On 04/14/2018 09:00 PM, Jim Fisher wrote:
(i) of Article 9(2) as well as Article 9(3); (d) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) in so far as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing; or (e) for the establishment, exercise or defence of legal claims."
My guess is that this is talking about either private archives, or
archives held by a library, museum, or similar cultural institution,
that impose specific criteria, in order to access the archive. (This is
just one of the plethora of things with the GDPR that is somewhat
ambiguous.)
As a general rule of thumb, European Law ignores precedent, as set by
case law. However, precedent qua "this is what the law makers meant,
based upon this section of this text", is usually accepted.
I can see a company in the US claiming that archives were deleted to
comply with GDPR, when US law specifically requires the archives to
retained, especially when such archives contain the smoking gun. that
the court wants/needs to prove malfeasance.
this Regulation includes a derogation for organisations with fewer than 250 employees with regard to record-keeping.
This is one of those things that appears to be country specific:
* Estonian law appears to ignore organization size, dividing
organizations into solo-practitioner v non-solo practitioner, and
looking into why the data was collected, and retained;
* Irish law appears to differentiate between more than 250 employees and
less than 250 employees;
* I can't decipher the Hungarian website. :(
I'm sure Mark's lawyers will sort it out for him, in so far as that is possible in advance of any court rulings.
I hope so.
I've seen a couple of companies set up geoblocks, so that people from
Europe can neither access their website, nor purchase goods nor purchase
services from them, stating that they are doing so, because their
lawyers were unable to provide the required assurance that they were in
compliance with GDPR, and their accountants said that the costs involved
in compliance were higher than the revenue obtained from current
European customers.
In reading through the literature this past fortnight, it looks like
people in the data privacy field expect the GDPR to be the blueprint for
similar legislation world wide. Personally, I see it as being a
non-starter in the US, PRC, Russian and the Organization of Islamic
Cooperation/United Muslim Nations (OIC/UMN). The most it can spread is
into former European colonies that are neither Russian, nor PRC, nor
OIC/UMN client states.
Nor am I convinced that GDPR compliance is going to be seen as a good
thing, by the majority of individuals outside the EU.
I am not a lawyer. This is not legal advice.
jonathon
