[beyondkaoru]

> Oh, well in that case this is explicitly handled in recital 18. https://gdpr-info.eu/recitals/no-18/

I disagree. One's GMail contacts is a clear (ha) example of a fuzzy scenario that I think is ... questionably handled by the language at the link you reference. It's difficult especially because it's a weird hybrid of a very personal or household activity that runs inside a commercial activity.

From the text:

> 1 This Regulation does not apply to the processing of personal data by a natural person in the course of a purely personal or household activity

Ok!

> and thus with no connection to a professional or commercial activity.

...wait, GMail is clearly a professional or commercial product. An online addressbook in GMail... does that count as having a "connection" or not? My purpose of the addresses is personal. But it's clearly connected (at least by tcp, haha) to a commercial activity.

> 2 Personal or household activities could include correspondence and the holding of addresses, or social networking and online activity undertaken within the context of such activities.

Ok ... wait, social networking clearly involves commercial entities (e.g. twitter). So my personal actions for personal non-business uses of twitter are not regulated. Fine. But twitter itself is?

> 3 However, this Regulation applies to controllers or processors which provide the means for processing personal data for such personal or household activities.

Ok so the regulation applies to the controllers/processors (e.g. GMail, twitter).

So: the regulation does not "apply" to me for my personal use, but my (personally defined for personal use) GMail contacts could get deleted by the other person?

I am definitely not a lawyer, but this does seem at least somewhat contradictory, or at least would benefit greatly from a few more clarifying sentences.

Comparison to complex documentation is not apt to your pro-condescension argument. Complex and vague can be very different.

Documentation can be complex, but if it's rigorous and not vague, I am totally fine with that. Software can be very complex. When it is complex, I would hope the documentation has sufficient detail to cover their intricacies. I'm glad that the postgres documentation is huge and complex -- it has to be.

I do however complain pretty often about vague documentation haha. I feel like it's pretty common for people to complain about an under-documented quirk shooting them in the foot (e.g. mongodb and durability back in the day).

One last thing: If your interpretation is right (and it seems plausible, maybe even likely), then I really need to locally archive my emails and contacts more often haha.

[XCabbage]

I think your interpretation is correct. In particular, I think that your first two quotes from the text are saying that the "personal or household" user themselves has no obligations under the GDPR. It's coherent to include social networking in here; without that clause, a child writing on Facebook about how another child smells bad would presumably themselves be a data controller and subject to an erasure request, whereas with the clause, Facebook can be compelled by a regulator to remove the post but the child who posted it cannot.

Or at least that's my interpretation. Like you, I remain uncertain and troubled.

[Sir_Substance]

>One last thing: If your interpretation is right (and it seems plausible, maybe even likely), then I really need to locally archive my emails and contacts more often haha.

I mean, yeah, you probably should if you care about it. Most office exchange servers are configured to allow some users to "unsend" emails. Outlook dutifully deletes the email from my co-workers inboxes, but my thunderbird client simply tells me that someone sent a recall request and lets me choose what to do with it.