[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: A note from GitHub about your repository

The artifact in question is their agreement with the CVE terms of use:


My intepretation of their request differs to yours -- if they are invoking GDPR to have that entry removed then remove that entry[*], there doesn't seem to be any reason why their acceptance of terms email needs to be public as long as DWF have a copy. Them asking for removal of their personal data from the public doesn't mean they've revoked their acceptance of those terms or you should alter any CVE they've filed. This wouldn't in my mind trigger any of the clauses for why you'd be able to reject the "right to forget".

What happens if I withdraw my consent for

Well, that wouldn't be defined as personal information under GDPR (and you're not an EU citizen).

This is a major problem that we need to actually solve in some way. 
Part of
it will be finding providers that are "Safe".

Dealing with GDPR requests will be the same no matter where you store DWF. Some providers might just not have figured out their process for handling them yet.


[* "remove" has some interesting side effects in Git, depending on if Github want you to rewrite history so it never happened (bleh!) or just commit a removal (so it's actually still in the history)]

Page Last Updated or Reviewed: October 11, 2018