Does GDPR cover the collection of data by websites that crawl the web and resell user data Planned maintenance scheduled April 23, 2019 at 23:30 UTC (7:30pm US/Eastern) Announcing the arrival of Valued Associate #679: Cesar Manara Unicorn Meta Zoo #1: Why another podcast?Contract necessary for the most basic processing under GPDR?Under the GDPR, should transaction data be deleted on account deletion or on user request?GDPR impact on genealogy website / uncontrolled user dataWill GDPR (EU law) make bad practices in security illegal?Does GDPR apply to internal employees data?Does keeping an MD5 hash of user data violate GDPR?GDPR and personal data that gets crawled and ends up on other websitesGDPR - is user social ID personal dataDoes my Personal Web App need to comply to GDPR?Replication of user data a violation of GDPR

Dinosaur Word Search, Letter Solve, and Unscramble

How to achieve cat-like agility?

IC on Digikey is 5x more expensive than board containing same IC on Alibaba: How?

How do you cope with tons of web fonts when copying and pasting from web pages?

calculator's angle answer for trig ratios that can work in more than 1 quadrant on the unit circle

Does the universe have a fixed centre of mass?

Unicode symbols with XeLaTeX and Lato font

Changing order of draw operation in PGFPlots

Asymmetric or symmetric - which makes sense in this scenario?

Do regular languages belong to Space(1)?

Is there a verb for listening stealthily?

"Destructive power" carried by a B-52?

The Nth Gryphon Number

Fit odd number of triplets in a measure?

How do I find my Spellcasting Ability for my D&D character?

Improvising over quartal voicings

Is there a right way of implementing a T flip flop in verilog wrt using reset signal?

Am I allowed to enjoy work while following the path of Karma Yoga?

Should man-made satellites feature an intelligent inverted "cow catcher"?

How can I introduce the names of fantasy creatures to the reader?

Is there night in Alpha Complex?

Why not use the yoke to control yaw, as well as pitch and roll?

malloc in main() or malloc in another function: allocating memory for a struct and its members

Are there any irrational/transcendental numbers for which the distribution of decimal digits is not uniform?



Does GDPR cover the collection of data by websites that crawl the web and resell user data



Planned maintenance scheduled April 23, 2019 at 23:30 UTC (7:30pm US/Eastern)
Announcing the arrival of Valued Associate #679: Cesar Manara
Unicorn Meta Zoo #1: Why another podcast?Contract necessary for the most basic processing under GPDR?Under the GDPR, should transaction data be deleted on account deletion or on user request?GDPR impact on genealogy website / uncontrolled user dataWill GDPR (EU law) make bad practices in security illegal?Does GDPR apply to internal employees data?Does keeping an MD5 hash of user data violate GDPR?GDPR and personal data that gets crawled and ends up on other websitesGDPR - is user social ID personal dataDoes my Personal Web App need to comply to GDPR?Replication of user data a violation of GDPR










1















I have found that a lot of my personal info is now available on a bunch of websites that collect data and resell it.
I'm talking about those 'find anything about anyone' websites.



A lot of the data is also inaccurate.



Since a lot of these companies are American and I have lived my life half US / half EU and I'm now an EU resident, I was wondering:



  • does the GDPR applies to them?

  • does the GDPR applies to data they claim was 'public', but I see that this is not really true?

  • What's the responsibility of search engines, like Google, in indexing and promoting that content. As they seem to have a 'contact the webmaster' approach to it, is it possible to get the content (at the minimum the inacurate one) removed from their index?









share|improve this question


























    1















    I have found that a lot of my personal info is now available on a bunch of websites that collect data and resell it.
    I'm talking about those 'find anything about anyone' websites.



    A lot of the data is also inaccurate.



    Since a lot of these companies are American and I have lived my life half US / half EU and I'm now an EU resident, I was wondering:



    • does the GDPR applies to them?

    • does the GDPR applies to data they claim was 'public', but I see that this is not really true?

    • What's the responsibility of search engines, like Google, in indexing and promoting that content. As they seem to have a 'contact the webmaster' approach to it, is it possible to get the content (at the minimum the inacurate one) removed from their index?









    share|improve this question
























      1












      1








      1


      1






      I have found that a lot of my personal info is now available on a bunch of websites that collect data and resell it.
      I'm talking about those 'find anything about anyone' websites.



      A lot of the data is also inaccurate.



      Since a lot of these companies are American and I have lived my life half US / half EU and I'm now an EU resident, I was wondering:



      • does the GDPR applies to them?

      • does the GDPR applies to data they claim was 'public', but I see that this is not really true?

      • What's the responsibility of search engines, like Google, in indexing and promoting that content. As they seem to have a 'contact the webmaster' approach to it, is it possible to get the content (at the minimum the inacurate one) removed from their index?









      share|improve this question














      I have found that a lot of my personal info is now available on a bunch of websites that collect data and resell it.
      I'm talking about those 'find anything about anyone' websites.



      A lot of the data is also inaccurate.



      Since a lot of these companies are American and I have lived my life half US / half EU and I'm now an EU resident, I was wondering:



      • does the GDPR applies to them?

      • does the GDPR applies to data they claim was 'public', but I see that this is not really true?

      • What's the responsibility of search engines, like Google, in indexing and promoting that content. As they seem to have a 'contact the webmaster' approach to it, is it possible to get the content (at the minimum the inacurate one) removed from their index?






      gdpr






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked 2 hours ago









      ThomasThomas

      1413




      1413




















          1 Answer
          1






          active

          oldest

          votes


















          3














          The GDPR applies to such sites if they offer services in the EU/EEA. If they clearly wanted to avoid being subject to the GDPR, they should block visitors from the EEA. For the GDPR, only location matters. Other concerns like residence or citizenship are generally irrelevant.



          Personal data does not turn non-personal just because it was public. So the GDPR still applies when the data was collected from public sources. However, the data controller (who determines the purpose of processing) often has to balance your rights and interests against other interests (e.g. when using legitimate interest as a legal basis for some processing). For the purpose of publicly displaying your data, only showing data that was already public anyway makes it easier to argue that this is fine.



          But when the GDPR applies, you have data subject rights. Relevant rights include:



          • a right to access, to see all the data they have about you

          • a right to rectification, to correct wrong data they hold about you

          • a right to restriction, effectively an opt-out

          • a right to erasure (also known as the right to be forgotten)

          These rights apply both against the website and against Google Search (arguably, both are doing the exact same thing). Google correctly points out that they can't remove information from the Web, but they can hide information from search results.



          If you feel that your requests have not been resolved correctly, you can issue a complaint with your country's data protection authority. In theory you can also sue them. In practice, GDPR enforcement against overseas data controllers can be quite difficult and has not yet happened.






          share|improve this answer























          • "For the GDPR, only location matters. Other concerns like residence or citizenship are generally irrelevant." I remember reading otherwise. Can you back up this claim with sources?

            – Ave
            11 mins ago











          • @Ave this is a very common misconception about the GDPR. But the EU cannot make extraterritorial laws, so Art 3 “Territorial Scope” limits the applicability to cases where the data controller is in the EU, or where the data controller offers services in the EU, or where the data controller observes behaviour of data subjects who are currently in the EU. But e.g. a EU citizen visiting the US is not protected by the GDPR.

            – amon
            8 mins ago












          Your Answer








          StackExchange.ready(function()
          var channelOptions =
          tags: "".split(" "),
          id: "617"
          ;
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function()
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled)
          StackExchange.using("snippets", function()
          createEditor();
          );

          else
          createEditor();

          );

          function createEditor()
          StackExchange.prepareEditor(
          heartbeatType: 'answer',
          autoActivateHeartbeat: false,
          convertImagesToLinks: false,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: null,
          bindNavPrevention: true,
          postfix: "",
          imageUploader:
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          ,
          noCode: true, onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          );



          );













          draft saved

          draft discarded


















          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2flaw.stackexchange.com%2fquestions%2f39322%2fdoes-gdpr-cover-the-collection-of-data-by-websites-that-crawl-the-web-and-resell%23new-answer', 'question_page');

          );

          Post as a guest















          Required, but never shown

























          1 Answer
          1






          active

          oldest

          votes








          1 Answer
          1






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes









          3














          The GDPR applies to such sites if they offer services in the EU/EEA. If they clearly wanted to avoid being subject to the GDPR, they should block visitors from the EEA. For the GDPR, only location matters. Other concerns like residence or citizenship are generally irrelevant.



          Personal data does not turn non-personal just because it was public. So the GDPR still applies when the data was collected from public sources. However, the data controller (who determines the purpose of processing) often has to balance your rights and interests against other interests (e.g. when using legitimate interest as a legal basis for some processing). For the purpose of publicly displaying your data, only showing data that was already public anyway makes it easier to argue that this is fine.



          But when the GDPR applies, you have data subject rights. Relevant rights include:



          • a right to access, to see all the data they have about you

          • a right to rectification, to correct wrong data they hold about you

          • a right to restriction, effectively an opt-out

          • a right to erasure (also known as the right to be forgotten)

          These rights apply both against the website and against Google Search (arguably, both are doing the exact same thing). Google correctly points out that they can't remove information from the Web, but they can hide information from search results.



          If you feel that your requests have not been resolved correctly, you can issue a complaint with your country's data protection authority. In theory you can also sue them. In practice, GDPR enforcement against overseas data controllers can be quite difficult and has not yet happened.






          share|improve this answer























          • "For the GDPR, only location matters. Other concerns like residence or citizenship are generally irrelevant." I remember reading otherwise. Can you back up this claim with sources?

            – Ave
            11 mins ago











          • @Ave this is a very common misconception about the GDPR. But the EU cannot make extraterritorial laws, so Art 3 “Territorial Scope” limits the applicability to cases where the data controller is in the EU, or where the data controller offers services in the EU, or where the data controller observes behaviour of data subjects who are currently in the EU. But e.g. a EU citizen visiting the US is not protected by the GDPR.

            – amon
            8 mins ago
















          3














          The GDPR applies to such sites if they offer services in the EU/EEA. If they clearly wanted to avoid being subject to the GDPR, they should block visitors from the EEA. For the GDPR, only location matters. Other concerns like residence or citizenship are generally irrelevant.



          Personal data does not turn non-personal just because it was public. So the GDPR still applies when the data was collected from public sources. However, the data controller (who determines the purpose of processing) often has to balance your rights and interests against other interests (e.g. when using legitimate interest as a legal basis for some processing). For the purpose of publicly displaying your data, only showing data that was already public anyway makes it easier to argue that this is fine.



          But when the GDPR applies, you have data subject rights. Relevant rights include:



          • a right to access, to see all the data they have about you

          • a right to rectification, to correct wrong data they hold about you

          • a right to restriction, effectively an opt-out

          • a right to erasure (also known as the right to be forgotten)

          These rights apply both against the website and against Google Search (arguably, both are doing the exact same thing). Google correctly points out that they can't remove information from the Web, but they can hide information from search results.



          If you feel that your requests have not been resolved correctly, you can issue a complaint with your country's data protection authority. In theory you can also sue them. In practice, GDPR enforcement against overseas data controllers can be quite difficult and has not yet happened.






          share|improve this answer























          • "For the GDPR, only location matters. Other concerns like residence or citizenship are generally irrelevant." I remember reading otherwise. Can you back up this claim with sources?

            – Ave
            11 mins ago











          • @Ave this is a very common misconception about the GDPR. But the EU cannot make extraterritorial laws, so Art 3 “Territorial Scope” limits the applicability to cases where the data controller is in the EU, or where the data controller offers services in the EU, or where the data controller observes behaviour of data subjects who are currently in the EU. But e.g. a EU citizen visiting the US is not protected by the GDPR.

            – amon
            8 mins ago














          3












          3








          3







          The GDPR applies to such sites if they offer services in the EU/EEA. If they clearly wanted to avoid being subject to the GDPR, they should block visitors from the EEA. For the GDPR, only location matters. Other concerns like residence or citizenship are generally irrelevant.



          Personal data does not turn non-personal just because it was public. So the GDPR still applies when the data was collected from public sources. However, the data controller (who determines the purpose of processing) often has to balance your rights and interests against other interests (e.g. when using legitimate interest as a legal basis for some processing). For the purpose of publicly displaying your data, only showing data that was already public anyway makes it easier to argue that this is fine.



          But when the GDPR applies, you have data subject rights. Relevant rights include:



          • a right to access, to see all the data they have about you

          • a right to rectification, to correct wrong data they hold about you

          • a right to restriction, effectively an opt-out

          • a right to erasure (also known as the right to be forgotten)

          These rights apply both against the website and against Google Search (arguably, both are doing the exact same thing). Google correctly points out that they can't remove information from the Web, but they can hide information from search results.



          If you feel that your requests have not been resolved correctly, you can issue a complaint with your country's data protection authority. In theory you can also sue them. In practice, GDPR enforcement against overseas data controllers can be quite difficult and has not yet happened.






          share|improve this answer













          The GDPR applies to such sites if they offer services in the EU/EEA. If they clearly wanted to avoid being subject to the GDPR, they should block visitors from the EEA. For the GDPR, only location matters. Other concerns like residence or citizenship are generally irrelevant.



          Personal data does not turn non-personal just because it was public. So the GDPR still applies when the data was collected from public sources. However, the data controller (who determines the purpose of processing) often has to balance your rights and interests against other interests (e.g. when using legitimate interest as a legal basis for some processing). For the purpose of publicly displaying your data, only showing data that was already public anyway makes it easier to argue that this is fine.



          But when the GDPR applies, you have data subject rights. Relevant rights include:



          • a right to access, to see all the data they have about you

          • a right to rectification, to correct wrong data they hold about you

          • a right to restriction, effectively an opt-out

          • a right to erasure (also known as the right to be forgotten)

          These rights apply both against the website and against Google Search (arguably, both are doing the exact same thing). Google correctly points out that they can't remove information from the Web, but they can hide information from search results.



          If you feel that your requests have not been resolved correctly, you can issue a complaint with your country's data protection authority. In theory you can also sue them. In practice, GDPR enforcement against overseas data controllers can be quite difficult and has not yet happened.







          share|improve this answer












          share|improve this answer



          share|improve this answer










          answered 1 hour ago









          amonamon

          98816




          98816












          • "For the GDPR, only location matters. Other concerns like residence or citizenship are generally irrelevant." I remember reading otherwise. Can you back up this claim with sources?

            – Ave
            11 mins ago











          • @Ave this is a very common misconception about the GDPR. But the EU cannot make extraterritorial laws, so Art 3 “Territorial Scope” limits the applicability to cases where the data controller is in the EU, or where the data controller offers services in the EU, or where the data controller observes behaviour of data subjects who are currently in the EU. But e.g. a EU citizen visiting the US is not protected by the GDPR.

            – amon
            8 mins ago


















          • "For the GDPR, only location matters. Other concerns like residence or citizenship are generally irrelevant." I remember reading otherwise. Can you back up this claim with sources?

            – Ave
            11 mins ago











          • @Ave this is a very common misconception about the GDPR. But the EU cannot make extraterritorial laws, so Art 3 “Territorial Scope” limits the applicability to cases where the data controller is in the EU, or where the data controller offers services in the EU, or where the data controller observes behaviour of data subjects who are currently in the EU. But e.g. a EU citizen visiting the US is not protected by the GDPR.

            – amon
            8 mins ago

















          "For the GDPR, only location matters. Other concerns like residence or citizenship are generally irrelevant." I remember reading otherwise. Can you back up this claim with sources?

          – Ave
          11 mins ago





          "For the GDPR, only location matters. Other concerns like residence or citizenship are generally irrelevant." I remember reading otherwise. Can you back up this claim with sources?

          – Ave
          11 mins ago













          @Ave this is a very common misconception about the GDPR. But the EU cannot make extraterritorial laws, so Art 3 “Territorial Scope” limits the applicability to cases where the data controller is in the EU, or where the data controller offers services in the EU, or where the data controller observes behaviour of data subjects who are currently in the EU. But e.g. a EU citizen visiting the US is not protected by the GDPR.

          – amon
          8 mins ago






          @Ave this is a very common misconception about the GDPR. But the EU cannot make extraterritorial laws, so Art 3 “Territorial Scope” limits the applicability to cases where the data controller is in the EU, or where the data controller offers services in the EU, or where the data controller observes behaviour of data subjects who are currently in the EU. But e.g. a EU citizen visiting the US is not protected by the GDPR.

          – amon
          8 mins ago


















          draft saved

          draft discarded
















































          Thanks for contributing an answer to Law Stack Exchange!


          • Please be sure to answer the question. Provide details and share your research!

          But avoid


          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.

          To learn more, see our tips on writing great answers.




          draft saved


          draft discarded














          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2flaw.stackexchange.com%2fquestions%2f39322%2fdoes-gdpr-cover-the-collection-of-data-by-websites-that-crawl-the-web-and-resell%23new-answer', 'question_page');

          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          Popular posts from this blog

          Möglingen Índice Localización Historia Demografía Referencias Enlaces externos Menú de navegación48°53′18″N 9°07′45″E / 48.888333333333, 9.129166666666748°53′18″N 9°07′45″E / 48.888333333333, 9.1291666666667Sitio web oficial Mapa de Möglingen«Gemeinden in Deutschland nach Fläche, Bevölkerung und Postleitzahl am 30.09.2016»Möglingen

          Virtualbox - Configuration error: Querying “UUID” failed (VERR_CFGM_VALUE_NOT_FOUND)“VERR_SUPLIB_WORLD_WRITABLE” error when trying to installing OS in virtualboxVirtual Box Kernel errorFailed to open a seesion for the virtual machineFailed to open a session for the virtual machineUbuntu 14.04 LTS Virtualbox errorcan't use VM VirtualBoxusing virtualboxI can't run Linux-64 Bit on VirtualBoxUnable to insert the virtual optical disk (VBoxguestaddition) in virtual machine for ubuntu server in win 10VirtuaBox in Ubuntu 18.04 Issues with Win10.ISO Installation

          Torre de la Isleta Índice Véase también Referencias Bibliografía Enlaces externos Menú de navegación38°25′58″N 0°23′02″O / 38.43277778, -0.3838888938°25′58″N 0°23′02″O / 38.43277778, -0.38388889Torre de la Illeta de l’Horta o Torre Saleta. Base de datos de bienes inmuebles. Patrimonio Cultural. Secretaría de Estado de CulturaFicha BIC Torre de la Illeta de l’Horta. Dirección General de Patrimonio Cultural. Generalitat ValencianaLugares de interés. Ayuntamiento del CampelloTorre de la Isleta en CastillosNet.org