[Chapter-delegates] Chapter Membership Cancellation Notifications
Richard Hill
rhill at hill-a.ch
Mon Feb 26 04:35:55 PST 2018
Please see embedded comments below.
Thanks and best,
Richard
> -----Original Message-----
> From: Chapter-delegates [mailto:chapter-delegates-
> bounces at elists.isoc.org] On Behalf Of Peter Koch
> Sent: Monday, February 26, 2018 09:42
> To: Joly MacFie
> Cc: ISOC Chapter Delegates
> Subject: Re: [Chapter-delegates] Chapter Membership Cancellation
> Notifications
>
> On Mon, Feb 26, 2018 at 02:34:39AM -0500, Joly MacFie wrote:
>
> > Technically, for those Chapters who, like us, maintain a separate
> > announce mailing list, should we be doing a similar opt-in procedure
> > to be GDPR compliant after May 25, or does ISOC's opt-in cover us?
>
> technically, without speculating about the reasons for the notices you
> received, ISOC's "opt-in" can hardly be considered GDPR compliant.
> It uses "consent" where it shouldn't and combines this with all kinds
> of data processing of questionable necessity, e.g.,
You raise a very good point. I had assumed that ISOC had obtained legal
advice, so what they are doing would be compliant with the GDPR. The GDPR
is at:
http://data.consilium.europa.eu/doc/document/ST-5419-2016-INIT/en/pdf
Although I'm not a lawyer, I do see the point that your raise.
On the one hand, art. 6.1.a provides that processing is lawful if the data
subject has given consent.
On the other hand, art. 5.1.c provides that "Personal data shall be
adequate, relevant and limited to what is necessary in relation to the
purposes for which they are processed ('data minimisation');"
The items you list below would not appear to be necessary for the purposes
for which ISOC is processing the data. Or maybe they are necessary, e.g. "to
help improve the Site, analyze trends, and administer the Site".
One legal question is whether the consent of Art. 6 overrides the
minimization principle of Art. 5, or whether the minimization principle
overrides the consent.
Another legal question is whether the information collected by ISOC is
"necessary".
Perhaps ISOC staff can let us know what their legal advisors have said
regarding these matters.
>
> We automatically collect certain technical information when you visit
> our Sites, such as type of browser, operating system version and
> Internet protocol or IP address; and
>
> The Sites may collect certain anonymous information about your visit,
> such as the name of the Internet service provider and the Internet
> Protocol (IP) address through which you access the Internet; the date
> and time you access the Site; pages that you access while at the Site,
> and the Internet address of the website from which you linked directly
> to the Site. We may combine this automatically collected log
> information with other information we collect about you. This
> information is used to help improve the Site, analyze trends, and
> administer the Site.
>
> Therefore, as a chapter residing in Europe, we have a compliance issue
> should we require our chapter members to remain ISOC members and
> thereby forcing them to "opt in" to the clauses above (which serve as
> examples here).
> Apart from that, we of course need to do our own homework, so the ISOC
> global membership isn't the only issue, but it's an important one. How
> have other (European) chapters solved this?
>
> Regards,
> Peter
> _______________________________________________
> As an Internet Society Chapter Officer you are automatically subscribed
> to this list, which is regularly synchronized with the Internet Society
> Chapter Portal (AMS): https://portal.isoc.org
More information about the Chapter-delegates
mailing list