Feedback

I know it's not a huge number but why has my Feedback dropped from 196 to 193 overnight?

Comments

  • 4 Comments sorted by Votes Date Added
  • I would take a guess that would happen if we delete a users account. This is something members increasingly ask for in light of things like GDPR.
  • Of course! Completely understandable.
    I am familiar with GDPR in my capacity as an employee representative but that scenario hadn't crossed my mind.
  • Is it not possible to simply anonymise an account rather than delete it, there's absolutely no way feedback left falls under GDPR.
  • edited February 2019 Vote Up0Vote Down
    @Hoddie.
    I believe it can. A user has the right to have their data deleted which is know as, the "right to be forgotten." A service provider doesn't have the right to deny that by any means.

    However, you are right that PROPERLY anonymised data is unlikely to fall foul of GDPR, but if there is any way to ID a user -even get close through a process of elimination and the acquirement of other inforamtion available elsewhere, then there is risk for the company holding/using that data.
    It's simply not worth it.
    There are many examples of how anonymous data can be used to indirectly identify some aspects of a person dependant on what credentials were used to create the account, such as a device identifier and location. Data used for financial gain is rarely completely anonymous. It would be of limited use if it was.

    There is a cost to pseudonymise data and it may simply be easier, cheaper and risk free to delete all the data.

    More detail:
    The principles of data protection should apply to any information concerning an identified or identifiable natural person. Personal data which have undergone pseudonymisation, which could be attributed to a natural person by the use of additional information should be considered to be information on an identifiable natural person. To determine whether a natural person is identifiable, account should be taken of all the means reasonably likely to be used, such as singling out, either by the controller or by another person to identify the natural person directly or indirectly.

    IMO, Until there are real court cases and certain aspects of GDPR are tested through legal processes, it's best to err on the side of caution.
Sign In or Register to comment.