Submitted by Captain_Calamari_ t3_127ia2r in technology
MornwindShoma t1_jeh2nqq wrote
Reply to comment by Educational-Ice-319 in Italian regulators order ChatGPT ban over alleged violation of data privacy laws by Captain_Calamari_
Lol? You definitely don't get the point of GDPR. "Getting more data" isn't the issue, it's "getting it without permission", "leaking" or "storing it improperly".
Educational-Ice-319 t1_jeh2rp9 wrote
You don’t get the point of infosec and data protection. Minimizing risk is critical. Stop talking about shit you don’t understand please :)
MornwindShoma t1_jeh30p4 wrote
GDPR ain't infosec lol.
Educational-Ice-319 t1_jeh34gh wrote
Lmfao. GDPR is compliance and infosec. Quick quiz: what’s GRC stand for buddy?
MornwindShoma t1_jeh3uco wrote
https://www.europarl.europa.eu/RegData/etudes/ATAG/2023/739350/EPRS_ATA(2023)739350_EN.pdf
>The GDPR requires the use of verification with regard to age and parental consent.
Lol. This guy.
Educational-Ice-319 t1_jeh4rgr wrote
Lmfao. Nice job, let’s read the whole thing shall we?
> Processing shall be lawful only if and to the extent that at least one of the following applies:
> the data subject has given consent to the processing of his or her personal data for one or more specific purposes;
> processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
> processing is necessary for compliance with a legal obligation to which the controller is subject; processing is necessary in order to protect the vital interests of the data subject or of another natural person;
> processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
> Where point (a) of Article 6(1) applies, in relation to the offer of information society services directly to a child, the processing of the personal data of a child shall be lawful where the child is at least 16 years old.
> 2Where the child is below the age of 16 years, such processing shall be lawful only if and to the extent that consent is given or authorised by the holder of parental responsibility over the child.
> 3Member States may provide by law for a lower age for those purposes provided that such lower age is not below 13 years.
Taken together, the company is only requires to get consent if 1) it processes the information, and 2) it is directly done for services direct to children.
So no mandatory consent or age verification across the board. You wanna try again bud?
Viewing a single comment thread. View all comments