FireWriteSoftware / Frontend

Frontend of Articly wiki/cms project
MIT License
3 stars 0 forks source link

Art. 15 GDPR "Right of access by the data subject" #6 #11

Closed linux-lukas closed 3 years ago

linux-lukas commented 3 years ago

Is your feature request related to a problem? Please describe. Not quite - more like legal security under the General Data Protection Regulation (GDPR).

Describe the solution you want. A tabular listing (parameters on the left, content on the right) of what information is stored by the service from you (email, etc.)

Describe the alternatives you have considered. Provide the Information as an archive.

Additional Context. The secure German email provider mailbox.org has implemented something like this, as described above. Hence the idea.

NinoKrb commented 3 years ago

What exactly kind of data do you mean by your suggestion. Is it only the direct account data or already ALL stored information about the user. Here also the created post, comments, etc. would be meant.

linux-lukas commented 3 years ago

What exactly kind of data do you mean by your suggestion. Is it only the direct account data or already ALL stored information about the user. Here also the created post, comments, etc. would be meant.

Paragraph 1 regulates which information is affected, letters a to h of Article 15.

(a) the purposes of the processing; (b) the categories of personal data concerned; (c) the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations; (d) where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period; (e) the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing; (f) the right to lodge a complaint with a supervisory authority; (g) where the personal data are not collected from the data subject, any available information as to their source; (h) the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

Paragraphs 3 and 4 of Article 15 would have to be observed in the implementation.

  1. The controller shall provide a copy of the personal data undergoing processing. For any further copies requested by the data subject, the controller may charge a reasonable fee based on administrative costs. Where the data subject makes the request by electronic means, and unless otherwise requested by the data subject, the information shall be provided in a commonly used electronic form.

  2. The right to obtain a copy referred to in paragraph 3 shall not adversely affect the rights and freedoms of others.

Source: https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32016R0679&from=EN

I hope that I have been able to answer your question sufficiently.

JanKrb commented 3 years ago

This shouldn't be a problem at all, all personal data can be shown, edited and some deleted in the profile. If you wan't further information like user's relation to posts (likes & dislikes) you should be able to ask them at the 'controller' - as you called it. This art. 15 only affects platforms based in Europe, that's why you should contact the 'controller'.