Legamart
Legal Talents
Business
Online MeetingResource HubPricing
Hire Top Legal TalentLOG IN
Deleted user
posted 3 years ago
How do platform sites ensure their users do not abuse forwarded user data?
I have a few open-source software projects that I develop on multiple large open-source software websites. I sent some GDPR-related inquiries to them to learn about how I can make my project sites GDPR-ready. The representation of my projects that are displayed in the OSS websites' default layout is identified as the "controller" and I am a "processor". If I am a processor, wouldn't those controllers have to make me sign a DPA? Moreover, Does that mean I am not permitted to set up the e-mail forwarding to any of my existing e-mail accounts but need to sign up for a "business-level"? 1- These websites are based in the U.S. 2- It's indeed still unclear whether an e-mail provider counts as a processor for which a DPA is needed. If it turns out it does not, the second part of the question is a non-issue."
Country
  • France
Fields:
  • Secured Transactions
  • Intellectual Property
  • Corporate and Company
  • +1
Share

Answer this Post

Login into your account and answer this post

Contribute Now
guillaumeb
Deleted user
Lawyer
posted 2 years ago
Hi, My answer may come a little late but I can try to help you in the event that you have not yet found what you were looking for. Did you check for or agree to Terms and conditions before using the websites services? Maybe a DPA is included in the terms and conditions and you have already approved it. In most contract such rules will be referred to as "GDPR standard clauses" (e.g., https://www.cisecurity.org/standard-gdpr-clauses) Alternatively, since the websites are located in the US, it is possible they chose not to set out a DPA (which would mean that they can't make business with individuals or companies located in the EU). You need to be careful with your projects and your own clients/users if they are located in Europe. Alternatively, are these websites hosted in California ? (rules which are comparable to GDPR applies to California). Regarding your last question on email providing, I would need further information to give you an educated answer relevant for your specific situation. Email providers can indeed be processors as well as controllers. It all depends on the type of information they are provided with and how this information is shared and processed. Don't hesitate to contact me Best, Guillaume