Hacker News new | ask | show | jobs
by revelio 1175 days ago
They do notify you and explain it:

https://help.openai.com/en/articles/6613520-phone-verificati...

This is also covered under the "consent" lawful basis part of the GDPR.

The bug is not a problem. GDPR covers data leaks. If you're an EU company you have to inform your DPA within 72 hours, and the users affected. It's not illegal to have such breaches. OpenAI isn't an EU company so doesn't have a DPA, but it did notify everyone that the leak occurred anyway.
1 comments
br1brown 1175 days ago
yes ok, for the law though there had to be my assent communicated by active action because I could decide that I don't want it to be used for the purposes listed in that article and consequently not get the account

I still don't find the guarantor's request unimpeachable

link
revelio 1175 days ago
They say they do the verification for "security reasons", which is a lawful basis and accepted justification under GDPR (it helps them control abuse and make bans stickier). You assented to it when you signed up.
link