GDPR

Bob24

Blowfish wrote: »

Again, the ePrivacy directive does allow this. Here's the exact wording (bolding mine):

In other words, further marketing mails for similar stuff is explicitly allowed, with opt out. For the GDPR, this would be considered as processing under legitimate interest, hence not requiring explicit opt in consent.

Interesting, I was not aware of this.

I guess there is m a grey area around what “similar products and services” means though.

If I buy a TV from Amazon and they subsequently send me a marketting email to offer me a frying pan, does it match the definition?

robinph

Bob24 wrote: »

Interesting, I was not aware of this.

I guess there is m a grey area around what “similar products and services” means though.

If I buy a TV from Amazon and they subsequently send me a marketting email to offer me a frying pan, does it match the definition?

That would be OK as Amazon is a shop for everything primarily, and not a TV shop.

If you were to buy a TV from Currys and they then sent you email marketing for buying a holiday it wouldn't be a similar service though.

CruelCoin

40 personal, around 150+ professional.

I filled in the forms the first 3 times, then have been just auto-deleting.

I wonder how much the EU nanny state has wiped out in trade in this way?

Bob24

robinph wrote: »

That would be OK as Amazon is a shop for everything primarily, and not a TV shop.

If you were to buy a TV from Currys and they then sent you email marketing for buying a holiday it wouldn't be a similar service though.

Your Currys exempel is a clear cut yes. But I don’t know if it is that clear the other way for Amazon. Because of the fact that amazon offers a lot of products doesn’t mean that all the products they offer are “similar”.

There has to be a limit to what is considered “similar”, and that limit can’t be the simple fact that the product is being sold by the same company.

badtoro

Lots, they should do this once or twice a year. The amount of rubbish emails I've unsubscribed from is unreal. I know I could have done that any time, but this was a bit of an opportunity to just do it.

Just received an email for an inactive boards account. 6 years. I'm sure I'm receiving a couple others in unused emails.

Seems like boards is on the ball.

OldMrBrennan83

This post has been deleted.

Jimbob1977

I got a GDPR from Supermacs.

These companies must tear their hair out with the bureaucracy.

Beasty

You might want to check out the current thread in Feedback, particularly from this post (posted earlier this evening) on:

Boards.ie: Niamh wrote: »

To clarify a few questions asked since Sean's announcement yesterday:

Soft-deleted posts
Yes deleted posts will be included in the files a user receives on foot of a GDPR data access request

IPs on anonymous posts
There is an IP address associated with anon posts as with any other post on the site, this will not change. We don't hold/collect/ask for any other information on anonymous posters.

Quoted posts
We're still finalising what legally needs to be done with these and how we will accomplish it, so please bear with us on that particular question.

To clear this up, only Boards staff will process an official data request. If you ask a mod to delete a post it will be soft-deleted in the same way as before.

EdgeCase

robinph wrote: »

Its a pain in the arse because of all the confusion about what needs to be done and scaring lots of voluntary run clubs into doing things they don't need to do, like delete their membership lists or something equally daft. If you've joined a club of some sort and provided them with your contact details then there isn't any need to be getting opt-in/ opt-out messages now. The fact that you joined the club should be sufficient consent that the club then sends you emails about what they are doing.

They probably need to look at who has access to the membership lists and update privacy policies, but no need to be asking for consent for anything as the members are clients of the club and there is an ongoing need for the club to communicate with their members. Your opt out is to leave the club.

Yeah, I've seen that already at two clubs!
They deleted the membership database and in one case also shredded the entire physical database too.

ytpe2r5bxkn0c1

Hypothetical question. Could GDPR force the likes of Boards to delete all information on a banned user that sound make checking of re-regs by email address, ISP address etc. impossible?

Bob24

Simone Sparse Pinhole wrote: »

Hypothetical question. Could GDPR force the likes of Boards to delete all information on a banned user that sound make checking of re-regs by email address, ISP address etc. impossible?

They’ve already said they will delete if requested. What they apparently keeps is a hashed very of the email address for a period of time.

robinph

I've now had GDPR emails from government departments to my work email address asking for permission to keep emailing me about regular meetings to do with work.

All they have is an email address and my name, since when did my work email address become "personal" or the government need permission to know what my name is and that I exist? The GDPR is a complete mess when even government departments don't know what to do about it. They are either unnecessarily scared, or are just feeling left out that they haven't sent an email out about GDPR and want to join in the "fun".

Riskymove

robinph wrote: »

since when did my work email address become "personal"

actually it is personal information under GDPR

However, it is unlikely they need your permission to email you about work. They can rely on other aspects of GDPR to legitimately do this

robinph

Riskymove wrote: »

actually it is personal information under GDPR

How? The email and everything ever said via it belongs to my employer. (It happens I'm also the employer, but anyway)

However, it is unlikely they need your permission to email you about work. They can rely on other aspects of GDPR to legitimately do this

One of which is being a customer, and the email they sent begins "Dear Customers".

Bob24

robinph wrote: »

How? The email and everything ever said via it belongs to my employer. (It happens I'm also the employer, but anyway)

Regardless of who is hosting it and what the purpose is, if the email address is strictly assigned to you it is identifying you personally and falls under GDPR (a generic email address such as customerservice@company.com would theoritically not fall under GDPR, but in most cases it is probably easier for an organisation to handle all the email asdresses they collect in the same way).