GDPR outside EU

[wickham]

I've had an email from US company paperlesspost.com asking me to click a button to say whether or not I will be attending a memorial service in USA.

The company has obviously got all the email addresses from my friend's address book, so i may get advertising emails in future from this company.

Is it covered by the GDPR regulations? There is an unsubscribe button but I'm never convinced that companies do delete all your data even if they stop sending emails.

There are lots of similar companies; I've received invitation cards and birthday cards from similar post companies in UK but haven't yet received emails from them regarding GDPR, but they still have my email address which I would like deleted.

Comments please.

[UncleEbenezer]

That email would've been sent before May 25th in a US timezone.

We can posit a wholly spam-free interpretation of this case. Being your friend's memorial, it may be whoever was organising it (a private individual) who decided who to mail. A next-of-kin will have known some but not all of your friend's contacts, and may have very little idea how well you knew them and whether you might want to be contacted. Or even if you might be hurt and offended not to be asked. In which case, the company you mention isn't actually holding your address, it's just using a list supplied as a one-off by a customer.

To the broader point, the EU has no jurisdiction in the US, so a US-based spammer could ignore EU law with impunity if they have no EU-based operation that could be held to account. That has long been happening with pre-GDPR data protection.

On the other hand, we have some interesting noises coming from the US. Some of their legislators are looking at GDPR as a model to copy for themselves. And most recently, no less than Microsoft has announced that they will adopt GDPR for handling their customers not just in Europe but worldwide!

[wickham]

What I really meant was that lots of companies inside and outside the EU have our personal information but does an "unsubscribe" delete the data or just stop emails coming?

Do the companies inside the EU now have to request permission to hold data, or just to use it? How do we get the data deleted outside the EU?

[dionaeamuscipula]

The company has obviously got all the email addresses from my friend's address book, so i may get advertising emails in future from this company.

Is it covered by the GDPR regulations? There is an unsubscribe button but I'm never convinced that companies do delete all your data even if they stop sending emails.

There are lots of similar companies; I've received invitation cards and birthday cards from similar post companies in UK but haven't yet received emails from them regarding GDPR, but they still have my email address which I would like deleted.

Comments please.

GDPR covers those providing goods and services to EU citizens as well as to EU based organisations. So yes they are covered. Enforcement of course is a different matter. Beyond a reasonable time, Organisations should only keep sufficient data to ensure that your unsubscribe wishes are recorded. You can ask organisations to tell you what data they hold on you.

If you have already consented to receiving marketing e-mails, there is no need (despite what many organisations have done) for them to seek fresh consent. However they must offer you a channel to unsubscribe. You may need to visit their websites.

DM

[superFoolish]

There's a brief, but useful, summary relating to your questions at https://www.forbes.com/sites/forbestech ... e9d2b56ff2

One of the key questions, to which I have not found an answer, is what the EU lawmakers can do if a non-European company breaches the GDPR. If it's a company that has a presence in Europe, then they could fine them within Europe, but I don't know how they are going to take action against a company based outside Europe, and which trades 'remotely'.

With regards to unsubscribing from emails, I would certainly never unsubscribe from an email from an unrecognised organisation that I had not invited to contact me; by clicking on any links, you are simply advertising that the email arrived at a real person's inbox, and that makes the email address more valuable or, may simply cause an increase in email to that address. I tend to be pragmatic about such emails; if it's something that is occasionally of interest to me, I'd read it and delete it. If it's of no interest and I don't want to see anything else like it, I report it as spam. Again, I'd never unsubscribe from an organisation to which I had not provided my email address.

For those UK organisations that have emailed you previously, but have not contacted you regarding GDPR, I can think of a few of scenarios: 1) They are ignoring GDPR; 2) They have deleted your details, so they no longer hold information about you. 3) They were spamming

Although I no-longer live the UK, I have found the GDPR emails to be useful; I have unsubscribed from quite a few lists that I had forgotten about. One example is ebuyer.com; I used to do a lot of business with them 10 years ago, and I am pretty-sure that I unsubscribed from their newsletters about 7 years ago (I hadn't received any email from them since 2010). I received a GDPR notice from them yesterday, so a good chance to ensure that I am removed from their list.

[Breelander]

By clicking anywhere, scrolling, or closing this notification,
you agree to be legally bound by the witch Sycorax within a cloven pine.

https://xkcd.com/1998/
This work is licensed under a Creative Commons Attribution-NonCommercial 2.5 License.