GDPR and storage of personal data.

+2 votes
Can anyone put my mind to rest? I am concerned that although profiles of living non-members may be unlisted they still potentially store personal information without consent.  I have a number of profiles that I created before GDPR that contain some personal data. I have edited some of these profiles to remove this data but of course it is still held within the change record and there seems to be nothing I can do about that.  Where possible I will contact the individuals but in most cases I have no contact details.
in The Tree House by Chris Orme G2G6 Mach 1 (13.9k points)
Just as a heads up: The European Court has just ruled that the right to be forgotten can only be enforced within the European Community and not anywhere else. Servers located outside the EU should be ok. Not that I oppose privacy laws but at least WikiTree should be safe from potential liability if some private data are on here and slip through the cracks of it's policies.

2 Answers

+3 votes
Best answer
As long as those profiles are locked down completely (ie Privacy level Unlisted) then they conform to the GDPR regulations. They become private and unsearchable.

I personally no longer add living people to WikiTree without their consent to cover myself and all others that I had added are Unlisted.
by Deborah Talbot G2G6 Mach 5 (57.6k points)
selected by Chris Orme
I have adopted the same policy for myself. During the SAT, I found many living profiles that the PM had tried to keep open by adding no dates and clicking "not living," yet they were children of someone born in the 1950's. Chances are they are living, so I added "unsourced" and made sure all of the bio sections were on the profile, then I clicked the living radio button. I'm sure there are many profiles like this but I'm satisfied knowing that they will not be created by me. (never have though.)
+2 votes
It was explained to me that as long as WIKITREE is not monetizing the information (ie making it public and searchable) then it is not covered by GDPR.
by Lance Martin G2G6 Pilot (101k points)

I don't think any organisation which holds personal data is exempt. That includes charities  ( but wiki-tree is a business)

Helen is correct. No organisation is exempt.
It was explained to me that the data is exempt if it is not monitzied. Imagine you were writing an email and stored it on gmail as a draft. That email could have personal information in it. However, since other people cannot see it, it is exempt. Other profiles on wikitree are monetized. When those profiles are displayed in a search, they are accompanied by ads. Wikitree is not exempt, but some of the data is.
That information is incorrect. The financial aspect is irrelevant. The legislation is there to protect the privacy of people in the EU.  It’s all about preventing identity theft.

Related questions

+15 votes
1 answer
314 views asked Oct 9, 2017 in WikiTree Tech by Lynda Crackett G2G6 Pilot (630k points)
+4 votes
3 answers
401 views asked Sep 21, 2018 in Policy and Style by Jack Day G2G6 Pilot (364k points)
+3 votes
1 answer
+22 votes
8 answers
1.2k views asked Jun 10, 2018 in Policy and Style by Robin Lee G2G6 Pilot (712k points)
+4 votes
2 answers
132 views asked Jun 9, 2018 in WikiTree Help by Jillaine Smith G2G6 Pilot (781k points)
+11 votes
1 answer
147 views asked May 27, 2018 in WikiTree Tech by Vic Watt G2G6 Pilot (330k points)
+6 votes
3 answers
151 views asked May 15, 2018 in WikiTree Help by Izak Jacobus Coetzee G2G4 (4.0k points)
+13 votes
2 answers
417 views asked May 14, 2018 in Policy and Style by Barry Smith G2G6 Pilot (219k points)
+27 votes
3 answers
1.0k views asked May 14, 2018 in The Tree House by Edison Williams G2G6 Pilot (313k points)

WikiTree  ~  About  ~  Help Help  ~  Search Person Search  ~  Surname:

disclaimer - terms - copyright