Sign in to follow this  
SayNoToRedShell

About EU law.

Recommended Posts

If this person is from the EU, you are required by law to delete the account, not just "restrict it from posting".

Reading the above makes me believe that you offer zero functionality for deleting accounts. If that is true, this is another violation KSP/Squad/TTI is committing against the GDPR, regardless of this specific case. You must provide erasure for EU citizens, and should probably in good faith offer it to all users.

I really suggest you guys get your act together, and allow users to delete their accounts among fixing other GDPR violation issues you seem to blatantly ignore.

Article 17

Quote

The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:

A forum account is considered personal data because of two factors:

  • Anything with a unique identifier ("handle") is considered PII
  • The account is linked to an e-mail address, which is PII
  • In this specific case, the user has also identified that he has attached his name and city of residence to the email/account, thusly becoming PII even if the above two reasons were not enough.

It is applicable under the following grounds:

Quote

(b) the data subject withdraws consent on which the processing is based according to point (a) of Article 6(1), or point (a) of Article 9(2), and where there is no other legal ground for the processing;

(c) the data subject objects to the processing pursuant to Article 21(1) and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2);

None of the exemptions apply in this case.

  • The data subject has removed their consent, revoking 1(a) as a defense to continue processing
  • Users do not require a forum account to play KSP, and is not a contractual obligation thereby revoking 1(b) exemption
  • 1(c) is revoked, due to the same reasons as 1(b)
  • 1(d) is revoked as there is no vital interests being protected by maintaining the account
  • 1(e) is revoked as Squad/TTI are not providing services for public interest or official authority
  • 1(f) is revoked as the interests, rights and freedoms of the data subject outweigh the interests pursued by you, as has been explained

Further readings:

Quote

For the purposes of this Regulation:

  1. ‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

I recommend you guys and gals take a quick browse through the GDPR, get aquainted with it, maybe pass it along to your legal team? Hammers are going to begin dropping, best get in front of this before its a PR mess combined with a hefty fine.

 

Cheers,

Your friend - SayNoToRedShell

Share this post


Link to post
Share on other sites

@SayNoToRedShell, your post has been split from someone else's thread. The situation has been discussed at length by a lot of us uninformed laymen, but the fact of the matter is that it's going to be in the hands of legal specialists to determine what this forum's policy about this sort of thing will end up being. In the meantime, please do not spread this repetitive discussion to additional threads, as there are already two of them devoted to EULA and GDPR

  • Like 3

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this