Remix.run Logo
BiteCode_dev 3 hours ago

The GDPR does not say that controllers must always delete personal data on request. Article 17(1)(a) — erasure is required only when:

"the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed"

https://gdpr-info.eu/art-17-gdpr

It's like the cookie banner all over again. This law never, ever required a cookie banner.

The big companies are master in malicious compliance that benefit them, and let them blame the EU for it.

Rules of thumbs, international billion dollars company should be assumed to be the ones being the bad guys until proven otherwise. They have lost the benefit of the doubt decades ago.

monocularvision 2 hours ago | parent | next [-]

If it’s malicious compliance and not required why does the EU Commission website have it?

https://commission.europa.eu

crote 3 hours ago | parent | prev [-]

In practice most of the purposes you'd encounter in the wild are directly linked to user activity, so account deletion means most of the reasons to keep it disappear.

You still need to keep it if there's a law saying that you need to have that data, of course, but that's the exception.