this post was submitted on 14 Jul 2023
204 points (100.0% liked)
Technology
37738 readers
48 users here now
A nice place to discuss rumors, happenings, innovations, and challenges in the technology sphere. We also welcome discussions on the intersections of technology and society. If it’s technological news or discussion of technology, it probably belongs here.
Remember the overriding ethos on Beehaw: Be(e) Nice. Each user you encounter here is a person, and should be treated with kindness (even if they’re wrong, or use a Linux distro you don’t like). Personal attacks will not be tolerated.
Subcommunities on Beehaw:
This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Deletion of personal data without consent or lawful base is also a violation of the GDPR.
Do you have a citation for this? It conflicts with what I know about GDPR.
Mostly GDPR encourages companies to delete personal data they were holding once they no longer have a legitimate use for it. There is a rule where you can demand your data be frozen if so that misuse cam be investigated and in that case you'd be right. But in general companies can and should delete personal data.
That is true, in the GDPR, processing is defined as follows(Art 4): "‘processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;" And a data beach is defined as follows: "‘personal data breach’ means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed;" And article 5 says: "processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’)."
There is still legitimate use, as you still have the account and an accidental or unlawful deletion is a data breach.