@hansw@mastodon.social

A question for you, or anyone in the European Union, familiar with GDPR regulations.

I use an app that is based in Hong Kong, and is unique on what it offers (a pen pal application, nothing comparable out there that I know of).

Problem :

• they are a small team, and very responsive, creative and competent.
• but all of our data (the personal letters we write to penpals, in private and possibly with much personal info) is stored un-encrypted.
• PRC has some pretty strict legislation, and it’s possible Intelligence agencies could demand a China based company to disclose any info in their systems.

And the question ;

• Does the GDPR regulation mandate that a user’s data should be available for them to download on demand? (Facebook, and others offer this; I imagine it is probably mandated)

I would like to see if we could have a legal base, at least in some jurisdictions, to approach the team and ask them to offer the same personal data backup for download. Which currently, they don’t offer.

If European legislation backs this, we would have a big start.

Ideal would be for all data to be end to end encrypted, like WhatsApp offers, for example. We don’t have that yet; although it might be legitimate to ask.

Maybe @freemo might know something about this also?