GDPR pops up all the time on this topic
I mean it might have reason, even if some people might refuse to see it.
At this point we are talking about the GDPR. Formally, the GDPR is part of international law, not national legislation of the member states. It extends to the user’s where GDPR applies to them e.g. Germans on platforms. For that consult Article 1-3 GDPR, so the Territorial Scope, the Material Scope. Your “private board” would be regulated by Art. 2 (2) GDPR (see gdpr-info[.].eu/art-[n]-gdpr)
Art. 1 GDPR makes the intent even more clear:
(1) This Regulation lays down rules relating to the protection of natural persons with regard to the processing of personal data and rules relating to the free movement of personal data.
(2) This Regulation protects fundamental rights and freedoms of natural persons and in particular their right to the protection of personal data.
(3) The free movement of personal data within the Union shall be neither restricted nor prohibited for reasons connected with the protection of natural persons with regard to the processing of personal data.
GDPR protects me against CDCK […] GDPR doesn’t care what I’ve written here
Now you have the chance for a second guess.
Other national and interstate legislation:
If you look at the California Consumer Privacy Act (CCPA) there is a bunch of other exceptions etc. But they made sure they stay as close as possible to the GDPR. But that’s “only” state legislation.
You would want to look into the E.U.-U.S. Data Privacy Framework, which has been remade as successor of the EU Privacy Shield that was declared as invalid a long time ago. It explicitly refers to the foundation on REGULATION (EU) 2016/679 (p.1 in (1) ). Please look at page 6 under 2.2.3 (20) and (22) here we have it again, the Choice Principle, next to the previously laid out necessarity, purpose, and limited retention time scopes.
No.
While I do not know the background of your reasoning I’d like to disagree because the documents I have read and linked indicate the opposite.
Cheers
/E: I had to remove my other links because “new members can only link two times per post”. Why ever…
/E1: Now I’m not allowed to post anything anymore^^
If someone wants to see that I am reading even the E.U.-U.S. Data Privacy Framework correctly, please look here katten[.]com/key-principles-and-considerations-for-participation-in-the-eu-us-data-privacy-framework
For the CCPA please consult oag.ca[.]gov/privacy/ccp
After re-reading all of the laws I came to the conclusion that my argumentation is probably correct. I might still be wrong, please feel free to refute my central points. For example by pointing out case-law going against it or parts of the corresponding laws that contradict my assessment.
We are on Discourse so we can discuss that, I believe. Hopefully we all can increase our understanding of the laws that protect us, and therefore make Discourse even better. A nice discuss platform should be more compliant to laws and protecting our privacy even more.