To sum up, you don’t have to create a
Posted: Mon Dec 23, 2024 5:23 am
DPO position in your company. You can engage a DPO from outside in accordance with your needs.
6. My application uses only emails and logins (without a first and last name). Does this count as personal data?
Yes, they do. There is no easy method of mass verification to see if e-mail address do or do not contain personal data. However, we use nicknames on many portals and it is possible to link them to other data.
whenever we are not sure if the bulk mobile database elements of the application can help identify the user, we should assume that this is what can happen.
7. In the application, we log in with Facebook, Google etc. The app sends a token to the backend, which automatically reads the user’s ID (or e-mail address), but not the first and last name.
During the validity period of a token (30 min) I can theoretically use it to manually extract personal data. Does this violate assumptions laid out in the GDPR?
The answer to this question is very difficult. There will be no clear-cut answer.
We must accept, as in the first case, that any piece of information about a user which gives you the ability to identify a natural person may violate GDPR rules. On the other hand, we can also assume that this data must be obtained with reasonable expenses and costs, which slightly softens the tone of the previous rule. At present, we are unable to determine how the authorities will approach this.
6. My application uses only emails and logins (without a first and last name). Does this count as personal data?
Yes, they do. There is no easy method of mass verification to see if e-mail address do or do not contain personal data. However, we use nicknames on many portals and it is possible to link them to other data.
whenever we are not sure if the bulk mobile database elements of the application can help identify the user, we should assume that this is what can happen.
7. In the application, we log in with Facebook, Google etc. The app sends a token to the backend, which automatically reads the user’s ID (or e-mail address), but not the first and last name.
During the validity period of a token (30 min) I can theoretically use it to manually extract personal data. Does this violate assumptions laid out in the GDPR?
The answer to this question is very difficult. There will be no clear-cut answer.
We must accept, as in the first case, that any piece of information about a user which gives you the ability to identify a natural person may violate GDPR rules. On the other hand, we can also assume that this data must be obtained with reasonable expenses and costs, which slightly softens the tone of the previous rule. At present, we are unable to determine how the authorities will approach this.