27.06.2022, 13:23
Sorry for bumping this up, but the fundamental question has still remained unanswered.
Data minimisation is one of the core principles of the GDPR. Art. 5.1.c: "Personal data shall be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed." The reason for it is simple: If you don't collect the street address of 'hundreds of portal members who are not members of the association' that data can never leak either. That's by far the best and cheapest form of data protection in existence.
I have no idea why a street address would be of any relevance in relation to uploading some puzzles and the privacy statement stays completely silent about the purpose of that data collection as well. This practice strikes me as creepy too. In fact every responsible internet user should hear alarm bells ringing when a website tries to lure them into sharing certain data for no apparent reason.
So again: 'Could you explain a bit about what this is used for?' - Are you welcoming new portal users with a postcard? Are you going to send some angry men to a setter's house after accidentally uploading a broken puzzle? Or ...
The obligation to share any data in your possession if requested by the legal authorities is by itself not a justification for collecting certain data in the first place. And people with bad intentions would provide a false street address anyway, don't you think?
Data minimisation is one of the core principles of the GDPR. Art. 5.1.c: "Personal data shall be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed." The reason for it is simple: If you don't collect the street address of 'hundreds of portal members who are not members of the association' that data can never leak either. That's by far the best and cheapest form of data protection in existence.
I have no idea why a street address would be of any relevance in relation to uploading some puzzles and the privacy statement stays completely silent about the purpose of that data collection as well. This practice strikes me as creepy too. In fact every responsible internet user should hear alarm bells ringing when a website tries to lure them into sharing certain data for no apparent reason.
So again: 'Could you explain a bit about what this is used for?' - Are you welcoming new portal users with a postcard? Are you going to send some angry men to a setter's house after accidentally uploading a broken puzzle? Or ...
The obligation to share any data in your possession if requested by the legal authorities is by itself not a justification for collecting certain data in the first place. And people with bad intentions would provide a false street address anyway, don't you think?