Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

The author of this post makes incorrect assumptions about GDPR and makes bold claims regarding his rights

  ...GDPR gives me the right to see the data a company holds about me. 
  That includes messages about me stored on their internal systems
No. It doesn't give you a right to messages about you.

The WP DPO is correct in their response. Its okay to be mistaken but the sense of entitlement here is a bit much.

(Not a lawyer, but I've implemented GDPR compliance frameworks and worked with the lawyers closely)



> No. It doesn't give you a right to messages about you.

In the context described (a private organisation holding messages which refer to you personally) this is unbelievably false.


GDPR Article 15 says that you (as data subject) have the right to obtain access to personal data being processed by the controller.

This can certainly apply to certain types of messages about you but is also limited to the personal data about you. In other words the controller can and usually even must redact the messages.

The usual GDPR limitation apply, especially the request can be denied if it is unfounded or excessive.

So, while in practice you most likely would not get anything useful out of such a request, I don't think the quote from the original article is as far fetched as you and sibling comments make it sound.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: