I appreciate the sentiment and spirit of GDPR. I certainly wouldn’t want everything I have posted on a social network to be shared wholesale with yet another company for who knows what purpose. On the other hand, it seems bizarre that I would meet someone, exchange contact information and then say “Oh, one last thing-- can you please sign this waiver acknowledging that I have permission to put this in my OneNote contacts notebook?” Have any services implemented this kind of thing? If you joined a new social network and wanted to include someone, is the only option to send them a link to the service, ask them to create an account and then find you in the app? Or is there a way for a service to reach out and request permission then scrub that data if the person doesn’t agree?
1 Like
Microsoft, Amazon and Google have tried to get around this by using “Standard Contractual Clauses”, instead of Privacy Shield, but they use the same invalid basis that the companies will not hand over the data to the US government, when asked - either with a US warrant, National Security Letter or under the CLOUD Act. Only a valid EU warrant would be valid.
For social networks, it is a different problem. They have to assume that you have permission to write about EU non-members and post photos of them. If you don’t have permission, they have to remove all copies of those photos or posts upon request. I’ve no idea how well that works.