@hansw@mastodon.social
## A question for you, or anyone in the European Union, familiar with GDPR regulations.
I use an app that is based in Hong Kong, and is unique on what it offers (a pen pal application, nothing comparable out there that I know of).
Problem :
- they are a small team, and very responsive, creative and competent.
- but all of our data (the personal letters we write to penpals, in private and possibly with much personal info) is stored un-encrypted.
- PRC has some pretty strict legislation, and it's possible Intelligence agencies could demand a China based company to disclose any info in their systems.
And the question ;
- Does the GDPR regulation mandate that a user's data should be available for them to download on demand? (Facebook, and others offer this; I imagine it is probably mandated)
I would like to see if we could have a legal base, at least in some jurisdictions, to approach the team and ask them to offer the same personal data backup for download. Which currently, they don't offer.
If European legislation backs this, we would have a big start.
Ideal would be for all data to be end to end encrypted, like WhatsApp offers, for example. We don't have that yet; although it might be legitimate to ask.
Maybe @freemo might know something about this also?
@freemo @hansw@mastodon.social
Wonderful, thanks Freemo. The Data Portability is key to ask for a personal backup. I had a feeling it might be the case, or Facebook and company wouldn't be offering it.
I really like the app, and they did wonderful work creating and developing it. In the future, if we could have it a bit open sourced, allowing third party clients, it would be great.
There's one unofficial client, which a Chinese young programmer developed on his own - simply by monitoring the API calls and responses between the official client and their servers.
The API i closed, no details ever published. Yet, he built a working client, web based, and added extra functions which the official, company provided app, does not include.
E.g. :
* Exporting of all of a user's letters with a certain penpal. This is exported in plain text format, when required.
* Statistics like total letters written, how many sent, how many received. Word count for each letter, average and total word count for all letters.
And more. There's some risk on using this rogue client, from an unknown person (who could be copying or saving access tokens, user data).
But it is a great result, specially considering it's done solo and without any inside API info or manual.
@design_RG @hansw@mastodon.social @freemo some more info on GDPR https://www.eff.org/deeplinks/2020/02/upload-filters-are-odds-gdpr
@design_RG
Yes the GDPR offers two notable garuntees here:
1) the right to data portability. In other words, the right to a complete export of data, this is largely so you can be aware of what data a company stores about you but has the seconfary effect of portability
2) The right to be forgotten. Specifically, the ability for a user to be able to delete all data in the system about them which they contributed or help create.
@hansw@mastodon.social