I’ve had Amnesty International contacting me at work, using the “exemption for humanitarian emergencies” to say “We can’t remove you from mail lists, it’s a humanitarian emergency.” Highly annoying to be doxxed by who you’ve been donating to.
Actually, there is a solution: Say that you are back in Europe and a EU citizen. The GDPR applies to them too.
I have an OG mac.com account (got it about five minutes after Steve announced it).
Because of that, a lot of folks enter my email address as theirs; often accidentally (they forget the numbers, afterwards, or somesuch).
One lady made donations to her local ASPCA, and used my email address.
They sold me to some of the craziest, most radical-left organizations on earth.
I get hundreds of emails, every day, from these outfits. Some, are absolutely barking mad. Many, are fake emails from politicians.
Even I can't stomach some of the crazy in these emails, and I lean left[ish] (I'm quite centrist, which means leftists think I'm MAGA, and rightists think I'm commie).
Needless to say, unsubs only make it worse.
All because one lady goofed, when entering her email, for a local animal assistance org.
> Say that you are back in Europe and a EU citizen. The GDPR applies to them too.
Any idea how GDPR works for EU citizens who reside in the USA?
E.g., suppose I want Facebook to forget about me, but I'm using a U.S.-based ISP to tell them that. Does Facebook have any legal justification for rejecting my request?
If you reside in the US, then Facebook can probably argue US laws apply. Over course if you go to the EU to visit family for Christmas or something (very likely) and ask Facebook to stop then, EU laws apply and they need to forget everything even though you will return.
Note that data generated only from your time in the US about your activities when in the US probably can still remain.
> Any idea how GDPR works for EU citizens who reside in the USA?
It doesn't. The cases it applies to are given in Article 3 [1]. It applies to these cases:
• Processing of personal data by entities that are "established in the Union", regardless of where the processing takes place.
• Processing of personal data of "data subjects who are in the Union" by entities not "established in the Union" if it is related to those entities offering goods and services to data subjects "in the Union" or those entities are monitoring behavior of those data subjects that takes place "in the Union".
• Processing of personal data by an entity not "established in the Union" is they are somewhere where Member State law applies "by virtue of public international law". (Anyone happen to have a list of such places?).
GDPR does not even mention "citizens". Every place it talks about data subjects it uses "in the Union".
Note that this works both ways. People who are not EU citizens are covered if they are "in the Union".
Nothing in GDPR says anything about EU citizens. Everyplace it talks about data subjects it talks about data subjects "in the Union".
If he is not "in the Union" and the processor or controller processing his data is not "established in the Union" then GDPR does not apply. See Article 3 [1] for details.
Actually, there is a solution: Say that you are back in Europe and a EU citizen. The GDPR applies to them too.