| ▲ | BiteCode_dev 3 hours ago | |
Under the EU’s GDPR, any processing of personal data (name, contact, identifiers, etc.) generally requires a legal basis (e.g., consent, legitimate interest, contractual necessity), clear purpose, minimal data, and appropriate protection. Doing so without a lawful basis is unlawful. It is not a cookie banner law. The american seems to keep forgetting that it's about personal data, consent, and the ability to take it down. The sharing of said data is particularly restricted. And of course, this applies to black list, including for fraud. Regulators have enforced this in practice. For example in the Netherlands, the tax authority was fined for operating a “fraud blacklist” without a statutory basis, i.e., illegal processing under GDPR: https://www.autoriteitpersoonsgegevens.nl/en/current/tax-adm... The fact is many such lists exist without being punished. Your landlord list for example. That doesn't make it legal, just no shutdown yet. Because there is no legal basis for it, unless people have committed, again, an illegal act (such as destroying the pub property). Also it's quite difficult to have people accept to be on a black list. And once they are, they can ask for their data to be taken down, which you cannot refuse. | ||
| ▲ | jen20 2 hours ago | parent [-] | |
> The american seems to keep forgetting that it's about personal data, consent, and the ability to take it down. I am European, nice try though. It is very unclear that this example falls foul of GDPR. On this basis, Git _itself_ fails at that, and no reasonable court will find it to be the case. | ||