Forget all the stuff out there that says the GDPR protects EU citizens. This is a question of jurisdiction and enforcement. Say I run a blog under a business registered in the US funded by advertisers in the US. A EU citizen that comments on posts issues a GDPR request that I ignore. Their government fines me. I tell them to get bent, I am out of their jurisdiction. What can they do at that point?

    • FlowVoid@kbin.social
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      True, but it’s important to note that personal data means identifiers such as name, date of birth, location, etc. Comments on a blog, by themselves, are not personal data.

      • Arakwar@kbin.social
        link
        fedilink
        arrow-up
        1
        ·
        1 year ago

        If the comment keeps your IP address, and/or your email, or a nickname, it can be considered personal data.

        The “simple” rule is : does that info, once used with other data, can allow someone to figure out who you are ? If so, then it’s personal. From there, always validate with a lawyer who is actually properly trained on the GDPR to review your decision.

        • FlowVoid@kbin.social
          link
          fedilink
          arrow-up
          1
          ·
          edit-2
          1 year ago

          I agree about logging IP addresses or emails.

          But I am not so sure that usernames or nicknames are necessarily identifiers. For example, if someone posts as “IamtherealTomHanks”, you can’t actually identify who they are.