Yes, he might succeed with the threats anyway, but his right to erasure doesn’t require deleting his forum posts. They can stay compliant with anonymization.
Except, I suppose, if the forum posts managed to contain a real name, or enough identifying information to put together a profile that would solidly identify somebody. But that’s unlikely.
It’s considerate to think of that, but there isn’t a right to have incidental self-disclosures scrubbed that came about from communication. Anyway, it’s up to them what they want to do.
It seems weird to me as well, but this also works in the other direction for certain US regulations. I have worked with many global companies based in Europe doing business in the US to ensure compliance to Sarbanes-Oxley controls and FDA. (FDA specifically for pharma clients.)
As has already been stated above, the forum owners have up to one calendar month to respond. You’ll have to be patient… it would be unusual for any organisation to respond after a day to a GDPR request!
It wouldn’t be unreasonable for them, for example, to require evidence you are an EU or UK citizen if you are claiming rights under GDPR.
They have up to 3 months to respond if actioning your request proves to be complex.
If you exercise any of your rights under data protection law, the organisation you’re dealing with must respond as quickly as possible. This must be no later than one calendar month, starting from the day they receive the request. If the organisation needs something from you to be able to deal with your request (eg ID documents), the time limit will begin once they have received this.
While some threads I decided to ignore, I’d agree with your comment from less than a month ago:
This forum is a gem.
It’s a bit much really to post your request on a Sunday and then carp about no response to it first thing on Monday. Those with the power to acquiesce to your demands could well be taking a a well-deserved weekend break. Discourse, the software used for these forums, has different privilege levels even amongst moderators and those staffing the weekend may not be sufficiently privileged to do it.
I have seen comments from this forum re-posted on other sites, and archived on others. IMO everything we post online will likely exist forever - somewhere.
Keep in mind that today (Monday) is a holiday in the US so have a bit of patience.
isn’t that a euro law? do Americans even need to acknowledge that?
In honor of a European
They do, if they wish to provide services to EEA citizens.
The GDPR also applies to data controllers and processors outside of the European Economic Area (EEA) if they are engaged in the “offering of goods or services” (regardless of whether a payment is required) to data subjects within the EEA, or are monitoring the behaviour of data subjects within the EEA (Article 3(2)). The regulation applies regardless of where the processing takes place. This has been interpreted as intentionally giving GDPR extraterritorial jurisdiction for non-EU establishments if they are doing business with people located in the EU.
that is unenforceable even if you can prove a no cost forum is a “service”.
It’s arguable whether that’s enforceable for a small community forum, yes, as it’s highly unlikely that the EU will go after the owners for whatever reason. But for corporates and other businesses that trade with the EU, that’s very much enforceable (and potentially very expensive if not complied with). The list of GDPR-like rules in other countries continues to grow as well (with California being the notable example within the US).
I have a 5k+ member forum and as a courtesy, I will delete any user account that is requested, but the content remains. It is just attributed to a psuedo account like Guest103. Requiring content removal is overreach and I would ignore any request to do so.
Content removal -and export- is a right under GDPR. I just cannot think of any European individual that could initiate legal action against a small forum owner --not me, specially for a non profit forum, but I’m pretty sure the US has trade agreements to enforce GDPR requests for big corps: there’s a reason why Facebook Threads hasn’t launched in Europe and it’s the understandable reluctancy to comply with Euro regulations.
Agreed. US companies that do business in the EU put themselves under the thumb of that pseudo government. We are speaking of this forum though and I doubt GDPR applies in anyway unless the mods want it to. So initiating a GDPR threat thread did nothing but create a Streisand Effect for the posts he is trying to remove. I never really noticed @anon72922636 posts before, but now I have read everything he has ever written…
@anon72922636 We’ve seen your request and we’re now figuring out how to comply.
If memory serves well, I am under the impression that we are talking about UK GDPR here, not EU GDPR, by the way. Which is only a semantic standpoint, as I would say it’s basically the same thing.
Siri even helpfully asked me if I might want to set my alarm later this morning, what with the holiday and all.
Purely technically, I think it would be a far more interesting question if it were an official Relay forum as Relay has principals on opposite sides of the pond.
The user’s request has been met.