On 29 May 2018, at 14:28, Sascha Luck [ml] <aawg@c4inet.net> wrote:
On Tue, May 29, 2018 at 02:00:22PM +0200, Simon Forster wrote:
Publishing that data was perfectly legal pre-GDPR. It _may_ be legal post GDPR. Until this is tested in court, definitives are just so much posturing. And the argument is likely to be more nuanced anyway. If I want to register a domain and am told up front, in clear unambiguous language that the details I provide will appear in a publicly queryable database as part of the contract, job done. I may not like it. I may decide that I don’t want to enter into the contract. And that’s rather the point. Informed consent.
I think you will find that combining access to a service with giving permission to have your data published is *explicitly* illegal under GDPR.
Would you be able to point to the section of the GDPR which states this? Admission: I have yet to make it to the end of the 88 pages of the act without falling asleep.
The first case regarding this has already been filed: https://www.irishtimes.com/business/technology/max-schrems-files-first-cases... <https://www.irishtimes.com/business/technology/max-schrems-files-first-cases-under-gdpr-against-facebook-and-google-1.3508177> I appreciate a motion has been filed. However, I’d surprised if the case purely revolved around this single point.
It is positive that some of this stuff is going to be tested in court sooner rather than later. Having said that, it may be <sarcasm> a day or two </sarcasm> before we get to see a final judgement with no further appeals. All the best Simon