
It's impossible to opt out of unsolicited emails from Heroku? “That is correct” - rickymetz2
https://imgur.com/a/96yoKrq
======
m-p-3
That would be a violation of the Anti-Spam Legislation in Canada.

------
eesmith
Would that be a GDPR violation?

~~~
throwaway73629
My understanding is that it would be a GDPR violation if the email were truly
unsolicited. In this case, it’s apparently possible to opt out of the emails,
albeit in an inconvenient manner, so I’m not sure it count as a violation.

~~~
eesmith
I got the impression that it was impossible to opt out. The only solution
offered was to ask the ex-client - a third party - to change the settings.
That is not opting out.

~~~
throwaway73629
If it went to court, I’m not sure what the court would decide. The solution
offered was indeed to ask the ex-client to change the settings. The GDPR
requires that those controlling personal data must offer a way opting out.
What I’m not sure about is whether Heroku would be seen as legally controlling
the personal data. Perhaps the ex-client is the one who has this control and
who must offer an opt out. It would be interesting to know if any similar
cases have already been judged.

~~~
eesmith
Hmmm. I see your point.

I don't know if Heroku is the data processor or controller in this case, but I
think it's the data processor. Let's suppose the ex-client is the data
controller. The first thing is to tell the ex-client to change the settings,
which doesn't seem to have been the case here.

If the ex-client does not change the settings (eg, perhaps from incompetence),
and Heroku know about the issue, then are they obligated as a data processor
to inform the ex-client that there is an GDPR violation? That's my reading of
the last part of 28.3 GDPR.

And if that violation continues? ... I have no clue.

No idea either of if this relationship is covered under GDPR.

