The GDPR is a reprehensible and bureaucratic law that is impossible to fully comply with, and dictates an onerous process of risk assessments that are enforced by inspection and audits. It is not the sort of thing that you would wish on your grandmother.
So the law makers built in an important exclusion such that the law does not apply to the processing of personal data by a natural person in the exercise of a purely personal or household activity. But now a Dutch court has weighed in and decided that
this important exclusion does not applying to posting family pictures on the likes of Twitter. The court got involved in a family dispute between a grandmother who wanted to post pictures of her grand children on social against the wishes of the
mother. The court decided that the posting of pictures for public consumption on social media went beyond 'purely personal or household activity'. The details weren't fully worked out, but the court judgement suggested that they may have taken a
different view had the pictures been posted to a more restricted audience, say to Facebook friends only. But saying that such nuance doesn't apply to Twitter where posts are by default public. The outcome of the case was that the grandmother was
therefore in the wrong and has been ordered to remove the pictures from her social media accounts. But the horrible outcome of this court judgement is that anyone posting pictures of private individuals to Twitter must now register as a data
controller, so requiring submission to the full bureaucratic nightmare that is the GDPR. |