is your most precious data will be in the hands of the least scrupulous companies.

 

And behind all that, I keep thinking about the european telecommunications restrictions everyone had to wrestle with during the growth of the Internet. Like those, the most likely effect of the GDPR will be that foreign companies will find it impossible to deal with european citizens, leaving the way for european companies to get a market advantage at the expensive of healthy competition.

 

But, hey, whatever. It's your country/union.

  • Upvote 1
Link to comment

Of course it not a silver bullet. however it is at least an attempt to have more control on how/what is gathered.

Our national radio/tv has implemented GDPR very well I think. When visiting their site you get a little pop-up saying what they collect in four separate lines, each with a checkbox.

The first is checked already and says functional and statistic cookies are "on"

Second are cookies to "optimize" the site and make personal suggestions. By default, these are off

Third is for advertising and "optimize ads based on surfing habits (not limited to that website). Default = off

Fourth are social media cookies for YT, FB, Twitter... again default is off.

 

This means we are informed about what's being collected AND we have a choice to opt-in if we want too.

Looks pretty good to me. That doesn't mean I don't continue to block adds, block trackers and so on and delete almost all cookies on a regular basis.

 

 

  • Upvote 1
Link to comment
36 minutes ago, thebruce0 said:

 

 

Aye, there's the rub.  That first part - correct, I don't think anyone would be against protecting "personal data".  The question is, what constitutes "personal data"?  The law is vague enough that what happens if someone claims that their post on the forum IS "personal"? That is, contains information which I deem to be private and and personal and want removed.  To what extent can someone claim that data relevant to them (at least posted/shared by them) can be considered "personal" and covered by GDPR?

 

From Chapter 1, Article 4: 

 ‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

 

It's the "relating to" that could be considered vague, but perhaps not by the authors.  A post to a forum does not necessarily "identify" a person from the information they voluntarily contribute, but could be associated with the IP address and/or location of the sender.  THAT is what I think they are concerned with, not the info in the post.

 

From Chapter 2, Article 9:  

Processing of personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation shall be prohibited.

 

Except that this provision does not apply  "... to personal data which are manifestly made public by the data subject;"

 

So we circle back to my original post, where I thought that info you voluntarily provide is not protected.

 

Perhaps we should ask for some input from Groundspeak's attorneys (from the venerable firm of Dewey, Cheatem, and Howe).

 

  • Upvote 1
Link to comment
21 hours ago, hal-an-tow said:

Have you never visited a website that knew where you were ? Many e-commerce sites do it without you even noticing to calculate the currency you use and postage costs. Try searching the term geolocation, or have a look here and be surprised, or perhaps alarmed .

Accessing from the EU isn't the same as being an EU citizen. The GDPR applies to the personal information of EU citizens. If I, as a Canadian, sat down at a computer in the EU, the GDPR would not apply to my personal information.

Link to comment
6 hours ago, The A-Team said:

Accessing from the EU isn't the same as being an EU citizen. The GDPR applies to the personal information of EU citizens. If I, as a Canadian, sat down at a computer in the EU, the GDPR would not apply to my personal information.

 

Maybe.  They certainly want it to apply to you also, but whether they can enforce it is another issue.

Resolution 2 of the introduction:

The principles of, and rules on the protection of natural persons with regard to the processing of their personal data should, whatever their nationality or residence, respect their fundamental rights and freedoms, in particular their right to the protection of personal data. 

(Emphasis added.)

 

And from Article 3:

This Regulation applies to the processing of personal data of data subjects who are in the Union by a controller or processor not established in the Union, where the processing activities are related to:

(a)

the offering of goods or services, irrespective of whether a payment of the data subject is required, to such data subjects in the Union; or

(b)

the monitoring of their behaviour as far as their behaviour takes place within the Union.

 

(Emphasis added.)  But now we have the question of whether a person is "in" the Union (geographically) or "in the Union" meaning a citizen.

See nariD's comments about vagueness of the law.

Link to comment
21 hours ago, on4bam said:

Just a quick question to those opposing GDPR, what's your real problem with it? Is it the implementation in different situations (website/forum... ) or the concept of datacollection it wants to regulate?

I'm not sure that I oppose GDPR, per se.  I do have two problems with it, however.

 

I know that the GDPR does not require someone, such as Groundspeak, to delete my data when deleting some other person's data, but if the implementation of the rules means that they do so because complying with the rules is (almost) impossible without doing so;  then that is a problem to me.  It isn't actually a problem with the rules - more a problem with their implementation.

 

The other problem is more ephemeral.  I have done a lot of travelling to other countries and I always expect to comply with the laws of that country.  When in Dubai in August, we will comply with the Muslim edicts regarding alcohol, dress and not showing undue affection in public - even though I am not a Muslim and the laws would not apply to us in Australia.  Similarly, if a EU citizen comes to Australia I would expect them to comply with Australian law.  A German citizen cannot drive on an Australian freeway above 110 KPH, despite the fact that German law would allow them to do so.  Why, then, should EU law apply to an EU citizen visiting an Australian web site, when EU law does not apply to EU citizens visiting an Australian city?

  • Upvote 1
Link to comment
6 hours ago, Gill & Tony said:

Why, then, should EU law apply to an EU citizen visiting an Australian web site, when EU law does not apply to EU citizens visiting an Australian city?

 

I suspect it is because in cyberspace there are no international boundaries. Though china does attempt significant control.

 

In the US Amazon had a similar loophole unless they had a physical presence in the state they did not have to collect state sales taxes for items sold there. This was a huge advantage if you chose to wait a day or two for delivery. This loophole has been plugged.

 

Even if there was a physical presence companies would simply move their services to jurisdictions friendly to them and bypass the rules and regulations. Seems that governments have tired of this game.

Link to comment
9 hours ago, Gill & Tony said:

Why, then, should EU law apply to an EU citizen visiting an Australian web site, when EU law does not apply to EU citizens visiting an Australian city?

 

I'm not sure they are covered in Oz.  The regs are only concerned with those "establishments" that control and process data.

From Article 3 "Territorial scope", there are three cases where the regs apply :

 

- establishments in the Union, whether or not processing takes place in the Union

- establishments not in the Union, but which process data of subjects "in the Union" (but only for limited uses of the data)

- "...applies to the processing of personal data by a controller not established in the Union, but in a place where Member State law applies by virtue of public international law."

 

I have no idea what the legal mumbo jumbo of that last one means.

We come back to the vagueness of whether "in the Union" means anyone physically in the Union, or if it means a citizen of the Union.  That's how legal firms rack up the billable hours.

 

Link to comment
3 hours ago, egroeg said:

- "...applies to the processing of personal data by a controller not established in the Union, but in a place where Member State law applies by virtue of public international law."

 

I have no idea what the legal mumbo jumbo of that last one means.

Could it be to cover some of the disjunct territories/collectivities/departments/etc. of the EU Member States, like Greenland, Aruba, Saint Martin, etc.? I've never been clear on exactly how each of these is treated with respect to its role within the parent state.

Link to comment
17 hours ago, egroeg said:

Maybe.  They certainly want it to apply to you also, but whether they can enforce it is another issue.

Resolution 2 of the introduction:

The principles of, and rules on the protection of natural persons with regard to the processing of their personal data should, whatever their nationality or residence, respect their fundamental rights and freedoms, in particular their right to the protection of personal data. 

(Emphasis added.)

 

And from Article 3:

This Regulation applies to the processing of personal data of data subjects who are in the Union by a controller or processor not established in the Union, where the processing activities are related to:

(a)

the offering of goods or services, irrespective of whether a payment of the data subject is required, to such data subjects in the Union; or

(b)

the monitoring of their behaviour as far as their behaviour takes place within the Union.

 

(Emphasis added.)  But now we have the question of whether a person is "in" the Union (geographically) or "in the Union" meaning a citizen.

See nariD's comments about vagueness of the law.

Yep, it appears that the scope of the GDPR isn't clear. Here are a few search results I found which try to answer the question, but seem to fail in their quest:

GDPR Territorial Scope: Location, Location, Location?

GDPR’s Most Frequently Asked Questions: Does the GDPR apply to all EU citizens’ data?

GDPR – The Data Subject , Citizen or Resident?

 

I like this line from the first link:

Quote

More specifically (and with apologies to former President Bill Clinton), it depends what the meaning of the word "in" is.

 

Link to comment
20 hours ago, MNTA said:

In the US Amazon had a similar loophole unless they had a physical presence in the state they did not have to collect state sales taxes for items sold there. This was a huge advantage if you chose to wait a day or two for delivery. This loophole has been plugged.

 

 

Not in my state.  But then I'm sort of stateless (APO AE).

 

It was mildly entertaining to see all of the cookie warnings popping up on US sites now that I have a non-US IP address.  The first 500 times, anyway.

Edited by hzoi
Link to comment

Talking about GDPR and the "right to be forgotten", what happens when someone decides he want's his/hers Geocaching profile deleted, including all the caches he/she placed, all the logs, trackables, etc.? Will Groundspeak remove all of these without question? Are they required to?

Link to comment
5 hours ago, Psytoma said:

Talking about GDPR and the "right to be forgotten", what happens when someone decides he want's his/hers Geocaching profile deleted, including all the caches he/she placed, all the logs, trackables, etc.? Will Groundspeak remove all of these without question? Are they required to?

Link for reference, with extensive explanations regarding GDPR and the website:

 

https://www.geocaching.com/account/documents/privacypolicy

  • Upvote 1
Link to comment
4 hours ago, Touchstone said:
9 hours ago, Psytoma said:

Talking about GDPR and the "right to be forgotten", what happens when someone decides he want's his/hers Geocaching profile deleted, including all the caches he/she placed, all the logs, trackables, etc.? Will Groundspeak remove all of these without question? Are they required to?

Link for reference, with extensive explanations regarding GDPR and the website:

 

https://www.geocaching.com/account/documents/privacypolicy

So from this link, the answer to the question is yes: on request, GS will delete all logs posted by someone as well as all caches (which has to include all the logs posted to the cache, I suppose). Is that correct?

 

As with forum threads, I don't really understand why that's considered "personal data", and I think someone in this thread described GDPR in a way that made it sound like it wouldn't consider this personal data, either. But GS lists them specifically, so am I wrong to conclude that means my finds will disappear whenever the CO invokes this power?

Link to comment
9 minutes ago, dprovan said:

So from this link, the answer to the question is yes: on request, GS will delete all logs posted by someone as well as all caches (which has to include all the logs posted to the cache, I suppose). Is that correct?

They might do that but it's not required by GDPR (I think it's been mentioned before :ph34r: )

 

 

Link to comment
1 hour ago, dprovan said:

So from this link, the answer to the question is yes: on request, GS will delete all logs posted by someone as well as all caches (which has to include all the logs posted to the cache, I suppose). Is that correct?

I don't think so. In the Privacy Policy, it doesn't list your own hides or trackables under the "Personal information you give us" section. It lists pretty much everything else, but not those, so those are seemingly not items that they'll permanently delete.

Link to comment
40 minutes ago, The A-Team said:

I don't think so. In the Privacy Policy, it doesn't list your own hides or trackables under the "Personal information you give us" section. It lists pretty much everything else, but not those, so those are seemingly not items that they'll permanently delete.

I agree that it's somewhat doubtful that HQ would take the route of last resort and remove all traces of a Listing page and all the associated log entries. However I could envision them removing the Description and perhaps other possible identifying information on the Listing page in the interest of an abundance of caution. 

 

Pure speculation on my part, as I haven't seen this sort of situation come up yet. 

Link to comment
3 hours ago, The A-Team said:

I don't think so. In the Privacy Policy, it doesn't list your own hides or trackables under the "Personal information you give us" section. It lists pretty much everything else, but not those, so those are seemingly not items that they'll permanently delete.

It says, "Content and information you provide through the Geocaching Forums, your geocache and trackable logs, or by email to us." I read that as "your geocache", but now that you mention it, I guess it must really mean "your geocache logs", so not the geocache itself. But I don't understand the logic of leaving the cache description out of that list; there's no significant difference in how the information is entered or who can see it. The only thing I can think of is that the logs have a date, so you have indicated that you were at that cache on that day. Maybe that's what makes it personal information.

 

By the way, that email part is interesting. Does GDPR require companies be able to purge their e-mail archives of all e-mail someone ever sent anyone in the company?

 

4 hours ago, on4bam said:
4 hours ago, dprovan said:

So from this link, the answer to the question is yes: on request, GS will delete all logs posted by someone as well as all caches (which has to include all the logs posted to the cache, I suppose). Is that correct?

They might do that but it's not required by GDPR (I think it's been mentioned before :ph34r: )

I understand that. But it doesn't much matter what I understand, only what GS understands. Is there some doubt this policy was written in reaction to GDPR? Is there some other motive GS might have for letting people delete this kind of information?

Link to comment
14 hours ago, Psytoma said:

Talking about GDPR and the "right to be forgotten", what happens when someone decides he want's his/hers Geocaching profile deleted, including all the caches he/she placed, all the logs, trackables, etc.? Will Groundspeak remove all of these without question? Are they required to?

By the way, the privacy policy says someone in Europe can ask for the personal data to be deleted, but then it gets into some mumbling that's makes it not entirely clear to me whether deleting your profile is an implicit request to delete all the listed data. Does GDPR have any requirement that terminating an account requires deleting personal information associated with that account whether it's requested or not?

Link to comment

The question is, does the cache page (or the trackable page for that matter) contains personal information?

I believe that id does. Both pages contain at least a persons Geocaching username and most likely the IP (or multiple IP's) from where the owner has posted logs on the page. If someone has the "right to be forgotten", I believe they should be required to remove it if the person requests that. By this I mean completely remove it, not just archive, because archived pages still remain accessible for the viewing purposes. That is of course, my personal opinion.

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
×
  • Create New...