Lem said: > I question your assertion that "bounces for X sender doesn’t mean that it > shouldn’t be mailed for Y sender".
Indeed if, say, an address doesn't exist, it doesn't exist whether the sender is X or Y. Also, if the mail platform rejects mail from the sender's IPs or domains, it will probably do that for X and Y alike. According to people who know better than I do, and any M3 member (which would mean at least Laura and Lem) has had the chance to hear them out in person, maintaining a suppression list that is above the level of a single customer makes the ESP a _data controller_ in terms of the GDPR. When they're doing stuff for their customers only, individually (as in, data from customer X does not affect the proceedings for customer Y), they are a _data processor_ and that's where they want to be. Becoming a data controller entails needing a legitimate basis for processing the personal data of the customer's customers, with whom the ESP does not have any kind of a direct business relationship so it's really very hard to justify. You can probably pull the notes on "so, you want to be a data controller" from the past conference proceedings from the members area. -- Atro Tossavainen, Chairman of the Board Infinite Mho Oy, Helsinki, Finland tel. +358-44-5000 600, http://www.infinitemho.fi/ _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
