I've had an email from US company paperlesspost.com asking me to click a button to say whether or not I will be attending a memorial service in USA.
The company has obviously got all the email addresses from my friend's address book, so i may get advertising emails in future from this company.
Is it covered by the GDPR regulations? There is an unsubscribe button but I'm never convinced that companies do delete all your data even if they stop sending emails.
There are lots of similar companies; I've received invitation cards and birthday cards from similar post companies in UK but haven't yet received emails from them regarding GDPR, but they still have my email address which I would like deleted.
Comments please.
Got a credit card? use our Credit Card & Finance Calculators
Thanks to Rhyd6,eyeball08,Wondergirly,bofh,johnstevens77, for Donating to support the site
GDPR outside EU
-
- The full Lemon
- Posts: 10813
- Joined: November 4th, 2016, 8:17 pm
- Has thanked: 1471 times
- Been thanked: 3005 times
Re: GDPR outside EU
That email would've been sent before May 25th in a US timezone.
We can posit a wholly spam-free interpretation of this case. Being your friend's memorial, it may be whoever was organising it (a private individual) who decided who to mail. A next-of-kin will have known some but not all of your friend's contacts, and may have very little idea how well you knew them and whether you might want to be contacted. Or even if you might be hurt and offended not to be asked. In which case, the company you mention isn't actually holding your address, it's just using a list supplied as a one-off by a customer.
To the broader point, the EU has no jurisdiction in the US, so a US-based spammer could ignore EU law with impunity if they have no EU-based operation that could be held to account. That has long been happening with pre-GDPR data protection.
On the other hand, we have some interesting noises coming from the US. Some of their legislators are looking at GDPR as a model to copy for themselves. And most recently, no less than Microsoft has announced that they will adopt GDPR for handling their customers not just in Europe but worldwide!
We can posit a wholly spam-free interpretation of this case. Being your friend's memorial, it may be whoever was organising it (a private individual) who decided who to mail. A next-of-kin will have known some but not all of your friend's contacts, and may have very little idea how well you knew them and whether you might want to be contacted. Or even if you might be hurt and offended not to be asked. In which case, the company you mention isn't actually holding your address, it's just using a list supplied as a one-off by a customer.
To the broader point, the EU has no jurisdiction in the US, so a US-based spammer could ignore EU law with impunity if they have no EU-based operation that could be held to account. That has long been happening with pre-GDPR data protection.
On the other hand, we have some interesting noises coming from the US. Some of their legislators are looking at GDPR as a model to copy for themselves. And most recently, no less than Microsoft has announced that they will adopt GDPR for handling their customers not just in Europe but worldwide!
-
- Lemon Slice
- Posts: 363
- Joined: November 6th, 2016, 8:13 am
- Has thanked: 34 times
- Been thanked: 10 times
Re: GDPR outside EU
What I really meant was that lots of companies inside and outside the EU have our personal information but does an "unsubscribe" delete the data or just stop emails coming?
Do the companies inside the EU now have to request permission to hold data, or just to use it? How do we get the data deleted outside the EU?
Do the companies inside the EU now have to request permission to hold data, or just to use it? How do we get the data deleted outside the EU?
-
- Lemon Quarter
- Posts: 1099
- Joined: November 4th, 2016, 1:25 pm
- Has thanked: 102 times
- Been thanked: 375 times
Re: GDPR outside EU
wickham wrote:The company has obviously got all the email addresses from my friend's address book, so i may get advertising emails in future from this company.
Is it covered by the GDPR regulations? There is an unsubscribe button but I'm never convinced that companies do delete all your data even if they stop sending emails.
There are lots of similar companies; I've received invitation cards and birthday cards from similar post companies in UK but haven't yet received emails from them regarding GDPR, but they still have my email address which I would like deleted.
Comments please.
GDPR covers those providing goods and services to EU citizens as well as to EU based organisations. So yes they are covered. Enforcement of course is a different matter. Beyond a reasonable time, Organisations should only keep sufficient data to ensure that your unsubscribe wishes are recorded. You can ask organisations to tell you what data they hold on you.
If you have already consented to receiving marketing e-mails, there is no need (despite what many organisations have done) for them to seek fresh consent. However they must offer you a channel to unsubscribe. You may need to visit their websites.
DM
-
- Lemon Slice
- Posts: 253
- Joined: November 7th, 2016, 12:28 am
- Been thanked: 57 times
Re: GDPR outside EU
There's a brief, but useful, summary relating to your questions at https://www.forbes.com/sites/forbestech ... e9d2b56ff2
One of the key questions, to which I have not found an answer, is what the EU lawmakers can do if a non-European company breaches the GDPR. If it's a company that has a presence in Europe, then they could fine them within Europe, but I don't know how they are going to take action against a company based outside Europe, and which trades 'remotely'.
With regards to unsubscribing from emails, I would certainly never unsubscribe from an email from an unrecognised organisation that I had not invited to contact me; by clicking on any links, you are simply advertising that the email arrived at a real person's inbox, and that makes the email address more valuable or, may simply cause an increase in email to that address. I tend to be pragmatic about such emails; if it's something that is occasionally of interest to me, I'd read it and delete it. If it's of no interest and I don't want to see anything else like it, I report it as spam. Again, I'd never unsubscribe from an organisation to which I had not provided my email address.
For those UK organisations that have emailed you previously, but have not contacted you regarding GDPR, I can think of a few of scenarios: 1) They are ignoring GDPR; 2) They have deleted your details, so they no longer hold information about you. 3) They were spamming
Although I no-longer live the UK, I have found the GDPR emails to be useful; I have unsubscribed from quite a few lists that I had forgotten about. One example is ebuyer.com; I used to do a lot of business with them 10 years ago, and I am pretty-sure that I unsubscribed from their newsletters about 7 years ago (I hadn't received any email from them since 2010). I received a GDPR notice from them yesterday, so a good chance to ensure that I am removed from their list.
One of the key questions, to which I have not found an answer, is what the EU lawmakers can do if a non-European company breaches the GDPR. If it's a company that has a presence in Europe, then they could fine them within Europe, but I don't know how they are going to take action against a company based outside Europe, and which trades 'remotely'.
With regards to unsubscribing from emails, I would certainly never unsubscribe from an email from an unrecognised organisation that I had not invited to contact me; by clicking on any links, you are simply advertising that the email arrived at a real person's inbox, and that makes the email address more valuable or, may simply cause an increase in email to that address. I tend to be pragmatic about such emails; if it's something that is occasionally of interest to me, I'd read it and delete it. If it's of no interest and I don't want to see anything else like it, I report it as spam. Again, I'd never unsubscribe from an organisation to which I had not provided my email address.
For those UK organisations that have emailed you previously, but have not contacted you regarding GDPR, I can think of a few of scenarios: 1) They are ignoring GDPR; 2) They have deleted your details, so they no longer hold information about you. 3) They were spamming
Although I no-longer live the UK, I have found the GDPR emails to be useful; I have unsubscribed from quite a few lists that I had forgotten about. One example is ebuyer.com; I used to do a lot of business with them 10 years ago, and I am pretty-sure that I unsubscribed from their newsletters about 7 years ago (I hadn't received any email from them since 2010). I received a GDPR notice from them yesterday, so a good chance to ensure that I am removed from their list.
-
- Lemon Quarter
- Posts: 4179
- Joined: November 4th, 2016, 9:42 pm
- Has thanked: 1001 times
- Been thanked: 1855 times
Re: GDPR outside EU
By clicking anywhere, scrolling, or closing this notification,
you agree to be legally bound by the witch Sycorax within a cloven pine.
https://xkcd.com/1998/
This work is licensed under a Creative Commons Attribution-NonCommercial 2.5 License.
Return to “Technology - Computers, TV, Phones etc.”
Who is online
Users browsing this forum: No registered users and 38 guests