[dhimes]

Brings up a question about the GDPR: do you have to delete any data on someone, or just data they entered? If they get the facial recognition working so they can recognize people in instagram photos and whatnot, then they'll be able to have data on you even if you're not a user. It's part of why I never liked people "tagging" me in photos.

[eksemplar]

There is another big problem with the GDPR for international companies. I mean, how do we know you comply?

I work in the public sector in Denmark mind you, we have quarterly audits and despite having had a law that was pretty much GDPR levelalready, we’ve passed all audits. I don’t think we should have, I won’t go into details on this, but how do you audit 300+ systems, some of which the central IT department doesn’t even know exist because some rogue manager bought them? I have no idea, and I have even less of an idea on how you’d audit the cloud.

[zjaffee]

GDPR doesn't actually require that you delete date about anyone, it requires that you be able to dereference a user from their data after a defined period of time when you specifically request that your data is deleted.

This can include you having to directly contact the company in a way that isn't clearly visible within the app itself.

[e12e]

You're responsible for the data you store and have access to that can be linked to an individual.

The GDPR is quite clear on this.

[rhizome]

do you have to delete any data on someone, or just data they entered?

A discussion of derivative data and models was sadly and sorely missing from Zuck's recent Congressional testimony.