Hacker News new | ask | show | jobs
by br1brown 1175 days ago
it may have been resolved, but while making the account I - Italian - did not give consent to the dissemination of MY data, and that is not in accordance with the GDPR

now I am not saying that they have to stop making use of my data, but at least notify me how and where my of phone is being used?
1 comments
revelio 1175 days ago
They do notify you and explain it:

https://help.openai.com/en/articles/6613520-phone-verificati...

This is also covered under the "consent" lawful basis part of the GDPR.

The bug is not a problem. GDPR covers data leaks. If you're an EU company you have to inform your DPA within 72 hours, and the users affected. It's not illegal to have such breaches. OpenAI isn't an EU company so doesn't have a DPA, but it did notify everyone that the leak occurred anyway.

link
br1brown 1175 days ago
yes ok, for the law though there had to be my assent communicated by active action because I could decide that I don't want it to be used for the purposes listed in that article and consequently not get the account

I still don't find the guarantor's request unimpeachable

link
revelio 1175 days ago
They say they do the verification for "security reasons", which is a lawful basis and accepted justification under GDPR (it helps them control abuse and make bans stickier). You assented to it when you signed up.
link