Talk:General Data Protection Regulation/Archives/2019

Can I link to 'GDPR fines and notices' from the Sanctions section?
I've started contributing to the GDPR fines and notices page. Would it be appropriate to add a link to this page under the Sanctions section? And if so, what would be the appropriate text for such a reference? — Preceding unsigned comment added by Rkranendonk (talk • contribs) 14:18, 24 June 2019 (UTC)

Criticism: Social Engineering Vulnerability
According to https://www.theregister.co.uk/2019/08/09/gdpr_identity_thief/ it appears that there is at least anecdotal evidence that GDPR has made it *easier* for (possibly malicious) 3rd parties to extract private information from online services. This may be worth starting a "Criticism" section, as this is a vulnerability apparently worsened by GDPR. Tantek (talk) 23:29, 16 August 2019 (UTC)

Drop tools section
The tools section feels like spam/advertising. It's just an arbitrary list of 4 software tools. I think it should be removed, but didn't want to edit the article without asking.

If anyone else agrees, I'd vouch for removing it.

Grocko1 (talk) 11:34, 23 August 2019 (UTC)
 * I removed all. Actually, there are tools that might be more "objective", namely those provided by the authorities (we use one in Germany that is provided by the French office for data protection; and which is favored here in Bavaria). But I would have to research that area before I'd feel confident to add them here on WP. --User:Haraldmmueller 13:50, 30 August 2019 (UTC)

GDPR-K age of consent map
Hello, where do I find a map for age of consent in the EU?

Which is issued by Ingrida Milkaite and Eva Lievens at Ghent University. --TaleofTalisman (talk) 22:27, 12 September 2019 (UTC)

GDPR age of consent
Here's are my list that limits younger people to gain access data in European Union:

However, San Marino is not member of the European Union and/or European Economic Area. Instead, the minimum age of consent is 16 for Google accounts.

Source:

--TaleofTalisman (talk) 08:13, 24 September 2019 (UTC)

Missing Basic Explanation of Applicability
Sometimes it's instructive to hear how some random person off the street views an endeavor. I came here wondering why US citizens have to comply with EU laws? And there's no explanation in the article, or did I miss it? It's a simple matter but I bet many people will have the same question. Friendly Person (talk) 22:51, 4 October 2019 (UTC)
 * But there is. See the paragraph under "Impact" on "international law" and the "Brussels effect"; and, additionally, the paragraph on "extraterritorial effects". That's about what can be said (unless you are a US citizen in the EU - then of course you have to comply with national, as well as EU law of the state where you are). --User:Haraldmmueller 20:18, 5 October 2019 (UTC)

"B2B Marketing" original research?
Someone added that section - with only links to GDPR articles, but no secondary source. This alone is not really ok. However, "B2B" implies that both (or all) involved parties are not persons, but "businesses" - so prima facie, the GDPR should not at all be relevant for B2B. So why would one claim this, and support it with paragraphs from the GDPR, which only refer to "natural persons"? I argue that this section should be removed, unless some proff can be given that GDPR professionals (lawyers) regards B2B in the context of the GDPR. --User:Haraldmmueller 10:00, 18 May 2018 (UTC)
 * ... has been removed. Thanks! --User:Haraldmmueller 17:02, 14 October 2019 (UTC)

Extraterritorial effects, again
https://mirrors.tuna.tsinghua.edu.cn/ (see bottom:根据相关法律法规，本站不对欧盟用户提供服务. )

Tsinghua mirror site declared it will not serve EU citizens, despite it's an open source mirror site + doesn't make any explicit data requests. (This line was quietly added, no appearance in https://mirrors.tuna.tsinghua.edu.cn/news/)

From the article: Article 48 states that any judgement of a court or tribunal and any decision of an administrative authority of a third country requiring a controller or processor to transfer or disclose personal data may not be recognized or enforceable in any manner unless based on an international agreement, like a mutual legal assistance treaty in force between the requesting third (non-EU) country and the EU or a member state.

Does that mean for any country/region which legal system is not mutually-endorsed with EU's, all entities there cannot simultaneously satisfy its own country's laws and GDPR effectively has EU blocking them, even if they have no intention to abuse the data?