[Achilles099]

What was the point of redacting the name of the operator in Annex A "for privacy" and then linking to a blog post that clearly states the author's name saying "the same operator made this blog post while we were talking"?

[maxidorius]

Because our document could be collected and processed illegally under GDPR. That the operator makes the conscious choice to have their name listed on their own organisation's website they are from is their own choice. Their organisation is processing their data, not us. They have the right to object to that, and the right to erasure of their personal data if having their name is listed.

They were not given the choice to be part of our publication and therefore, we have no lawful basis to use their name since 1) they did not give us consent and 2) they would not have understood (we didn't say) nor expect (it was a private chat) that we will use their personal data - making Legitimate Interest not possible.

The only way we could be GDPR compliant for being Accountable and not break a lawful basis was to not use their name but the name of their role under their obligations towards us, and linking to the blog post instead (Accountability of what we claim).

[Achilles099]

Still doesn't seem necessary to point out that it was the same person writing the blog post, could have just said New Vector released this blog post around the same time. Just seems underhanded, but that isn't much surprise coming from someone with a clear vendetta against NV because you want people to switch to Grid. These papers are nothing more than marketing documents for your fork.

[maxidorius]

I guess then New Vector is actually our best sponsor: they always give us those very important things to write about, like a personal data breach that has a federation-wide scope.

They certainly are generous! I'll ask them to renew our contract!