On 05/17/2018 02:56 AM, Bernd Petrovitsch wrote:
FWIW and IMHO, I think we are in violent agreement here.

:-)

In the old-school life: the sender (because s/he said it on her/his free will) - I hope;-). But the person who overheard it may tell the story to a third person. And it's just/only hear-say - even if it's actually 100% correct (which it is almost never ever the case). And there starts actually the real "forgetting" or "doubts" ...

I agree that fan-out can be a problem. IMHO the root cause is the person that said it, the sender.

But in a "everything is written" world, that is massively different: In the old-school world, a "written proof" had a quite large value because it wasn't trivial to have such a thing. Nowadays - with almost every communication over the Internet - it's the normal, that there is a "written proof" aka recorded/logged/whatever.

That's an interesting point, but I'm not seeing who's at fault, the person who overheard what I said (the archive) or me for saying it in a non-secure manner (the sender)?

I'm not diving into differences of "how some judge may value some so- called proof" in some given (somewhat Western) country, but most people - even in Spring 2018 - don't realize, what's really going on and try to get back the world from the 1960s (or so;-) - well, "thinking before talking" was always a hard job;-)

True.

A court order may "force" you to not tell it to anyone but it can't make you forget it (or write it down and hide it somewhere safe).

Where force = order under some form of penalty, sure.

So in general: No. And that's exactly the problem with the "right to be forgotten".

:-)

Good ideas usually start to have problems when they are taken too far.

Of course. But only for (somewhat obvious) very good (including legal) reason like really hard law issues like - at least in .at and .de - Nazi stuff and/or (everywhere I hope) certain forms of pr0n.

Even with those issues, the court can only order you, under some penalty, to not do something. They still can't cause you to unsee or forget something.

At least I'm not aware of any such technology yet. (My ignorance of such technology does not preclude it from existing.)

But for some claims of "please remove my email address?"? If that email address can be found (via Google) on hundreds of sites, the removal of one instance doesn't change anything. Ooops, and a chicken-egg problem ....

I think it does.

IMHO it's the issue of multiple people doing the same wrong thing does not make the thing in question correct.

Case and point, is it wrong to ask someone specific to stop spamming me when considering that multiple other people could be spamming me?

Or, more along the lines of your example, saluting in a Nazi-esq manner? (I'm not saying I agree with anything there in, I'm just using it as an example.)

That question should be answered by some copyright/authors right lawyer.

Hum.

I would be interested in what their take is.

I suspect it's going to come down to misrepresentation. Either trying to falsely claim credit for someone else's work, or trying to attribute something to someone who didn't say it.

Short of significant persuation to the contrary, I'm going to continue to believe that admins / owners of system have the right to modify what was said in very specific cases when it comes to what enters / passes through / is stored on their systems. IMHO this MUST be done in a manner that makes it clear that this was done.

Yes, and everyone writes that in the mailinglists charta (including that all mails go into a public archive, are never edited, censored, deleted, etc.). Just from that point of view, everyone sending mails to the mailinglist has implicitly agreed to the rules including the publication in a Google-indexed archive.

I have some issues with that.

- Corporate policy, regional laws, technical capabilities, etc. can conflict.
 - Agreeing to a E.U.L.A. does not mean that you actually understand it.
   (I'm hearing where this is being starting to be challenged in courts.)
 - Index ability is independent of publicity.

BTW: I cannot do everything I want with it because I cannot choose to plain simply ignore modification requests from a court.

Hence regional laws above.

Everyone can claim a lot of things - the hard question is how to proove it;-)

Yep.

Any serious business won't send me any "newsletters" if I request that without any legal backing (if only that I continue to buy from it in the future and don't tell anyone that they ignore such simple things - and because it's "just the right thing to do"(TM)).

Sadly, I've seen legitimate businesses fail and do exactly that. Use contact details specifically for the contracted service inappropriately for marketing reasons.

Yup, but there are other companies or folks using selling addresses and other personal data (if only for "scientific purposes"[0]).

I feel like those companies should be required to collect the data from somewhere other than what was used explicitly for contracted business.

Much like how HIPAA affords us the restriction to say that the information can only be used for healthcare treatment, and the express process associated there in (billing, insurance, etc.).

This does not extend to marketing or sales as that's not expressly healthcare / treatment.

Selling and buying "sales leads" (which are actually contact addresses at best) or personal data (as covered by the spirit of the GDPR) as such should be forbidden that would solve more problems and is easier to enforce).

I'm going to disagree with you.

I've been around all sorts of people that won't give you their password if you ask them. But if you offer to give them an ice cream cone to buy their password, they will happily trade with you.

The point being, I think there is a valid business model to legitimate collect information under pretense that it will be provided (read: sold) to marketers.

As long as that's clearly indicated up front, and I'm compensated (for my eventual hassle), I might consider doing so. Especially if I have an easy way to tell the people that contact me in the future to bugger off. Who knows, I might actually find something useful in the noise.

ATM the companies are free to do (almost - also depending on the local jurisdiction) anything with personal data and the effort to handle misuse of it is shifted to the private person. It should be the other way around ....

Agreed.

I should be able to earmark that my contact information can ONLY be used for official business transactions and NOT for anything outside said explicit business transaction.

IMHO this should be something like a bit in the database that indicates if the info is available for other uses (read: marketing). Perhaps it should be express contractual uses, general business uses, business partner uses, and general.

No.

:-)

Yeah, that's an interesting issue (which happen to apply to the next club with normal member management): A member leaves (for whatever reason) and - to minimize the data - expects that all data about him/her is (really) deleted.

IMHO, expecting that it is deleted is asking too much in this day and age. Expecting to not be contacted again might be too much.

I think that depends on the terms of the separation. I.e. non-renewing a magazine subscription would likely be okay to offer renewal discounts in 3 / 6 / 9 / 12 / 18 months. Conversely, asking a former member who has been forcibly excommunicated (read: voted out by other members) for a donation during the next fund raiser is probably a bad idea.

But if the same person comes back two years later, doesn't the club (or company) have the right to know that that person was already a member (and in which years)? And if a member is expelled, the club surely wants' to remember that.

I think that the company has the right to know that information.

Note: Knowing that does not translate to using said information for anything outside of the express business relationship.

I seem to keep coming back to the express business relationship.

Of course, that completely invalidates any "request on forgetting" per se (and reduces it to "act like you don't know it").

I think the spirit of requesting to be forgotten really translates to requesting to not be contacted in the future. At least for most (but not all) situations.

A completely other approach (and solution;-) to "mailinglist archive and the GDPR": Is an automatically generated mailinglist archive in HTML actually subject to the GDPR? It's not that is really structured and/or organized like e.g. some SQL- database.

I think that any data collection / aggregation is likely going to be subject to GDPR, for better or worse, in some way.

I also feel like the structure of the data, or lack there of, is somewhat immaterial. Especially in this day and age where people are touting storing data in unstructured manner. Plus, extracting email addresses (and associated names) from a mail archive, HTML or not, is relatively easy. ;-)



--
Grant. . . .
unix || die

------------------------------------------------------
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Reply via email to