[_o_]

May I ask what is not clear to you? I can try to help. As I can see it, it very simple, it is same thing as with borrowing someones car:

- personal data (car) are any data that have potential identifying a person

- person owns its data (car). You cant buy them (well this part is different than the car), you cant steal them, you cant sell them, but you can borrow them from. But for that you need to ask (consent), where it is not allowed to trick the owner to give them to you, whithout beeing fully aware what was borrowed and why. And if you are borrowing the data for someone else, you need to ask about that too. And tell when you will return it.

- it is immature and unfair to play grumpy if someone doesn't want to allow to use its data. Or try to force/blackmail them from him. So its not allowed to do that (noyb.eu)

- once you borrow the data (like property, envision a car), behave acordingly, owner can demand them back, demand to see them, demand to know what you are doing with them and if stolen it is completely normal to tell them about that. And if they were stolen due to your fault (leaving keys in a car), they might demand to be compensated. Same goes if you misuse them (let me put some fertiliziers on back seat, forget to return them, giving it to all your friends without asking,...)

- if the data owner asks you to do something that requires his data ("hey, can you please take my car and bring me icecream from the store") you don't need to ask for data, it is expected you can have them.

Did I forget something? I consider it simple, as long as you try to stay genuinly respecting to other persons ownership. Just think about borrowing your car or borrowing car from your best friend and you wont go far wrong.

[mirko22]

things as opposed to knowledge are fundamentally different things.

if yoi tell me your birthday how can i forget it?

if you borrow me a car i have something i can return...

[wlll]

> if yoi tell me your birthday how can i forget it?

That's not really relevant. GDPR doesn't ask people to forget things out of their minds.

So let's rephrase to a more relevant example:

> if yoi provide me your birthday on a web form and I put it in a database how can i forget it?

This now becomes relevant, and easy do answer. You delete it.

[coldtea]

>if yoi tell me your birthday how can i forget it?

Ask any husband.

Joking aside, if the memory is on a computer system, as opposed to a person, you can, you know, just delete it.

[erichocean]

Out of curiosity, could I legitimately ask Google, GitHub, etc. under the GDPR to delete my name in the AUTHORS file of the git commit it was added in when I contributed to Chrome's v8 engine 10 years ago? Would they have to comply if I did?

Obviously, removing the commit would break git's ability to sign any hashes for that repository after that point…

And thinking it through a bit more, what about the companies that use v8? Could I ask my regulator to get Joyent to remove it from their systems? I'm sure they have copies…

[brohee]

You could ask, but them not complying fall neatly in the legitimate need case...

[fiter]

Ah, this is so interesting! It seems like you're allowed or not allowed to keep data based on the data structure that you use to store it!

[Dylan16807]

Data structure has nothing to do with it. If you stored social media users as fake AUTHORS lines in a git repo, that still wouldn't make you allowed to keep it. In the inverse situation, storing git authorship in the comments table of your photo site's database, you would be allowed to keep it for legal uses.

[coldtea]

When, it's about being able to judge things on their specific merits -- as opposed to having some blanket one size fits all rule.

Law has nuance and cases (and corner cases), it's not some strict predicate.

[geocar]

No. They're required to know who the authors are for legal reasons.