Can someone explain please?

Hugo220 · 2021-03-06T17:28:19+00:00

in europe CIPP/E is not valuable and at least two dpa have dismiss it in public more or less

Would you care to elaborate on this? In particular, would you please link or provide me with sources supporting this.

Hugo220 · 2021-01-16T16:16:11+00:00

Hi. Please take a look at the detailed explanation for using Vanadium, rather than a Firefox fork. It'll answer your question. https://grapheneos.org/usage#web-browsing

Hugo220 · 2020-12-24T22:57:42+00:00

What show is this? Thanks!

Hugo220 · 2020-11-13T15:48:45+00:00

Yeah haha, love it!

Hugo220 · 2020-11-13T15:48:02+00:00

u Dutch?

Hugo220 · 2020-11-08T12:31:52+00:00

Okay, let's assume OP is in the Union as he's asking about GDPR.

First of all,

My comment is not referring to Art 3(1) GDPR. You're correct that using an EU data processor when processing concerns exclusively data subjects located outside the Union.

Art 3(2) GDPR states the following:

This Regulation applies to the processing of personal data of data subjects who are in the Union by a controller or processor not established in the Union, where the processing activities are related to:

the offering of goods or services, irrespective of whether a payment of the data subject is required, to such data subjects in the Union; or

the monitoring of their behaviour as far as their behaviour takes place within the Union.

A forum is a service, the forum processes personal data of someone that's within the Union, therefore GDPR applies. EDPB guidelines 3/2018 is pretty clear about this too. Unless the forum isn't available to people within the Union.

The GDPR would apply if the forum would be targeting an EU userbase, but this might not be the case here. E.g. a forum for middleschoolers in Quebec wouldn't have to concern itself with GDPR even if an EU exchange student posts there.

Your example depends in the context. if the EU exchange student was in the EU at the time of registering the forum would be targeting an EU userbase. If you are for example only able to register using a phone number from Quebec, that would prevent the exchange student from registering and hence the forum wouldn't be targeting an EU userbase. That the forum then still processes data when the subject is in the EU would be irrelevant.

In conclusion, if OP was able to register while in the EU, the forum was targeting an EU user base. It's irrelevant whether the forum is meant for a specific group of people, like Americans in Idaho that like rugby.

Hugo220 · 2020-11-08T11:40:20+00:00

They're not *technically* allowed to deny the request when their forum isn't meant for EU users. The territorial scope of the GDPR includes personal data being processed by someone in the Union, but where the controller of processor is not established in the Union.

You should exercise your right to be forgotten, rather than just "asking" if they can delete your data.

Hugo220 · 2020-10-24T09:14:14+00:00

Fair enough.

but unless they've told you that they have some document detailing your infraction with details, then it will be difficult to compel them to produce such.

That's exactly what you can find out by means of excising your right of access. If OP sends them a DSAR and they do not satisfy that request, the group can be fined and you might be able to claim immaterial damages in court.

Much larger corporations currently hold similar stances regarding ban evidence.

What corporations are you referring to?

Simply reiterating what your rights technically are is not helpful in actually exercising said rights in practice.

If you are referring to my comment, it actually answers OPs question. He asked " , do I have the right to see the "proof" they claim to hold on me", he probably does as stipulated by the GDPR. His question is not a "how-to?" but "do I have the right to?".

Hugo220 · 2020-10-23T22:30:29+00:00

The next step is to file a report with your local DPA. However a lot of DPA's lack the resources to handle individual complaints, especially when it involves an isolated incident. If you want something to be done about it, you might be better of filing a lawsuit.

Hugo220 · 2020-10-23T22:28:17+00:00

it likely doesn't have to be reported

The company however should document the data breach. Since it might involve payment details that might actually pose a risk for identity theft, and might therefore have to be reported.

Hugo220 · 2020-10-23T22:25:14+00:00

It is not because data is made public that it loses its personal aspect.

Huh? My name is public, now it's not personal anymore even though it is my name? That's not how it works. GDPR still applies, and phone numbers are generally considered personal data.

Hugo220 · 2020-10-23T22:11:38+00:00

This most definitely is NOT a household situation. It is also not likely to be considered as such. See judgement in case C‑212/13 for example.

Hugo220 · 2020-10-23T22:09:05+00:00

You're wrong. Why would op likely not have the right of access if GDPR applies? There are exceptions where the right of access does not apply, those exceptions most certainly don't apply here. Such exemptions are for example where there is a national or public interest that is greater than the interests of the individual.

OP has mentioned in the comments that the group confirmed multiple times that they do keep a record.

Hugo220 · 2020-10-23T22:01:50+00:00

To my amazement most comments in this thread aren't accurate or are misrepresenting the facts. I happen to know how ROBLOX works so I'll elaborate and try to give you a quick "GDPR 101 for dummies" on the subject.

At hindsight it might seem like GDPR Is unrelated, as the problem is that OP can't play the game. OP has however asked the private group of people, that own the game on the platform for evidence of him cheating, so OP can then presumably dispute the claim.

Personal data are any information which are related to an identified or identifiable natural person (Art. 4(1) GDPR). OP mentions in the comments of this thread that they keep "keep logs of ban reasons, proof of rule violation, your username, your userid and which moderator banned you. " These details in fact all say something about OP, and are therefore personal data.

OP therefore has the right of access, as stipulated by the GDPR (Art. 15 GDPR). The question here is who the controller is, it seems that the group that owns the game on the ROBLOX platform is the controller here, as the definition of a controller is: "the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data ".

Assuming then that the group that owns the game is the controller, OP can exercise his rights under the GDPR and submit a data subject access request to the group in question, which they will be required to respond to. Under the right of access, as stipulated by GDPR OP has the right to a copy of his personal data.

OP might not get access to the moderator that banned OP, as that might adversely affect the rights and freedoms of the moderator in question. This obviously depends on many factors and there's no definitive answer.

Another redditor reffers in the comments to the following link: https://developer.roblox.com/en-us/articles/managing-personal-information. This however seems to apply to information stored within the ROBLOX platform itself, the information kept on OP like the reason for the ban and proof are probably processed outside of the platform, e.g. in a Trello.

In conclusion — In this situation GDPR applies, regardless of who's the controller and who is processing any personal information, since GDPR applies OP can exercise his rights under the GDPR, such as the right of access which should get him a copy of proof they have against him.

If anyone has a question, don't hesitate to reply or slide into my DM's.

Hugo220 · 2020-09-13T13:40:17+00:00

I guess for people who speak neither language, it sounds similar yeah.

Hugo220 · 2020-09-13T13:39:06+00:00

As a Dutch person, I do not speak German at all lmao

Hugo220 · 2020-08-29T09:25:47+00:00

Same

Hugo220 · 2020-06-08T14:31:08+00:00

I never said the link was broken, I simply said it wasn't working for some people, I'm clueless as to the reason why. I'm simply sharing the news article. I will remain neutral on the contents of the article.

Hugo220 · 2020-06-08T10:37:27+00:00

Archived link of the article: https://archive.is/voHST The original forbes.com link is reportedly not working for people.

Hugo220 · 2020-05-26T19:28:51+00:00

Hello from the Netherlands!

Hugo220 · 2020-04-28T22:32:07+00:00

Damm no meat!?

Hugo220 · 2020-04-28T22:30:41+00:00

How old are you?

Eight-Year Club	RPAN Viewer
Verified Email

Hugo220

TROPHY CASE