|
|
|
|
|
|
by Silhouette
2448 days ago
|
|
|
If the data was uploaded deliberately through a system they operated, it is hard to see how they would be anything other than the data controller within the GDPR framework, unless maybe they actively tried to avoid collecting the personal data and it was supplied anyway. But it would be hard to argue that was the case if they were uploading data in ways the user of the computer in question probably wasn't even aware of. (As an aside, if they are sweeping data on such a broad scale without being transparent about it and the only authorisation for doing so is buried deep in some legal document, it would be interesting to consider whether they were not only potentially in breach of GDPR but also various criminal computer misuse laws.) |
|
|