this post was submitted on 08 Jul 2023
4 points (100.0% liked)
Cybersecurity
23 readers
1 users here now
An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!
Rules
Community Rules
- Be kind
- Limit promotional activities
- Non-cybersecurity posts should be redirected to other communities within infosec.pub.
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
There is no GDPR provision for collecting publicly available information that is personal w.r.t. individuals. You can only collect public info if it cannot be tied to an individual. For example, if a car is illegally parked and you photograph it and post it online, you must blur the license plate. It doesn’t matter that the image was in the public.
But again, this whole subthread is a #redHerring because the article is for those who actually intend to keep their sensitive info out of public view, not the others for whome the topic is irrelevant.
Call it a red herring if you like, I'm just curious to see your rationale for claiming that others can't legally collect the information that I've willingly broadcasted to all and sundry. I can't say that I understand the rationale yet. I agree with your last example that I would need to obscure the license plate if I published a picture of your car on a public street, but the example doesn't seem to cover the actual case. A better example might be that you were shouting your license plate number out to a crowded street. Would I then be prevented from writing down (collecting) the number that you were shouting?
How would you comply with article 13? Would you walk over to me and give me your contact details as required by ¶1(a), the purpose of your collection ¶1(c), the length of time you will keep the data ¶2.(a), and also informing me of my right to erasure ¶2(c)?
What if I shouted my plate number from a moving car & you were only able to write it down before I was gone? How are you going to comply with article 13? Are you going to get in a faster car & chase me down to shout back all that information about you as a data controller?
Also, which article 6¶1 rationale do you think makes your collection lawful?
Google & Apple may or may not have the contact details of those whose WiFi data they collect but I certainly have never received an article 13 compliant notice from Google or Apple (neither of whom I have contracts with).