info
Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Genealogy and GDPR
18 views
Skip to first unread message
Ian Goddard
Aug 15, 2017, 5:50:38 AM8/15/17
to
Has anyone looked at the implications of the GDPR's "right to be
forgotten" on genealogical sites such as GDPR?
Ian
--
Hotmail is my spam bin. Real address is ianng
at austonley org uk
forgotten" on genealogical sites such as GDPR?
Ian
--
Hotmail is my spam bin. Real address is ianng
at austonley org uk
Richard Carruthers
Aug 15, 2017, 4:40:21 PM8/15/17
to gen...@rootsweb.com
It would be a total nonsense if it didn't refer only to living people.
> -------------------------------
> To unsubscribe from the list, please send an email to
> GENCMP-...@rootsweb.com with the word 'unsubscribe' without the quotes
> in the subject and the body of the message
>
> To unsubscribe from the list, please send an email to
> GENCMP-...@rootsweb.com with the word 'unsubscribe' without the quotes
> in the subject and the body of the message
>
Steve Hayes
Aug 15, 2017, 10:00:40 PM8/15/17
to
On Tue, 15 Aug 2017 10:50:35 +0100, Ian Goddard
<godd...@hotmail.co.uk> wrote:
>Has anyone looked at the implications of the GDPR's "right to be
>forgotten" on genealogical sites such as GDPR?
What is the GDPR?
<godd...@hotmail.co.uk> wrote:
>Has anyone looked at the implications of the GDPR's "right to be
>forgotten" on genealogical sites such as GDPR?
--
Steve Hayes
Web: http://hayesgreene.wordpress.com/
http://hayesgreene.blogspot.com
http://groups.yahoo.com/group/afgen/
Charles Ellson
Aug 15, 2017, 11:40:11 PM8/15/17
to
On Wed, 16 Aug 2017 04:04:59 +0200, Steve Hayes
<haye...@telkomsa.net> wrote:
>On Tue, 15 Aug 2017 10:50:35 +0100, Ian Goddard
><godd...@hotmail.co.uk> wrote:
>
>>Has anyone looked at the implications of the GDPR's "right to be
>>forgotten" on genealogical sites such as GDPR?
>
>What is the GDPR?
>
General Data Protection Regulation (Google is your friend):-
<haye...@telkomsa.net> wrote:
>On Tue, 15 Aug 2017 10:50:35 +0100, Ian Goddard
><godd...@hotmail.co.uk> wrote:
>
>>Has anyone looked at the implications of the GDPR's "right to be
>>forgotten" on genealogical sites such as GDPR?
>
>What is the GDPR?
>
https://ico.org.uk/for-organisations/data-protection-reform/overview-of-the-gdpr/
"The GDPR will apply in the UK from 25 May 2018. The government has
confirmed that the UK’s decision to leave the EU will not affect the
commencement of the GDPR."
---
This email has been checked for viruses by AVG.
http://www.avg.com
Ian Goddard
Aug 16, 2017, 5:17:54 AM8/16/17
to
On 15/08/17 21:40, Richard Carruthers wrote:
> It would be a total nonsense if it didn't refer only to living people.
>
Birth and marriage records of living people are on such sites. If
> It would be a total nonsense if it didn't refer only to living people.
>
someone were to be removed under GDPR whilst still alive they would (a)
not be readily connected by contemporaries out of touch but trying to
research their wider family and (b) remain removed once no longer living
to the disadvantage of future researchers.
More significantly, if the managers of the sites aren't aware of the
situation they may not have reviewed the legal position nor have
processes in place to respond. This could expose them to significant
fines which could have implications for the whole user community.
The underlying registration records are statutory. Presumably they
don't fall under the proposed legislation giving effect to GDPR:
https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/635900/2017-08-07_DP_Bill_-_Statement_of_Intent.pdf
But what is the status of the indices, both those officially published
by GRO and the online databases such as FreeBMD derived from them? And
do they actually contain Personally Identifiable Information within the
meaning of the regulation or the Act intended to give it effect in the
UK or are they too minimal?
cecilia
Aug 16, 2017, 3:43:25 PM8/16/17
to
>Has anyone looked at the implications of the GDPR's "right to be
>forgotten" on genealogical sites such as GDPR?
I thought Data Protection only applied to the living.
>forgotten" on genealogical sites such as GDPR?
Roger Mills
Aug 16, 2017, 3:48:45 PM8/16/17
to
personal information, does it get reinstated when they die. I doubt it!
--
Cheers,
Roger
____________
Please reply to Newsgroup. Whilst email address is valid, it is seldom
checked.
J. Hugh Sullivan
Aug 16, 2017, 5:06:49 PM8/16/17
to
On Wed, 16 Aug 2017 20:49:34 +0100, Roger Mills <watt....@gmail.com>
wrote:
>On 16/08/2017 20:43, cecilia wrote:
>> On Tue, 15 Aug 2017 10:50:35 +0100, Ian Goddard
>> <godd...@hotmail.co.uk> wrote:
>>
>>> Has anyone looked at the implications of the GDPR's "right to be
>>> forgotten" on genealogical sites such as GDPR?
>>
>>
>> I thought Data Protection only applied to the living.
>
>Probably correct. But if a living person requests the removal of
>personal information, does it get reinstated when they die. I doubt it!
>--
>Cheers,
>Roger
One way to get the correct info is to tell a female, probably in her
early 40s, you have her in genealogy as age 53. I can guarantee that
it works.
Hugh
wrote:
>On 16/08/2017 20:43, cecilia wrote:
>> On Tue, 15 Aug 2017 10:50:35 +0100, Ian Goddard
>> <godd...@hotmail.co.uk> wrote:
>>
>>> Has anyone looked at the implications of the GDPR's "right to be
>>> forgotten" on genealogical sites such as GDPR?
>>
>>
>> I thought Data Protection only applied to the living.
>
>Probably correct. But if a living person requests the removal of
>personal information, does it get reinstated when they die. I doubt it!
>--
>Cheers,
>Roger
early 40s, you have her in genealogy as age 53. I can guarantee that
it works.
Hugh
Charlie Hoffpauir
Aug 16, 2017, 7:59:57 PM8/16/17
to
On Wed, 16 Aug 2017 21:06:45 GMT, Ea...@bellsouth.net (J. Hugh
Sullivan) wrote:
>One way to get the correct info is to tell a female, probably in her
>early 40s, you have her in genealogy as age 53. I can guarantee that
>it works.
LOL!
Sullivan) wrote:
>One way to get the correct info is to tell a female, probably in her
>early 40s, you have her in genealogy as age 53. I can guarantee that
>it works.
Surely the PC Police are going to get you!
Steve Hayes
Aug 16, 2017, 10:12:20 PM8/16/17
to
On Wed, 16 Aug 2017 04:40:13 +0100, Charles Ellson <ce1...@yahoo.ca>
wrote:
>On Wed, 16 Aug 2017 04:04:59 +0200, Steve Hayes
><haye...@telkomsa.net> wrote:
>
>>On Tue, 15 Aug 2017 10:50:35 +0100, Ian Goddard
>><godd...@hotmail.co.uk> wrote:
>>
>>>Has anyone looked at the implications of the GDPR's "right to be
>>>forgotten" on genealogical sites such as GDPR?
>>
>>What is the GDPR?
>>
>General Data Protection Regulation
Thank you.
(Google is your friend):-
In online discussions it is common courtesy to explain abbreviations
and acronyms for those who may not be familiar with them.
Expecting people to Google them is just rude.
--
Steve Hayes
http://www.khanya.org.za/stevesig.htm
http://khanya.wordpress.com
wrote:
>On Wed, 16 Aug 2017 04:04:59 +0200, Steve Hayes
><haye...@telkomsa.net> wrote:
>
>>On Tue, 15 Aug 2017 10:50:35 +0100, Ian Goddard
>><godd...@hotmail.co.uk> wrote:
>>
>>>Has anyone looked at the implications of the GDPR's "right to be
>>>forgotten" on genealogical sites such as GDPR?
>>
>>What is the GDPR?
>>
>General Data Protection Regulation
(Google is your friend):-
and acronyms for those who may not be familiar with them.
Expecting people to Google them is just rude.
--
Steve Hayes
http://www.khanya.org.za/stevesig.htm
http://khanya.wordpress.com
Ian Goddard
Aug 17, 2017, 5:37:44 AM8/17/17
to
On 16/08/17 20:48, BobC wrote:
> In article <evigtv...@mid.individual.net>, godd...@hotmail.co.uk
> says...
> This extract from the ICO (https://ico.org.uk/for-organisations/data-
> protection-reform/overview-of-the-gdpr/individuals-rights/the-right-to-
> erasure/) on the "right of erasure" may help :
> ==============
> When can I refuse to comply with a request for erasure?
>
> You can refuse to comply with a request for erasure where the personal
> data is processed for the following reasons:
>
> <snip>
> archiving purposes in the public interest, scientific research
> historical research or statistical purposes; or
> <snip>
> ==============
> Clearly this is just a single reference in what are complex regulations
> but does seem to indicate there should be little impact on most things
> we are interested in.
>
> Of course if companies adopt the "'elf & safety" approach and stop doing
> anything in case there is a lawsuit then maybe things will change.
>
Thanks, Bob. Hopefully the various site administrations will have taken
advice based on this in advance of receiving any requests, otherwise a
panic response could result in deletions and raise endless problems for
later researchers.
> In article <evigtv...@mid.individual.net>, godd...@hotmail.co.uk
> says...
> protection-reform/overview-of-the-gdpr/individuals-rights/the-right-to-
> erasure/) on the "right of erasure" may help :
> ==============
> When can I refuse to comply with a request for erasure?
>
> You can refuse to comply with a request for erasure where the personal
> data is processed for the following reasons:
>
> <snip>
> archiving purposes in the public interest, scientific research
> historical research or statistical purposes; or
> <snip>
> ==============
> Clearly this is just a single reference in what are complex regulations
> but does seem to indicate there should be little impact on most things
> we are interested in.
>
> Of course if companies adopt the "'elf & safety" approach and stop doing
> anything in case there is a lawsuit then maybe things will change.
>
Thanks, Bob. Hopefully the various site administrations will have taken
advice based on this in advance of receiving any requests, otherwise a
panic response could result in deletions and raise endless problems for
later researchers.
J. Hugh Sullivan
Aug 17, 2017, 7:14:33 AM8/17/17
to
Ian Goddard
Aug 26, 2017, 1:00:21 PM8/26/17
to
This was sent to me off-group. Take it as a post from Kim:
Good morning Ian
I saw your comment on the GENBRIT message board. I couldn't reply via
the board because I'm not a subscriber to the mailing list as I find it
easier just to check the archive every week, but as a business
consultant with a GDPR accreditation (a bit like a Brownie badge, but
there you are...) this is my two penn'orth. Please feel free to ignore,
but if you want to quote from it in a post that's fine.
The short answer to the actual question is yes, a living person will
have the right to have their posts on a message service deleted. Sadly
we will not only be able to have the silly ones deleted - the right
conferred is to have 'all' data deleted (drat!). There is an exemption
if the removal would be impossible, and I suppose Ancestry could argue
that because of the 'threaded' nature of messages, and the fact that
people don't always reply to the thread but start a new one, it is
impossible. It will be interesting to see how that pans out. Under the
right of erasure the data controller (Ancestry) also has to notify any
other person or organisation who 'processes' the data. However, GDPR
doesn't apply to individuals using data for domestic purposes (eg
hobbies) so there's no need for Ancestry to ask other private users to
delete anything.
GDPR only confers rights on living people. Somebody asked whether that
meant data could be reinstated by the controller after the person has
died. Yes, it could, but I doubt if anyone would bother unless it was
something really juicy. The controller would have to assure themselves
that whatever was reinstated did not contain data on any other living
person.
Ancestry are, of course, headquartered in the US. They have not (yet?)
signed up to the EU-US Privacy Shield, which is the leading mechanism
for transferring data between the EU and the US. It's up to individual
corporations in the US to register if they want to, and many large
corporation have. However, I do understand why Ancestry haven't done
this yet because they will not be absolutely sure what they are signing
up to - the GDPR allows member countries to add to/modify some of the
details of the rules in a limited way, and the handling of sensitive
data is one of those areas. The UK government has issued a 'Statement of
intent' but the text of the UK bill will not be out for another couple
of weeks.
'For our customers in Europe, we are adhering to the requirements set
forth in the EU’s Data Protection Directive 95/46/EC on the onward
transfer of personal information from Europe. One of the mechanisms for
onward transfer, the Safe Harbor framework between the EU and the United
States was invalidated by the European Court of Justice on October 6, 2015.
Recently, the EU Commission has adopted The EU-US Privacy Shield
framework for transatlantic data flows. We are presently reviewing the
new framework. In the interim, we continue to rely on another EU
authorized mechanism to transfer data outside of the EEA, the Standard
Contract Clauses, which include contractual commitments by Ancestry
European entities and our US affiliates, along with other processors
outside the EEA, when processing European personal information on our
behalf, to uphold European data protection standards with respect to
personal information of European residents in our care.
Ensuring data protection and security for our members’ personal
information is important to us.'
Hope this is of interest.
All the best
Kim Groothuis
Good morning Ian
I saw your comment on the GENBRIT message board. I couldn't reply via
the board because I'm not a subscriber to the mailing list as I find it
easier just to check the archive every week, but as a business
consultant with a GDPR accreditation (a bit like a Brownie badge, but
there you are...) this is my two penn'orth. Please feel free to ignore,
but if you want to quote from it in a post that's fine.
The short answer to the actual question is yes, a living person will
have the right to have their posts on a message service deleted. Sadly
we will not only be able to have the silly ones deleted - the right
conferred is to have 'all' data deleted (drat!). There is an exemption
if the removal would be impossible, and I suppose Ancestry could argue
that because of the 'threaded' nature of messages, and the fact that
people don't always reply to the thread but start a new one, it is
impossible. It will be interesting to see how that pans out. Under the
right of erasure the data controller (Ancestry) also has to notify any
other person or organisation who 'processes' the data. However, GDPR
doesn't apply to individuals using data for domestic purposes (eg
hobbies) so there's no need for Ancestry to ask other private users to
delete anything.
GDPR only confers rights on living people. Somebody asked whether that
meant data could be reinstated by the controller after the person has
died. Yes, it could, but I doubt if anyone would bother unless it was
something really juicy. The controller would have to assure themselves
that whatever was reinstated did not contain data on any other living
person.
Ancestry are, of course, headquartered in the US. They have not (yet?)
signed up to the EU-US Privacy Shield, which is the leading mechanism
for transferring data between the EU and the US. It's up to individual
corporations in the US to register if they want to, and many large
corporation have. However, I do understand why Ancestry haven't done
this yet because they will not be absolutely sure what they are signing
up to - the GDPR allows member countries to add to/modify some of the
details of the rules in a limited way, and the handling of sensitive
data is one of those areas. The UK government has issued a 'Statement of
intent' but the text of the UK bill will not be out for another couple
of weeks.
'For our customers in Europe, we are adhering to the requirements set
forth in the EU’s Data Protection Directive 95/46/EC on the onward
transfer of personal information from Europe. One of the mechanisms for
onward transfer, the Safe Harbor framework between the EU and the United
States was invalidated by the European Court of Justice on October 6, 2015.
Recently, the EU Commission has adopted The EU-US Privacy Shield
framework for transatlantic data flows. We are presently reviewing the
new framework. In the interim, we continue to rely on another EU
authorized mechanism to transfer data outside of the EEA, the Standard
Contract Clauses, which include contractual commitments by Ancestry
European entities and our US affiliates, along with other processors
outside the EEA, when processing European personal information on our
behalf, to uphold European data protection standards with respect to
personal information of European residents in our care.
Ensuring data protection and security for our members’ personal
information is important to us.'
Hope this is of interest.
All the best
Kim Groothuis
Ian Goddard
Aug 27, 2017, 4:02:51 AM8/27/17
to
> The short answer to the actual question is yes, a living person will
> have the right to have their posts on a message service deleted. Sadly
> we will not only be able to have the silly ones deleted - the right
> conferred is to have 'all' data deleted (drat!). There is an exemption
> if the removal would be impossible, and I suppose Ancestry could argue
> that because of the 'threaded' nature of messages, and the fact that
> people don't always reply to the thread but start a new one, it is
> impossible. It will be interesting to see how that pans out.
As I made clear earlier I had in mind the problem of people wishing to
> have the right to have their posts on a message service deleted. Sadly
> we will not only be able to have the silly ones deleted - the right
> conferred is to have 'all' data deleted (drat!). There is an exemption
> if the removal would be impossible, and I suppose Ancestry could argue
> that because of the 'threaded' nature of messages, and the fact that
> people don't always reply to the thread but start a new one, it is
> impossible. It will be interesting to see how that pans out.
erase BMD records which I think Bob's comment covers. However Kim's
comment also raises an interesting point in relation to newsgroups.
Presumably the individual newsgroup server operators all come under the
heading of data processors but it's difficult to see who would be the
controller.
0 new messages