I'd like to see that thinking extend to other countries (and indeed the extraterritoriality provisions within GDPR help move us in that direction) and indeed I'd also like to see companies doing this Let's go back to the cat forum scenario again.
In fact, let's take a look specifically at and some of the information they request on the profile page: That page also goes on to request information on where you live, your biography, interests, occupation and mobile phone number.
Here's what it looks like: And it look similar to HIBP - enter your email address and go!
But where things differ is in the highlighted areas, that is the 3 things you must read and understand before doing the search.
I mean this is a forum with discussions such as if you can buy shoulder pads for your cat to ride on, building a condo for your cat and whether you'll get sick eating out of the same bowl as your cat.
Here's the problem and I'm going to quote directly from my written testimony sent in to Congress (hat tip to James for his suggestion on this): I just checked HIBP and the following sites all collected DOB before having it exposed to unauthorised parties: Acne.org, Adult Friend Finder, Aha Share.com, ai.type, Android Forums, Ashley Madison, Badoo, Beautiful People, Bitcoin Talk, Black Hat World, Boxee, Cannabis.com, Clix Sense, COMELEC (Philippines Voters), Data Enrichment Records, diet.com, DLH.net, Dungeons & Dragons Online, e Thekwini Municipality, Evermotion, Experian, Exposed VINs, Fling, Foxy Bingo, Funimation, g Potato, GTAGaming, hackforums.net, Health Now Networks, hemmelig.com, Hong Fire, Inter Pals, i Pmart, Job Street, Justdate.com, KM.
They ask nothing of the user beyond what is required to do their job.
I wrote a free course for Varonis on GDPR earlier this year and I'm going to be referring to points from there quite a bit in this blog post.But firstly, let's put that question in context: you sign up to a cat forum because you want to discuss cats with other feline aficionados. But it's also somewhat philosophical so let's translate it into practical terms.The site asks you for some personal information when you create the account which it then stores in a database. I'm going to refer a lot to the upcoming European General Data Protection Regulation (GDPR) that will hit Europe in May 2018 because protecting personal data is a cornerstone of the legislation.It's also geographically specific in that there are different legal definitions in different places and indeed different social expectations due to cultural differences too.I want to focus on what I believe the answer be rather than what the law permits; after all, we're addressing a global problem here that transcends legal boundaries. This is an important question because it drives the way organisations then treat that data.