|
|
|
|
|
|
by manigandham
2282 days ago
|
|
|
There is no distinction between client vs server when it comes to the law. The same organization created and operates both and is liable as a data processor in both situations. This is again the difference between engineer vs policymaker. |
|
|
As far as I understand it, Microsoft has no responsibility for PIIs e-mails going through the Outlook e-mail client. Maybe the US is different, but at least in Europe, the GDPR is clear that software vendors have no responsibility in data being processed locally when it's deployed and run by others.
Oracle has no liability for the data stored in their database.
If you have no way of touching the data, your servers (self-managed or otherwise) aren't touching data in any form, you have no legal liabilities wrt data (apart from agreements of course).
Or am I missing something?