• jarfil@beehaw.org
    link
    fedilink
    arrow-up
    2
    ·
    edit-2
    8 months ago

    places an undue burden onto the user to determine and explain why data might be personal

    The other way around: all data originating from a person, is by default “personal data”, and the burden of explaining which one is not, lies with whoever is keeping it.

    you can’t look at any messages in any rooms you’ve been kicked out of

    If they’re keeping them, then you can request a GDPR export of ALL your data. Doesn’t matter whether some interface or application allows you access to the data or not, or even if you’ve been banned from the whole platform; as long as they keep the data, they have an obligation to honor your rights of:

    • Access
    • Correction/Modification
    • Removal

    Even during obligatory data retention periods, when they can’t remove the data and only make it inaccessible, you still have the right to get a copy of your own personal data.

    • LWD@lemm.ee
      link
      fedilink
      arrow-up
      1
      ·
      8 months ago

      I really hope I’m wrong and you’re right here! I agree with you entirely in terms of what should be allowed, if it isn’t already allowed. And I definitely hope you’re correct. I haven’t recently requested a data export from my languishing Matrix account, but I might give it another go to see what kind of data is stored on my home server.

      • jarfil@beehaw.org
        link
        fedilink
        arrow-up
        1
        ·
        8 months ago

        I’ve had to deal with this on the data collection end, and it’s a PITA to build in the mechanisms to fully follow the law. If you’re an EU resident, and especially if the server is in the EU or has to follow EU agreements, then they’d risk some quite high penalties if they didn’t follow it.