Law Stack Exchange
Law Stack Exchange

Questions tagged [data-protection]

For questions about the legal obligations of protecting data (personal or otherwise) and the consequences of failing to do so.

335 questions
35
votes
2 answers

How to store refusal of cookie consent

If a user refuses cookies on a website, then how can that website store that refusal? As far as I can tell, the GDPR requires you to store both consent to and refusal of personal data storage. But it seems to me that there is a catch 22 here: they…
Jackson Holiday Wheeler
  • 475
  • 4
  • 6
33
votes
4 answers

Does a private citizen in the US have the right to make a "Contact the Police" poster?

Imagine the following hypothetical situation. Assume the location is in the United States. Mary had a credit card stolen by a suspect. The suspect used the credit card at a store. The manager of the store, Adam, saved video surveillance of the…
ninja star
  • 455
  • 1
  • 4
  • 6
30
votes
2 answers

How can the UK government fine itself?

In this news story the UK government has been fined £500,000 but who is doing the fining? Is the government fining itself?
sno
  • 591
  • 1
  • 6
  • 13
30
votes
4 answers

ISP is not hashing the password I log in with online. Should I take any action?

I just phoned the customer support number for my ISP for the first time and was surprised to be asked the fourth and fifth characters of my password, specifically the one I used to log into my account on their website, not a special password for use…
fluidj
  • 419
  • 4
  • 6
22
votes
2 answers

If a request for personal data is made under the GDPR rights but the requestor refuses to give ID for verification what should the company do?

A request for personal data to be deleted is made under the GDPR rights but the requestor refuses to give ID for verification and only provides an email address.
Kin
  • 231
  • 2
  • 3
16
votes
2 answers

Is there any merit in the argument "this data processing is required for my business model so it is strictly necessary in terms of data protection"?

The company BlockAdblock has an argument that their anti-adblock script is compliant with EU data protection law. It is quite long and has many somewhat unrelated aspects, and I certainly do not want to get into the specifics of the case. There is…
User65535
  • 10,342
  • 5
  • 40
  • 88
16
votes
4 answers

Under GDPR, can I give permission once to allow everyone to store and process my data?

If I own the data, can I declare, as part of my personal freedom, that I basically agree that my specific data can be stored and processed anywhere by anybody, without asking myself every time?
J. Doe
  • 447
  • 3
  • 11
16
votes
3 answers

Facebook vs GDPR - Private Messages I sent to others will never be deleted/erased from Facebook servers

I asked this question to Facebook: I would like to know how can I permanently delete private messages from both sides of the conversation. For example, conversations I had in the past with other Facebook users that I don't want them to be …
Nuno
  • 1,043
  • 2
  • 8
  • 14
14
votes
5 answers

Can service providers like Google and Facebook deny service to users who don't accept their privacy policy?

Service providers like Google and Facebook are pretty much part of people's lives. Like how the law has provisions for 'well known brands' (eg. generic trademarks and common carriers), does the law have provisions for 'well known service providers'…
user1034912
  • 1,529
  • 1
  • 14
  • 20
14
votes
2 answers

Does revealing the owner of an anonymous forum account breach GDPR (or other) laws?

This whole thing is to do with using an IP address to identify an anonymous forum account and then sharing details of the ownership of this account with another member. I will explain the best I can: I'm a creative professional and frequent a forum…
Michael Morgan
  • 151
  • 1
  • 6
12
votes
2 answers

To comply to GDPR, are social networks required to have a button to "Export your Data"?

Major social web services (such as Facebook, Instagram, Twitter, Microsoft and Google) have a page where you can click a button to export your data - posts, account data, login information, meta data, images, etc... Most other companies (such as…
Nuno
  • 1,043
  • 2
  • 8
  • 14
12
votes
3 answers

Using AI assistants in virtual meetings

As of Friday I became aware of otter.ai as it was used in one of my online interviews. I'm not seeking legal advice about the situation but it has certainly raised some big questions for me on the legal implications of using AI tools in this way in…
roganjosh
  • 417
  • 4
  • 12
12
votes
2 answers

Is marking an advertisement/tracker cookie strictly necessary legal?

Suppose Bob has a website that is really popular. Bob has promised users that he will never sell user data, but he never said that he wouldn't put a third party tracker in his website, and he also never said that these third party trackers wouldn't…
pi squared
  • 359
  • 3
  • 7
11
votes
2 answers

Is hash of a username still personal data?

I create a script, which asks a user who upload a GIF to a social media website, if it can reupload it to another website (to reduce other users' internet usage). Now I want to give users an option to save their consent for a longer time, so they…
lnl
  • 213
  • 2
  • 6
11
votes
2 answers

GDPR. Where to store users consent?

A pretty straightforward question, I think. When it comes to holding records that users consent has been provided, I can only imagine I would use some sort of php code to store data/records into .txt document? However, I kinda doubt this could be…
Oful
  • 133
  • 1
  • 6
1
2 3
22 23