H&H violating GDPR?

[Aceb]

The only way to violate this is e-mail and password for Hnh. It is not enough to identify a person behind it especially that many people here share their accounts (isn't it violation itself?) or even trade / sell those, so.

If I correctly understand the presentation I was forced to sit down in work, as long as Jorbtar don't suddenly release to public or third-party a list of our e-mails without our agreement from ourside, it's okay.


@edit: and fullname is completely optional so I don't know how it would be handled in that case, haven't read user agreement that close.

[Granger]

The only way to violate this is e-mail and password for Hnh.

The madness with GDPR is the IP addresses, mail aliases and phone numbers are now defined as personal data, thus should you 'process' these in any way you have to explain to the moron user what you're doing with these (even when it's blatantly obvious for what they're used).

More dead trees, we don't have enough of them already...

[Jalpha]

I am wondering how enforceable any of this is. It is honestly too easy to dodge the consequences of most legislation so long as you are willing to sacrifice a company to do so. Additionally it's usually incredibly cost ineffective to chase small companies who aren't complying with all requirements.

It's getting to the point where in order to have any privacy an individual has to begin isolating themselves and opting out of any online activity which stores and/or shares their data.

IP addresses are usually dynamic where I'm from, is that not the case elsewhere globally?

[MagicManICT]

IP addresses are usually dynamic where I'm from, is that not the case elsewhere globally?

Anywhere Network Address Translation is used, IPs are dynamic. (Hint: this is anywhere that uses IP4, which is everywhere.) Unless you explicitly have set up a static IP, that is.

I am wondering how enforceable any of this is.

As a generalization, and from a non-expert in legal matters, my understanding is that overly generalized and broad legislation doesn't hold up over time. Either too many people find loopholes, or court systems knock it down. Until that happens, it's a lot of mass panic and lost money from both tax coffers and businesses that have to deal with bad legislation. This is just v1.0 of systems to try to give users control over personal information, so I expect revisions and other ideas to come forward as this mess sorts itself. Those are the ones that will actually have teeth.

[Robben_DuMarsch]

As a generalization, and from a non-expert in legal matters, my understanding is that overly generalized and broad legislation doesn't hold up over time.

As an Attorney, this isn't true.
What will likely happen is that court decisions and pattern and practice of the regulatory agency will provide better guidance towards what is, and what is not, permissible.

But the idea that broad and overly generalized law is doomed to extinction is a serious fallacy.

[ArvinJA]

As a generalization, and from a non-expert in legal matters, my understanding is that overly generalized and broad legislation doesn't hold up over time.

As an Attorney, this isn't true.
What will likely happen is that court decisions and pattern and practice of the regulatory agency will provide better guidance towards what is, and what is not, permissible.

But the idea that broad and overly generalized law is doomed to extinction is a serious fallacy.

See: Interstate commerce clause

[MagicManICT]

See: Interstate commerce clause

Again, not a lawyer or legal expert, but... how many amendments and additions has that had over the years?

[Robben_DuMarsch]

Well, to be fair, the commerce clause is a single line in the text of our country's constitution that simply authorizes congress to act, and serves to preempt interference by state government.
But also to be fair, literally none.

In 1787 our constitution was written. It authorized Congress, in part:
"To regulate Commerce with foreign Nations, and among the several States, and with the Indian Tribes;"

That text has never changed, never been amended, and never been added to.
The extent of powers that this has granted Congress, and the limitations this has placed on other entities to infringe upon this power, have been interpreted and reinterpreted countless times by our Courts over the centuries since. This interpretation and reinterpretation is not dissimilar to the way that our Courts attempt to construe statutes - The difference being that the constitution is extremely difficult to change, whereas if the Court interprets a statute in a way that is unpopular, or against the wishes of the legislature, they can often amend the statute with a simple majority vote. In my state (Grrrr) we've even had more than a few constitutional amendments to that same effect.

The Commerce Clause also does have real effect on regulation in the United States, primarily through the "Dormant Commerce Clause."

[MagicManICT]

I should amend my remarks as not necessarily amendments to the Constitution, but also any legislation passed to further refine or enable such law, be it constitutional or statutory. While bills and the ensuing statues don't hold as much weight as an amendment, they still hold the legal force of the governing body that issued it.

[Robben_DuMarsch]

Comparing the commerce clause to the GDPR is inapt, as the commerce clause simply sets aside certain powers for our Government.
A better comparison is the extremely broad protections provided to consumers in the majority of states that have now adopted some form of the UDTPA, which to put it in summation and in general terms, authorizes enhanced damages as part of a civil claim against any entity if they could have reasonably deceived you in any sort of business transaction, with a few exceptions.

With many caveats that would complicate this discussion, the actual language of the statute in my state authorizes x3 damages + attorneys fees if one, in the course of business:
"Engag[es] in any . . . deceptive conduct which creates a likelihood of confusion or of misunderstanding."

It's broad as shit.
Some quick googling will show you some truly hilarious lawsuits for shit that you wouldn't imagine could be actionable.
It's like suing McDonald's for their hot coffee on steroids.

Other well known examples of extremely "broad law" include copyright protections, negligence claims which lay in common law, products liability, etc. Even criminal laws in the United States, which are supposed to be void for vagueness, sometimes include a bunch of ridiculously broad criteria. Here's one I see pretty frequently:

"[W]hoever, being of the age of 18 years and upwards, by any act corrupts or tends to corrupt the morals of any minor less than 18 years of age . . . commits a misdemeanor of the first degree."

Yes. This law has been upheld as neither void for vagueness, nor violating the overbreadth doctrine.
How one can properly be on notice as to whether any particular act corrupts or tends to corrupt the morals of minors is beyond me, but there we have it.
No, this isn't some ancient relic that isn't used at all, either. I've got two clients facing this charge.