[tripzilch]

> But the OEM, Network don't approve / supply those updates, is Google at fault? (In this case its a non-Google phone running Android)

Great question. I have no idea, and with the GDPR having been looming on the horizon for two years now, is something that would be beneficial (and cost-effective) to spend money on getting quality legal advice.

To anyone who has seen the complaints about startups having to spend $20k on a lawyer to explain the GDPR to them, a small startup won't be facing complicated legal questions like these (and those who insist on doing so, have been given ample warning).

A friend of mine has an online business that involves offering/reselling/managing a client's domain registrations (as part of a package of specialised hosting services). Meaning he can't really get around sharing his clients' information with third parties (registrar, other domain shop, I'm not sure). 25th of May approaching. He reads up on the GDPR, makes some adjustments how or what data he stores (because earlier, you know, it was considered good practice to "store all the things" just-in-case), writes a 3-page license agreement (I suppose he took a boilerplate example and adjusted it to his needs), sends it to his clients to agree, and done. Less than a week's work.