[Chapter-delegates] Update on GDPR Opt-in
Peter Koch
pk at ISOC.DE
Tue May 8 09:50:51 PDT 2018
Todd,
thank you for this update.
On Tue, May 08, 2018 at 02:02:33PM +0000, Todd M. Tolbert wrote:
> With just two weeks left until May 25th, as of Monday morning we are up to 36,300 Members who have opted-in. We will continue the emails reminding folks through May 25 and then stop and do a deeper dive into the data of those who have not opted-in and look to see how we can do another notification / plea for action. You???re help in communicating to your chapters, as always, is helpful in this endeavor.
First, I had not noticed the updated version (20 APR 2018), yet. It'd be great if
the changes could be highlighted separately.
I have not "opted in" in, yet, and also do have reservations, as a member of the
chapter leadership, to encourage others to do so, because I am rather confused
by ISOC's approach of "enforced consent", expecially as the GDPR is mentioned
several times in the "privacy statement". As a membership organization, it is
clear ISOC collects my name and email address - but that is, as you explain,
necessary for the "execution of the contract", i.e., to administer and maintain
the membership (and therefore would suggest another justification as per Article 6(1)).
The privacy statement then continues and is rather vague about all other kind of data
that might be collected for various purposes. It is unclear to me, how much of this relates
to the vanilla membership, to visits to ISOC's website or to specific actions
like asking for grants or project funding. It is also unclear why I'd want to
"consent" to all of this upfront, rather than when the need arises.
Among the "uses of data" (which is different from "purposes") are
o Improve your engagement and interaction with other Members of our community.
o Improve our engagement and interaction with you.
which appear rather vague to me. Finally, the privacy statement says
We or our authorized vendors may collect Technical Information that we do not associate with any individual Site user. This information includes -
[...]
the Internet Protocol (IP) address through which you access the Internet;
and also refers to the "certain anonymous information". Now, we'll not solve the
question of IP addresses as personal data here, but in total I have my doubts
what I am "asked" to subscribe to.
I appreciate it is hard to achieve GDPR compliance while still being comprehensible
and also I'm nowhere near jealous of your task while I'd also generally trust ISOC's
responsible handling of data. That said, an "opt in" really does not feel right.
Yours confused,
Peter (ISOC.DE)
More information about the Chapter-delegates
mailing list