[kenbaylor]

Not true unfortunately under the GDPR nor it's predecessor, if the notes are publicly available:

Bodil Lindquist v Åklagarkammaren (2003) Mrs. Lindquist (whose purposes were mostly charitable and religious) published on a private home page personal data about her colleagues, including telephone numbers and information about a coworker’s injured foot and medical leave. This case raised the question if a private home page accessible to only those who have the address is permitted under one of the exclusions (household activity). The European Court of Justice ruled that it is not.

[wyattpeak]

A "private home page accessible to only those who have the address" is a public page.

That's not a private note, and I'd be livid if somebody was posting my contact and medical details online. I see no problem with this ruling, nor do I see it as evidence contrary to the idea that one may keep private notes.

[PhillipRed]

That's what the user wrote: It's only a problem if the notes are public.

[wyattpeak]

In response to a comment about keeping notes, which any reasonable person would interpret as meaning private notes.

What got my goat, though, wasn't the mere, if silly, clarification that notes are only protected if they're private. It's the phrasing of the quote to suggest that somehow these notes should have been considered private because the publisher didn't intend on anyone reading them (despite publishing them such that they could).

[dreggie]

The quote is from an IAPP document, which quoted the courts wording. Source IAPP CIPP/E training manual, which I'm looking at right now.

[wyattpeak]

What court wording are you referencing? The judgment says "private home page which is none the less accessible to anyone who knows its address", a very different turn of phrase.

[dreggie]

Here you go: https://imgur.com/a/OGbjjQ0